*This page is a checklist for you to use to secure your mobile device. Anything you check will be saved (for up to 1 year) the next time you visit this page on this same computer.

Here are some basic things in more detail that could be done to help secure your phone, but all can apply to nearly ALL your mobile devices as well:

Modern phones (2016 and newer) support full encryption and often come encrypted by default. If encryption is not enabled, enable it. You'll need to setup a password, long pin number, or complex pattern . Android | Apple

Make sure you have a lock screen password that locks your phone at least within 30 seconds of it sitting idle. 5 or 10 seconds may be much better however. Android | Apple

Make sure you set your phone to completely lock or wipe itself after 10 tries. This will help prevent everyone from accessing it's contents, even yourself, if 10 tries at the screen lock password fails.

• Not all phones support this policy, particularly some Android phones- If your Android phone does, you'll likely find it in the Options labeled 'Security' or in 'Lock Screen', under the option 'Local Wipe'. Otherwise you may need to find an app that enables this feature.
• Apple iOS devices can

Make sure your lock screen password is longer than 10 characters OR your screen pattern is hard to guess (covers all dots and maybe includes at least 4 diagonal swipes). As long as you think it will take over 10 tries, passing the local wipe policy minimum.

In addition to encrypting the device contents, make sure the device requires your password or your complex pattern to unlock the phone when it starts up. This way, most criminals may not be able to use the phone.

Make sure you update all your apps on your phone periodically through your app store, we'd recommend at least once a week. More specifically, when updates come out, you usually can't go wrong updating immediately. You can set your device's app store to automatically update apps very regularly.

Use Bluetooth more securely: Turn Bluetooth off when not in use. Set your Bluetooth device to hidden, invisible, or non-discoverable mode. Both of these will help stop most Bluetooth related hacking methods.

Here are some additional optional things you can do to further secure your mobile device(s):

Backup your phones contents periodically. Backup your phones contents: All smart phones have backup utilities built in. They allow you to backup everything to the internet (various "clouds" that either Google or your mobile provider has), to iTunes (for Iphones), to a usb drive device, or though a third-party app. If you lose your phone, you can then restore many things back to the way it was.

Install a remote wiping app. Remote wiping applications can be used when you know your phone is stolen and you want to wipe out the contents of the phone remotely, hopefully the thief can get into the phone and use it.

Install Firewall app. Firewall software can help spot and prevent rogue apps that have, for unknown reasons, installed themselves on your device from running. Apple devices do not have firewall apps.

Install an Anti-malware app. Anti-malware apps can scan other apps for signs of malware or other suspicious activity. Apple devices do not have firewall apps.

Save time & money in fixing and managing many small business cyber security issues with our step-by-step cyber security management software. Your business will be more resiliant to cyber attacks and your customers would take notice.

Comments and questions below are viewable and open to members only. Read More...

When a workplace or home evacuation happens, do you have a minimal plan for safekeeping your data? The emergencies that can cause an evacuation can be, but are not limited to:

• Fire
• Bomb threat
• Weather disaster
• Earthquakes
• Law enforcement called
• Broken water pipes

Sometimes an evacuation can be used to easily infiltrate a workplace because people panic and leave everything as is on the way out, leaving nearly all devices open to being stolen, bugged, or used in a malicious way.

During an evacuation, your data may be vulnerable to being lost in an accident, disaster, or even someone unauthorized walking in and stealing what they want. Here are some things to keep in mind in your emergency evacuation plans:

During an evacuation, you or your employees could:

• Eject and pull out data stored on USB drives or removable hard drives and bring them with you.
• Of course, lock your machines prior to leaving your office, any time you leave your office.
• If there are laptops everyone is working on, have everyone take them, and recollect them after you gather them back up outside of the business area.
• Have fire&water proof safe(s) open and available to store data-holding devices or laptops in case of an evacuation. If you have the keys available on them, close and lock them immediately after placing your data in them. The theory behind fire+water proof safes is that the safe will last about 30 minutes or so in fire and the water proof-ness is for when the firemen arrive within that 30 minutes to douse your place with jets of water.
• Have encrypted cloud backups of your data, or at least your vital data, done regularly (we have details on setting this up in a another assessment)
• If an emergency evacuation situation prevents a chance to save your data (like a fire near your safe or you get very limited time to exit a building collapsing), then don’t save your data! Save you and your employee’s lives and evacuate.

Basically, make sure that there is no easy way for any thief to access or take your stuff while you’re away, especially if you have to leave in a hurry. These guidelines can be part of your policies you write to follow during emergencies.

Save time & money in fixing and managing many small business cyber security issues with our step-by-step cyber security management software. Your business will be more resiliant to cyber attacks and your customers would take notice.

Comments and questions below are viewable and open to members only. Read More...

Updating is of vital importance in figuring out how to stop cyber attacks!

It’s important to update all your software on your computer aside from your Operating System software. Over the years, there definitely has been software vulnerabilities that hackers have taken advantage of from some of the most used software, including web browsers, web browser extensions, office productivity software, and more.

The cost of not updating the software that you use all the time could be an entry point for a malicious hacker or malware into your business and it’s accounts.

If updating sounds like an obvious thing to do, you’re right, but many do not do this. Some of the greatest malicious hacks are because of outdated software. Think Equifax… even though this large company has the resources and money to pay people to make sure that updates are done to their technical systems, a missed update caused the most massive and damaging security breach ever, affecting hundreds of millions, maybe even you.

Another one that may be more relate-able to small businesses was the incredible macOS root vulnerability that allowed almost anyone with physical access to a low-privileged Mac to freely create a super user to do anything they want, or more dangerously, possibly anyone to gain access to the Mac remotely (through the internet) and create that super user with no obvious indication to the owner of anything happening. Then there’s Krack and Blueborn. All these immensely serious vulnerabilities discovered can allow cyber criminals to gain access to your computers or networks remotely and can generally be stopped by simply updating your devices and software. And vulnerabilities are discovered everyday!

Make a list of all your most used programs that you use (like Office software, Accounting software, web browsers, etc.). And every week, make an effort to update these pieces of software, often done through the program’s “about” screen or a separate updater program that it comes with. Many times, these pieces of software might have automatic updating features- in this case, we recommend you to set them to automatically update when there is a new update available if not done already.

Automated updating:

We recommend that you automate the checking (and installing) of updates for all your software, to include your computer’s operating system too for some of the updaters. If you don’t automate, you may not be able to keep up with updating all the different pieces of software on your systems. Some pieces of software update all your software on the computer it’s run on, while others are more enterprise, automatically updating all other computers connected on a network all together.

• We like to use Updapy, a simple and free notification tool that is completely online with no software to download. You pick the software you have from a comprehensive list and it notifies and gives you a link to download the newest version of that software. No automated software updates however.

Automated updates- This is really how you stop cyber attacks! If you want to have this process automated for most, if not all, of the software you have on your computers, check out these vital tools:

• Ninite is a popular updater and can even push updates to all your other computers.
• Sumo is another popular updater with many awards
• Patch my PC
• For Mac OS X, consider Mac Update

Save time & money in fixing and managing many small business cyber security issues with our step-by-step cyber security management software. Your business will be more resiliant to cyber attacks and your customers would take notice.

Comments and questions below are viewable and open to members only. Read More...

The least privilege principle can certainly help in preventing a full blown cyber attack. Even just a minimal control like this can prevent the absolute worst from happening.

Your log-in to your computer allows you certain privileges on your computer. Your log-in credentials regulate what files you can open and what programs you can install or run. By default, a new computer usually has your first log-in as an administrator and unless you change it, it stays that way.

If a hacker has access or breaks into to your computer with administrator access, they can do anything to your computer systems, even your computer network. If they or their software breaks into your account in use and it’s not an administrator account (for example, you’re using a ‘standard’ user’s account), then they generally can’t do as much damage, if not very little to no damage.

Really, the only time you would want to log-in as an administrator would be to install new applications, programs, or even some new pieces of non-storage hardware.

Secure your Work & Home Computers Risk Assessment

Do not use a full fledged administrator account if you’re using your computer systems! Non-administrator accounts such as “standard user’s” won’t have full access to a system that an administrator account has, and thus some attacks may not work. An attacker or attackers method may run into software roadblocks that may not let them take full control of a machine.

Keep in mind however, this is not a silver-bullet substitute for other security controls that prevent cyber attacks! In fact, just using this alone as a single security prevention method is not good. Use the principle of “Defense in Depth” and have this security control along with many other free security controls that you can find on our website.

Are you using the least privilege principle?

Here’s how to find and change any accounts that are administrator accounts to something that has less privileges, like a ‘Standard User’:

• Microsoft Windows 10
• Microsoft Windows 8, 7
• Manage users on Macintosh OSX

Save time & money in fixing and managing many small business cyber security issues with our step-by-step cyber security management software. Your business will be more resiliant to cyber attacks and your customers would take notice.

Comments and questions below are viewable and open to members only. Read More...

Do you know how to find malicious files once they are on your computer?There is a simple “trick” you can do to find such files.

One way that malware proliferates on PC’s is by hiding file extensions. Most computer operating systems (Window’s and Macintosh) hide this by default. A file extension is usually a 3 or 4 character extension to a file-name that helps designate what program can open the file. For example, a file named “mydocument.docx” has the docx file extension. And Microsoft Office (Word) opens this type of file.

Not showing this extension while you’re browsing through your files can surely be an issue. What hackers do is try to get you to run a malicious program on your computer system. They do this by disguising the malicious program as another type of a file, such as an image or document file, by simply changing that file extension and the icon of the file. And if the file extension is hidden by default, then that is big trouble.

For example, if a malicious hacker somehow (through email, usb drive, other OS vulnerability, etc.) were to get you to download and open “dog.jpg”, you might never have known that it was actually called “dog.jpg.exe” because the real extension is hidden by default. And an “exe” file is actually a program, not just any file, that can damage your computer or take it over if it’s malware!

This applies to Window’s or Mac OS’s.

Secure Your Work & Home Computers Risk Assessment

We won’t spend too much time getting you instructions to setup this “trick”. Some file extensions that cyber attackers would be delighted if you ran on your computer are:

• .exe
• .bat
• .docm
• .xlsm
• .com
• .ps1
• .app

By no means is the list above comprehensive. They are just some common file extensions that run Windows or MacOS.

How do you find malicious files on your computer in the first place?

• Downloaded files through email
• Downloaded files through the internet, saved from your web browser
• Someone else using your computer(s) doing the above.

If you would like to show your file extensions, instead of us reinventing the wheel, check out these following guides:

• Microsoft Windows 10, 8, & 7
• Microsoft Windows 10, 8, & 7 again
• Macintosh OSX

Save time & money in fixing and managing many small business cyber security issues with our step-by-step cyber security management software. Your business will be more resiliant to cyber attacks and your customers would take notice.

Comments and questions below are viewable and open to members only. Read More...