alt tag

Posts from November, 2016


Hack of 500 Million Yahoo Accounts Reminds Industry to Increase Security Measures

Wednesday, November 23rd, 2016

password-397652_640

In September 2016, half a billion Yahoo account users received the bad news that their names, email addresses, phone numbers, and security questions were potentially stolen in a 2014 hack.

According to CNET, the Yahoo hack is the largest data breach in history.

In the wake of a major hack like this one, the only silver lining is a powerful reminder for businesses to review their IT security practices. In the case of the Yahoo breach, hackers can use the stolen information to compromise other employee accounts and further extend the reach of the hack. Here’s how they do it, and what you can do to stop them.

The “Forgot My Password” Reverse Hack Trick

Hackers can steal information from many accounts with the information taken from a single account. If you’ve set your Yahoo email address as your “forgot my password” account for other services, a hacker can use a password reset and reminder commands to compromise even more important accounts. Hackers can use stolen security question answers here to obtain other account credentials as well.

The “Same Password, Different Account” Hack

Memorizing a different password for each account is pretty much impossible for the average person. Most people end up using the same password for many accounts. For example, if you own the email addresses “myemail@yahoo.com” and “myemail@gmail.com” and use the same password for both, it’s likely that a hacker who stole your Yahoo password and security questions will try them on the account with the same name on Gmail.

Password Theft Prevention Strategies

Security breach prevention starts with a strategic security plan and a series of best practices:

Account-Specific Logins and Passwords. One way to prevent a hacker from using your stolen username and password on another account is to create site-specific login and password credentials. This is easily accomplished by memory by adding a site-specific prefix or suffix for each account. For example, your Yahoo and Gmail credentials may be “myemailYHOO/YHOOP@ssw0rd” and “GOOGLmyemail/P@ssw0rdGOOGL” respectively. Alternatively, password managers are an easy way to manage login credentials across accounts and generate random passwords.

Secure the Fallback Account. We’ve previously discussed the security benefits of “two-step verification” as an effective way to keep hackers out of your accounts even if they manage to steal your password or security question answers. Make sure all of your accounts that feature a “forgot my password” function lead back to a “two-step” secured email address.

Update Passwords Frequently. Typically, hackers use your stolen information immediately to access your accounts and steal your information. That’s why frequent password changes are often considered a waste of time. However, the Yahoo hack bucks this trend as the information being released in late 2016 came from 2014.

IT security and password protection are an essential part of doing business in the modern digital world. Contact us today for IT consulting advice for better security practices and managed services assistance to help keep your business’s confidential information safe.

The Benefits of Backups

Wednesday, November 16th, 2016

data-key-571156_640

Even seasoned IT pros have made the mistake of not backing up a device—and panicked after losing countless important files because the device failed. We may know better, yes, but that doesn’t mean we’re perfect.

On the flip side, we’ve all breathed a sigh of relief when a recent backup of our computer or smartphone rescued valuable files after a crash. With employees at businesses large and small using more devices than ever, vulnerability is just as high as the stakes.

It’s never too late (or too early) to implement a reliable backup system—so what are you waiting for?

How Often?

This is a question we hear a lot when it comes to backups. The answer, as ambiguous as it sounds, is “right now.” In an ideal world, your business would configure its employee devices to back up on a daily or weekly basis; but, of course, the more often your business can back up data, the better. And while it’s common for smartphones to Cloud-sync whenever they’re connected to Wi-Fi, it’s worth checking your settings right away.

Minimize Data Loss

Regular data backups are an excellent tool for disaster recovery. In the event that a computer’s hard drive is not recoverable, the ability to restore the machine based on a recent backup significantly decreases the amount of data lost in the process. For example, if the hard drive fails on Tuesday morning and the last backup was on Friday afternoon, the employee will lose at most a day’s worth of work from the incident.

Decrease Recovery Downtime

Backups get your employees back to work faster after a disaster. For obvious reasons, it’s easier to recover a computer to a backup point than to start from scratch, and for some problems, restoration can be even more efficient than repairs.

Removing an infection, decrypting data, and recovering a computer that’s been infected with ransomware, for instance, can take days. But if the computer has undergone a recent backup, restoration may take mere hours.

Old File Version Recovery

Every so often an office has to deal with an employee accidentally making a change to a shared file that can’t be fixed. Regular backups are like freezing a moment in time for your business where you can always go back and recover what was lost.

Embrace the Cloud

Take advantage of Cloud storage solutions for a range of benefits—especially business continuity. With the Cloud, employees can, in many cases, share and access their work from any device. If an employee is on a business trip and needs to update or reference a file stored on their office desktop computer, they can access the information through the Cloud platform.

If your business is looking to improve its data backup practices for a more reliable digital ecosystem, contact the experts at MPA Networks today. MPA’s IT Managed Services offerings can help your company implement a backup system that minimizes downtime and protects your data for both peace of mind and pace of business.

A Primer on Common, Helpful Device Adapters

Friday, November 11th, 2016

iphone-1680359_640

In September 2016, Apple announced that the iPhone 7 will not feature a 3.5mm jack—meaning anyone who wants to use standard headphones (or the credit-card scanning Square Reader) will need an adapter.

Only time will tell if removing the century-old socket ends up being a step forward or a huge inconvenience. What we do know is that adapters have a long history of facilitating changing connectivity standards and fostering compatibility between devices.

A working knowledge of the kinds of adapters available in the market can help increase your business’s productivity, not to mention help you and your employees bounce back from disaster recovery situations.

Hypothetical Scenarios

Adapters can save your business substantial time and inconvenience in a pinch. For example, if an employee’s laptop screen stops working, they have the option of connecting the laptop to an external monitor. However, there’s a high probability that the two machines do not share a common connection standard: The monitor may support HDMI and DVI, but the laptop only exports over VGA or DisplayPort. Having the right adapter on hand can get your team back up and running in no time.

Alternatively, if a desktop computer’s Wi-Fi card stops functioning, you can try hooking up an external USB wireless adapter to the device. Problem solved! No matter what the connectivity challenge, adapters can usually come to the rescue.

Here’s a rundown on useful peripheral, display, and network adapters you may want to store in the office:

Peripheral Connectors

  • USB-to-SD: These adapters plug into a USB port and add full-size SD Card compatibility to computers and many smartphones.
  • USB-to-Bluetooth: While Bluetooth connectivity is assured on smartphones, it isn’t on computers. Computers can add compatibility with devices like Bluetooth earphones, headphones, mice, and keyboards via this adapter.
  • Thunderbolt-to-USB/Firewire: This adapter allows a new Mac to work with older USB and Firewire devices like external hard drives and digital cameras.
  • Lightning/USB to 3.5mm: These adapters are available for both phones and computers to maintain compatibility with peripherals like headphones, microphones, and credit card readers.

Display Connectors

  • DVI-to-VGA: These adapters allow computers to connect to monitors and TVs that use the older VGA standard. These can be very helpful when connecting a laptop to a larger screen in the office presentation room. VGA-to-DVI adapters exist as well, but can be expensive.
  • HDMI-to-DVI: These adapters allow computers and monitors with only one type of port to work with each other. Note that HDMI audio will not work over DVI.
  • DisplayPort-to-HDMI/DVI: These adapters allow DisplayPort-equipped computers to work with the more commonly supported HDMI and DVI standards on monitors.

Network Adapters

  • USB-to-/Wi-Fi: These adapters are helpful for adding wireless support to desktop computers without needing to open and install a Wi-Fi card adapter. They’re also helpful for upgrading laptops that use an older wireless standard to a newer one, and can replace broken internal adapters.

Like adapters, managed service providers excel at keeping your business going nonstop and helping to ease technical transitions. Contact MPA Networks today if your business is looking to improve its disaster recovery practices.

Massive IoT DDoS Attack Causes Widespread Internet Outages. Are Your Devices Secured?

Tuesday, November 1st, 2016

finger-769300_640

As you probably know already, the United States experienced its largest Internet blackout in history on October 21, 2016, when Dyn—a service that handles website domain name routing—got hit with a massive distributed denial of service (DDoS) attack from compromised Internet of Things (IoT) devices. The day will be known forevermore as the day your home IP camera kept you from watching Netflix.

The writing has been on the wall for a while now when it comes to IoT security: We’ve previously discussed how IoT devices can be used to watch consumers and break into business networks.

This specific outage is an example of how the tech industry is ignoring security mistakes of the past and failing to take a proactive approach in protecting IoT networks.

The Outage

The October outage included three separate attacks on the Dyn DNS provider, making it impossible for users in the eastern half of the U.S. to access sites including Twitter, Spotify, and Wired. This attack was different from typical DDoS attacks, which utilize malware-compromised computers to overwhelm servers with requests to knock them offline. Instead, it used malware call Mirai that took advantage of IoT devices. These compromised devices then continually requested information from the Dyn servers en masse until the server ran out of power to answer all requests, thus bringing down each site in turn.

This outage did not take down the servers hosting the platforms, but rather the metaphorical doorway necessary to access those sites.

Ongoing Security Concerns

According to ZDNet, the IoT industry is, at the moment, more concerned with putting devices on the market to beat competition than it is with making devices secure. IoT devices are notably easy to hack because of poor port management and weak password protection. IoT devices are also known for not encrypting communication data. October’s attack wasn’t even the first of its kind: A 145,000-device IoT botnet was behind a hospital DDoS attack just one month prior.

What You Can Do

MacWorld recommends changing the default security configuration settings on all IoT devices and running those devices on a secondary network. The Mirai malware works simply by blasting through default username and password credentials—so users could have protected themselves by swapping the default “admin/admin” and “password/password” settings. There are also IoT security hub devices available to compensate for IoT security shortcomings.

IoT devices can offer fantastic perks for your office, but the security concerns are too important to ignore. If you’re interested in improving network security pertaining to IoT devices or looking for advice on which IoT devices would benefit your workplace, don’t hesitate to contact MPA Networks today.