Many people use auto-fill passwords for their convenience. What you might not know is that hackers and advertisers can use them to get access to websites and other applications and gather sensitive information. Learn more about the risks of using autocomplete passwords. Why auto-fill passwords are so dangerous Certain web browsers have integrated features that Learn More “Why autocomplete passwords are risky”
iOS 12, Apple’s latest mobile software offering, is finally available, and it promises to be better at keeping your data locked down. Here are some tweaks that you can make to boost iOS 12’s security and privacy settings. Set a stronger passcode iOS 12 now requires six-digit passcodes, and this means hackers will have a Learn More “Lock down iOS 12 devices with these features”
Advertisements and suggestions based on our internet browsing habits are sources of online tracking. However, autocomplete passwords are also another source of online tracking. This sneaky tactic comes with serious security risks. Here’s how you can stop it from targeting you. Why auto-fill passwords are so dangerous As of December 2018, there are 4.1 billion Learn More “Are autocomplete passwords safe?”
Employees are one of your biggest security holes. There is no foolproof prevention method for human error, which is why employee mistakes are one of the most common causes of a security breach. To reduce potential risks, we’ve suggested a few IT policies you should implement to protect your business.
In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.
Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.
We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.
Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.
We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call.
In May, security experts discovered one of the most widespread malware infections in history. Now, they’re warning businesses and consumers that it’s even worse than their first assessment. The VPNFilter malware poses a threat to small businesses and requires immediate attention from anyone who hasn’t taken action against it.
A team of security researchers from Cisco released a report that a strain of malware had been discovered on hundreds of thousands of routers and network devices. Originally, researchers believed it affected only Linksys, MikroTik, Netgear, and TP-Link devices.
Like many malware strains, VPNFilter infects devices that use default login credentials. But it’s worse than the average cyberattack because it can destroy router hardware and cannot be removed by resetting infected devices.
As if destroying 500,000 routers wasn’t bad enough, VPNFilter lets its creators spy on networks and intercept passwords, usernames, and financial information.
Just two weeks after VPNFilter was discovered, security experts announced that it targets 200,000 additional routers manufactured by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. Worse yet, VPNFilter can alter data passing through infected routers. That means when you enter a username and password into a banking website, hackers could steal that information and show you an incorrect account balance to hide fraudulent deductions.
How to stop VPNFilter
Rebooting a router won’t remove the malware, you need to factory-reset the device. Usually, all this requires is holding down the Reset button on the back of the device for 10-30 seconds. If your router has no reset button or you’re unsure whether pressing it did the trick, contact a local IT provider immediately.
Cybersecurity threats have become so prevalent that even large enterprises struggle to keep their digital assets safe. Outsourcing IT support to a managed services provider like us will give you enough capacity to deal with issues like VPNFilter as soon as they arise. Call us today to learn more.
There are a number of reasons you should be wary of saving your password to a digital platform. Just look at Yahoo’s data breach in 2013, which leaked passwords for three billion people. Even when your password isn’t compromised, saving it to a browser could have serious implications for your privacy.
Why auto-fill passwords are so dangerous
In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.
Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.
The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.
Using auto-fill to track users
Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.
Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.
One simple security tip for today
Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.
- If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
- If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
- If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.
This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.