Blog

September 9th, 2014

Office365_Sep08_BMicrosoft's Office 365 is one of the most popular cloud-based solutions for businesses and has seen continued growth since its release over three years ago. As with most new Microsoft solutions, there are near constant updates introduced that aim to improve the platform. One of the latest changes announced is the ability to customize the theme of Office 365.

Coming soon to Office 365 (if not already): Themes

In early September, Microsoft announced that in the following weeks the company would be rolling out a couple of new options that will allow businesses to personalize the look of Office 365. In fact, there are not one, but two new personalization options available for Office 365 users with business subscriptions.

Option 1: Company-wide custom themes

The idea of establishing company brand is not a new concept to business owners, who realize that one of the factors to success is creating positive brand recognition amongst stakeholders, including employees. One of the best ways to achieve this is to include identifiable visuals and colors repeated in as many places as possible. Almost every company has colors that they use as part of their corporate image and brand identity.

To help cement your brand with your employees, you can now customize the theme of Office 365 so that the theme is applied to all users in your organization. When it comes to customizing your theme Microsoft has noted that you will be able to:

  • Pick the color scheme, which includes a base color and text/icon colors. Set the base as blue for example, and the menu bar across the top will be that color. Set the text as yellow and all icons/text in the menu bar will also be yellow.
  • Set the color of the Office 365 logo. You can pick up to three colors for the Office 365 logo.
  • Upload a custom logo. You can upload your company logo and have it applied to the top-left of all Office 365 menu bars.
  • Make the logo a clickable link. Once you set a logo, you can also make it clickable by adding a custom URL. When a user clicks the logo, they will be taken to the predefined URL.
If you would like to apply your company's brand to Office 365, and have it automatically applied to all users in the company, you will need to be the admin, or to log in as an administrator. Once you are logged on, click on Admin from the main Office 365 screen. Then, click on your company's hyperlink located at the top-right of the Admin screen (right below the menu bar) and select Custom theming.

In the screen that opens, you will be able to set your desired theme, and when you are finished simply hit Save and the theme should be applied.

Option 2: Personalized themes

While company users can set a theme related to their brand, individual users in the organization can also select their own theme from a list of 22 provided by Microsoft. Each theme changes:
  1. The top navigation bar color scheme
  2. Menu colors
  3. Background
  4. Office 365 logo colors
You can change the theme of Office 365 by logging into your account, pressing the Settings cog at the top-right of the screen and clicking Change theme. Once you have selected a theme you like, press Save and it should be applied immediately.

If you are looking to learn more about Office 365 and how you can get the most out of it, contact us today for a chat.

Published with permission from TechAdvisory.org. Source.

September 9th, 2014

GoogleApps_Sep08_BIf you have accessed Google Drive in the past few weeks you may have noticed a new message from Google about an upcoming change to the apps connected to Drive - namely Docs, Sheets, and Slides. The TL;DR (Too Long; Didn't Read) synopsis of this change is that each of these apps will soon be getting their own sites.

About the recent change to Drive

In order to make users' lives easier, Google has decided to kind of spin off their productivity apps. What do we mean by this? Well, the company has announced that they are launching individual sites for Docs, Sheets, and Slides. Now, instead of going to Drive to open or create a new Doc, you can do so by going to the Docs site.

Each of the three major productivity apps - Docs, Sheets and Slides - now has their own site, and can be accessed here:

This isn't a full spin off because your files created and edited using the individual app sites are still stored on Drive. The idea here is that this separation is supposed to make it easier for users to interact with each different productivity apps and related files.

When will this shift happen?

Google has started to alert Drive users to the impending switch and has indicated that Docs will be the first to move over to the new system. That being said, you can actually access the three different apps now, or you can still use Drive to create your files for the time being, just be prepared for a shift in the near future.

Getting around the new sites

Each of the three new sites has pretty much the same layout, with the following elements being the most useful:
  • Plus button at the bottom-right: Pressing this will open a new Docs, Sheets or Slides file.
  • Three horizontal bars at the top-left: Will slide a menu in from the left with the options to open either the Docs, Sheets, or Slides sites, along with Settings and Drive.
  • File sorting icons at the top-right: The four horizontal lines button will switch files in between either List or Grid view. The button with A to Z is for sorting options which will allow you to configure how related files are sorted.
  • Folder icon at the top-right: Clicking this will open the File picker which will allow you to quickly navigate to different folders on your Drive, and also upload other files such as Microsoft Office documents or PDFs.
If you are a heavy user of one of the Google Drive apps, then these sites will likely be a welcome addition. The same can be said for those who use the mobile apps which were released earlier this year.

Looking to learn more about Google's systems? Get in touch and make a positive tech change today.

Published with permission from TechAdvisory.org. Source.

September 4th, 2014

Security_Sep02_BEveryone today seems to be constantly relying on their smartphones to help complete daily tasks which has resulted in the need to recharge subsequently increasing. And when you’re far from your charger, public charging kiosks can seem like a good substitute. However, this can lead to juice jacking of your smartphone. If this is news to you then let’s find out what juice jacking is and how you can avoid it.

What’s juice jacking?

Regardless of the kind of smartphone you have, whether it’s an Android, iPhone or BlackBerry, there is one common feature across all phones: the power supply and the data stream pass over the same cable. This setup allows for juice jacking during the charging process whereby user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.

The attack can be as simple as an invasion of privacy, wherein your phone pairs with a computer concealed within the charging kiosk and information such as private photos and contact information are transferred to a malicious device. However, on the other hand, it can also be as invasive as an injection of malicious code directly into your phone. According to security researchers at this year’s Black Hat security conference, your iPhone can be compromised within one minute of being plugged into a harmful charger.

Exposure to a malicious kiosk can also create a lingering security problem even without the immediate injection of malicious code. Once a device is paired to a computer, it can access a host of personal information on the device, including your address book, notes, photos, music, sms database, typing cache, and even initiate a full backup of your phone, all of which can be accessed wirelessly at anytime.

How do I avoid it?

The most effective precautions center around simply not charging your phone using a third-party system. Here are some tips to help you avoid using public kiosk charger:
  • Keep your devices topped off: Make it a habit to charge your phone at your home and office when you’re not actively using it or are just sitting at your desk working.
  • Carry a personal charger: Chargers have become very small and portable, from USB cables to power banks. Get one and throw it in your bag so you can charge your phone anytime you’re at the office or while on-the-go if you use a power bank.
  • Carry a backup battery: If you’re not keen on bringing a spare charger or power bank, you can opt to carry a full spare battery if your device has a removable battery.
  • Lock your phone: When your phone is truly locked as in inaccessible without the input of a pin or equivalent passcode, your phone should not be able to be paired with the device it’s connected to.
  • Power the phone down: This technique only works on phones on a model-by-model basis as some phones will, despite being powered down, still power on the entire USB circuit and allow access to the flash storage in the device.
  • Use power only USB cables: These cables are missing the two wires necessary for data transmission and have only the two wires for power transmission remaining. They will charge your device, but data transfer is made impossible.
Even the tiniest detail like charging your phone from a kiosk charger could affect the security of your device. While there are many substitutes to using a third-party system, ultimately the best defense against a compromised mobile device is awareness. Looking to learn more about today’s security and threats? Contact us today and see how we can help.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 3rd, 2014

BCP_Sep02_BBusiness operators know that when it comes to business continuity, everything is about time. It doesn’t matter if you can recover your business activities if this isn’t achieved in reasonable time. But what is considered “reasonable”? This is what the business impact analysis (BIA) determines. The BIA aims to find out what the recovery time objective is for each critical activity within an organization. With that in mind, let’s take a look at five tips for reliable business impact analysis.

Five tips for successful business impact analysis:

  1. Treat it as a (mini) project: Define the person responsible for BIA implementation and their authority. You should also define the scope, objective, and time frame in which it should be implemented.
  2. Prepare a good questionnaire: A well structured questionnaire will save you a lot of time and will lead to more accurate results. For example: BS (British standard) 25999-1 and BS 2599902 standards will provide you with a fairly good idea about what your questionnaire should contain. Identifying impacts resulting from disruptions, determining how these vary over time, and identifying resources needed for recovery are often covered in this. It’s also good practice to use both qualitative and quantitative questions to identify impacts.
  3. Define clear criteria: If you’re planning for interviewees to answer questions by assigning values, for instance from one to five, be sure to explain exactly what each of the five marks mean. It’s not uncommon that the same event is evaluated as catastrophic by lower-level employees while top management personnel assess the same event as having a more moderate impact.
  4. Collect data through human interaction: The best way to collect data is when someone skilled in business continuity performs an interview with those responsible for critical activity. This way lots of unresolved questions are cleared up and well-balanced answers are achieved. If interviews are not feasible, do at least one workshop where all participants can ask everything that is concerning them. Avoid the shortcut of simply sending out questionnaires.
  5. Determine the recovery time objectives only after you have identified all the interdependencies: For example, through the questionnaire you might conclude that for critical activity A the maximum tolerable period of disruption is two days; however, the maximum tolerable period of disruption for critical activity B is one day and it cannot recover without the help of critical activity A. This means that the recovery time objective for A will be one day instead of two days.
More often than not, the results of BIA are unexpected and the recovery time objective is longer than it was initially thought. Still, it’s the most effective way to get you thinking and preparing for the issues that could strike your business. When you are carrying out BIA make sure you put in the effort and hours to do it right. Looking to learn more about business continuity? Contact us today.
Published with permission from TechAdvisory.org. Source.

September 2nd, 2014

GoogleApps_Sep02_BGoogle Drive offers users a wealth of features that many businesses have been eager to capitalize on. This cloud-storage and collaboration service is employed by businesses around the world. However, many of us often struggle with keeping our files and folders organized, and thereby finding them when we need to. While there is a search bar, this is sometimes not enough when searching for files. But, did you know that there are search operators you can use to easily find your files? Here are four.

Searching for files on Drive

Before we look into the different search operators you can use to find files on Drive, we should clarify that these operators are to employ in the search bar, which is located at the top of the Drive page. If you want to search for a file this works in the same way as the Google Search bar on google.com, only this bar focuses on Drive files, and anything related to Drive.

To use the operators listed below, simply click on the bar that says Search Drive and enter the operator along with the search term, or name of the file/item/keyword you are looking for. For best results you should put the operator before the keyword, however Google also allows users to insert it after the keyword.

1. title:

Sometimes when you are looking for a document, you want to search for the title only, but because of the way Drive's search works, if you enter a keyword it will search for all files that contain that particular word. This means that if you are looking for a document based on its title, you will also see results for documents that contain that keyword too. By using the title: operator you can filter results so that only documents that contain the keyword in the title are displayed.

For example, if you are looking for a document that you know has the words "TPS report" in the title, you would enter: title: "tps report". If you are looking for a title but know only a few keywords that aren't next to each other, you can enter the keywords with quotations around each of the keywords. This will tell Drive to search for files that contain each of the separate keywords in the title.

2. type:

Chances are that with Drive you have created and stored more than just one type of file. Many of us use it to store multiple file types, which can make finding the file you are looking for more challenging.

If you know the type of document you are searching for, enter the operator type: followed by the file type (spreadsheet, document, pdf, presentation, drawing, image, and video) and then add keywords to direct Drive to only display these filtered, related results.

So, if you are looking for a presentation with the keywords "sales team" then you would enter: type:presentation "sales team". Be sure that when you are looking for a file type, there is no space between the operator and the type of file you are searching for.

3. owner:

Drive is highly collaborative and files that you have access to may not be stored on My Drive, or even owned by you. If you are looking for files that you know are owned by other team members try using the owner: operator.

When using this, Drive will present files owned by the email address that you enter beside the operator, and which have been shared with you. If you are looking for a file that is shared with you/on your Drive that is owned by sally@company.com, then you would enter: owner:sally@company.com. You can add keywords before or after the operator (as long as they are separated by a space) to filter results down even further.

4. is:starred

One of the more useful Drive features for users who deal with a large number of files is the ability to star important ones. By simply clicking on Starred on the left-hand horizontal menu bar, you can view all of your starred files. The issue many run across however is that that list does grow over time, making it less useful in finding important files - which kind of defeats the purpose of the feature in the first place.

If this has happened to you, then you can easily search for starred files by entering: is:starred along with keywords in the search field. This will tell Drive to only search for files that contain the keywords and are starred.

These are just a few of the more useful search operators available to Drive users. Do you have one you can't live without? Let us know! And, if you have any questions about Drive for your office, please contact us.

Published with permission from TechAdvisory.org. Source.

August 27th, 2014

socialmedia_Aug26_BMany businesses rely on visuals to sell their products. From bakeries to hotels, an attractive product will bring in the customers and ultimately profits. This is why social media services like Instagram have become so popular. Business owners are increasingly wanting to find out how they too can create high quality images on the mobile platform.

The truth behind some of Instagram's best images

Those awesome Instagram photos we see aren't always taken using mobile phones. Instead, many users use digital cameras which offer much better image quality. You can capture some amazing shots with a higher end DSLR cameras with multiple lenses.

If you have one of these cameras and are looking to create high-quality images for Instagram, or any other social media site, you may be slightly confused as to how to get the images onto the platform - especially since many of us use this via the mobile app. To make uploading a little easier, here is a brief guide detailing how to get images from your digital camera onto Instagram.

1. Transfer and process images

Once you have taken photos with your camera, you will need to get them off of your camera's memory and onto your computer's hard drive. Most camera's have apps that allow you to do this, so be sure to follow the instructions in the app that came with it.

When your images have been transferred to your computer, you are likely going to want to process them a little bit. This is especially true if you have a DSLR or other high-end point-and-shoot which takes RAW images. These can be quite large and are not compatible with Instagram.

Most images taken with a camera are quite large in size, so you are going to need to use an image editing program like Adobe Photoshop, or free tools like Pixlr to process them. What you are looking to do is to crop your images so that they are square.

If you are used to the advanced photo editing features, then do your edits before cropping. When you crop your images you should crop or resize them so that they are 640X640 pixels. This is the size of all images taken using Instagram's camera app.

Also, be sure to save the images as JPEGs, as this is the image format used by most smartphone cameras.

2. Save processed images in their own folder

It helps to create a folder somewhere on your hard drive (we recommend in the same folder where you save all of your other folders) that is specifically for images you want to post on Instagram.

When you have processed and edited the images to your liking, save the images here. Try using an easy to use file name like the date and a letter or note so you can easily tell which images are which, so you know which to use.

3. Move the images to your device

You can move images using the cloud or by manually transferring the images to your phone. If you decide to manually transfer your files, you will need to plug your device into your computer.

For users with iPhones, you can open iTunes and click on your device followed by Photos. Then select the box beside Sync photos from. Select the file you created in the step above and then Sync to transfer the images over.

For users with Android devices, plug your phone into the computer and drag the folder you created in the step above into the Photos folder of your Android device.

For Windows Phone users, plug your device into your computer and open My Computer on your desktop. You should see your device listed in the window that opens. Open the file system for your device and drag the image files you created above into the Photos folder of your phone.

If you choose to use the cloud to transfer your files, use the operating system's cloud (e.g., iCloud, Google Drive, or OneDrive) to upload the files. Just be sure to use the same account as the one on your phone.

4. Add images to Instagram

Once the photos are either on your device, or in the cloud, you can now upload them to Instagram. This can be done by:
  1. Opening the app and tapping on the camera icon.
  2. Tapping on the button in the bottom left of the screen.
  3. Selecting where the image is located on your device. E.g., the Gallery app if you placed the photos in your phone's hard drive, or the cloud service you used.
  4. Editing them as you see fit.
Once this is complete, you should be able to post your images as you usually do with any other Instagram image on your phone. Take the time to add filters, and hashtags as well as a good description before you post.

If you would like to learn more about using Instagram to share your images then get in touch and we will show you the advantages of the bigger picture.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
August 27th, 2014

office365_Aug26_BThere is a good chance that as a business owner or manager you spend a good deal of your time editing or compiling documents, especially Microsoft Word documents. While the popularity of Word is undisputed, users occasionally come across overtype when editing and are unsure how to enable or disable it. If you edit in Word, it can help to be aware of this feature.

Word's two editing styles

Every version of Word used in businesses these days has the same two editing styles or modes:
  1. Insert mode: This is the default editing mode where words are inserted where the blinking cursor is placed. All text that comes to the right of the cursor will be moved to the right with newly typed text coming before it.
  2. Overtype mode: This mode replaces text to the right of the blinking cursor. So when you type new text any existing text to the immediate right will be replaced with the new letters.
While the vast majority of users prefer to use insert mode, overtype mode can be useful when editing documents and replacing words, or rewording paragraphs and keeping track of what needs to be rewritten.

Turning overtype on and off

On some older versions of Word, and on some computers, overtype mode is already enabled, and simply hitting Insert on the numberpad of your keyboard will turn it on. You will know overtype is active by looking at the status bar at the bottom of your document. The words OVR should be visible in bold letters.

If you don't see a status bar, try clicking on File > Preferences > View. Once in the View window, scroll down to the Windows section and tick Status Bar. Finally, press Ok and the bar should pop up at the bottom of the window.

Managing overtype

If you find that overtype cannot be activated, or have received a document where it is already activated and can't figure out how to turn it off, you can manage overtype by:
  1. Right clicking on the status bar at the bottom of the document.
  2. Clicking on Overtype to add it to the status bar.
  3. Clicking on OVR in the status bar to turn it on or off.
You can also activate or deactivate overtype by:
  1. Clicking on File followed by Options.
  2. Selecting Advanced.
  3. Scrolling down to Editing options.
  4. Ticking or unticking Use overtype mode.
If you untick Use overtype mode you will disable the feature, meaning you won't be able to hit Insert to switch between the two editing modes.

Looking to learn more about using Word in your office? Contact us today as we specialize in this area and have great tips, advice and solutions for you.

Published with permission from TechAdvisory.org. Source.

August 26th, 2014

VoIP_Aug18_BVoice over Internet Protocol, or VoIP, has become one of the most popular communication methods used by businesses of all sizes. While there are many benefits VoIP can offer, including decreased costs, increased functions, and more, some businesses considering switching to VoIP should be aware of some potential problems that may run into.

1. Faxing can be tough with VoIP

Fax machines were designed on an analog system and therefore may have trouble working with a digital system like VoIP. This is especially true for businesses who are using older fax machines. We aren't saying faxing is impossible, but you likely will not be able to simply plug your fax machine into a VoIP line and start sending/receiving faxes.

What you will most likely need is to install a few extra components such as an adapter that supports T38 protocols. The T38 protocol was developed specifically to change analog fax signals into a digital that can then be sent via VoIP.

Therefore, if you use fax machines in your office, you should be sure to ask potential providers if their systems support faxing, and if your machines will be supported, or if there are any extra components needed.

2. Credit and debit terminals may not be compatible

Many business owners who look to move to VoIP systems often forget to also look at how their payment systems work. If you are using older credit or debit terminals on a landline they may actually be dial-up based, which means they will not work with VoIP. While most businesses already use newer models that support ethernet connections, and therefore VoIP, some are still using older systems. If this is the case, then you will need to contact your terminal provider for an upgrade, or new IP-terminals.

3. Older alarm systems may not work

Businesses with physical storefronts likely have alarm systems in place. The problem with this is that many older systems rely on traditional phone lines in order to signal emergency services should the alarm go off. If you are planning to upgrade to VoIP, you should make sure that the alarm system you have is compatible, or can be connected to VoIP.

If this is not the case, you may need to upgrade to a more modern alarm system. We strongly recommend checking with both the alarm provider and your VoIP provider if your alarm systems will still work.

4. VoIP requires broadband connections

We have seen cases before where businesses have invested in a VoIP system only to find out they don't have a broadband connection that is strong enough to support VoIP effectively. In order for VoIP systems to function, you need to have a broadband connection with a fairly strong amount of bandwidth. This is especially important for businesses in rural areas where broadband speeds can be limited based on distance.

It can be tough to figure out if your broadband connection will support VoIP, but you can test the connection before you agree to purchase it. Asking a potential provider for help testing your line would be a good idea. Should your connection prove to be too slow, then you will need to contact your Internet Service Provider in order to upgrade your speed.

5. VoIP needs to be managed

Like every other tech system, you will need to manage your VoIP solution. This includes adding new lines, upgrading equipment, ensuring systems are compatible, etc. For many business owners this will require extra time they don't necessarily have. One of the best solutions we can recommend is a managed VoIP solution.

We offer VoIP solutions, so if you are looking to learn more about VoIP in your business, and would like to avoid the common mistakes made by others, contact us today to learn more about how our expertise can help.

Published with permission from TechAdvisory.org. Source.

Topic VoIP General
August 26th, 2014

googleapps_Aug25_CDid you know that until recently, Google has only supported email addresses that use specific characters and numbers? While this is fine for many users, some do business with users who have email addresses outside of the older supported characters. Google has recently announced a change to the characters they support. While this is a good move, this change could pose a security risk.

Google's recent character announcement

Until early August, any user who emails from a Gmail account had to use latin characters and numbers e.g., A-Z, and 1-9. While this fits for some users, there are a great number who have names and email addresses that use characters not in the standard English alphabet like 'É' or 'à'. In an effort to make things easier for a greater number of Google users, the company recently expanded support for different characters.

This means that Gmail will now understand addresses that use different scripts from the standard basic Latin alphabet (letters A to Z and numbers 0 to 9). According to Google, "This means Gmail users can send emails to, and receive emails from, people who have these characters in their email addresses."

Some of the scripts now supported include Katakana, Hong Kong (traditional Chinese), accented Latin characters, etc. While users with email addresses can send Gmail users emails, and vice versa, they are currently not supported by Google's account names. In other words, users who want to sign up for a Gmail account still need to use the basic Latin alphabet.

Why is this a potential security risk?

At first glance, this may not seem like the biggest security risk. Especially because many businesses have email addresses that use the basic Latin alphabet. But there is a security threat here, especially when you start to look at the characters used in other languages. Take for example the greek letter for lowercase omicron (ο) which looks a lot like our o.

When we write these letters on paper, they look the same to us, and there is no real harm. But when they are online, computers will read them as different. This is because of what is called Unicode. Unicode is a universal standard that dictates the difference between characters.

To us, the lowercase omicron and our letter 'o' look the same. But to computers, lowercase omicron is represented by the unicode: U+03BF, while the letter 'o' is represented by the unicode: U+006F.

Smart hackers will likely quickly figure out that they can replace basic Latin characters with others, and generate email addresses that take advantage of this. For example, you could see an email come into your Inbox from facebook.com, where one of the characters is actually an omicron. To us, there is no visual difference, but to the computer, the addresses are completely different. The email could have links to malware or tracking software that could lead to a breach in security.

Is anything being done to stop these characters from being exploited?

According to a post on the Google blog, the tech giant realizes this could be a potential security issue. "The Unicode community has identified suspicious combinations of letters that could be misleading, and Gmail will now begin rejecting emails with such combinations. We're using an open standard—the Unicode Consortium's “Highly Restricted” designation—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused."

According to the Consortium, when applied to Gmail addresses, Highly Restrictive requires that characters must be from a single script, or from the combinations:

  • Latin + Han + Hiragana + Katakana,
  • Latin + Han + Bopomofo,
  • Latin + Han + Hangul
In other words, the overall security and legitimacy of addresses and sites that use other characters should be ensured..

What can we do?

To take it one step further, we also recommend that if you use Gmail, you look carefully at all email addresses. We can often spot the difference between letters and similar symbols used by other languages. If an address looks suspicious, it is a good idea to simply ignore or delete the email.

As with most other security measures, if you receive an email from large companies or institutions, such as banks, with what looks like a legitimate email address, always read the content closely. Almost every business and institution will never ask for you to provide passwords or login information in an email.

Essentially, ensure to be vigilant with email addresses, and if you have any further questions or concerns, contact us today to for our support solutions.

Published with permission from TechAdvisory.org. Source.

August 25th, 2014

Security_Aug18_BThe idea of Internet security is almost always being called into question. It seems like nearly every month there is a security breach where important information like usernames and passwords are stolen. The trend appears to be increasing, with an ever expanding number of accounts being hacked. In early August, news broke of possibly the biggest breach to date.

The latest big-scale breach

In early August, it emerged that a Russian hacker ring had amassed what is believed to be the biggest known collection of stolen account credentials. The numbers include around 1.2 billion username and password combinations, and over 500 million email addresses.

According to Hold Security, the company that uncovered these records, the information comes from around 420,000 sites. What is particularly interesting about this particular attack is that such a wide variety of sites were targeted when compared this with other attacks which tend to either attack large brand names or smaller related sites.

How did this happen?

Despite what many believe, this was not a one-time mass attack; all sites that were compromised were not attacked at the same time. Instead, the hacker ring - called the Cyber Vor - was likely working on amassing this data over months or longer. How they were able to amass this much information is through what's called a botnet.

Botnets are a group of computers infected by hackers. When the hackers establish a botnet, they attack computers with weak network security and try to infect them with malware that allows the hacker to control the computer. If successful, users won't even know their computer has been hacked and is being used by hackers.

Once this botnet is established, the hackers essentially tell the computers to try to contact websites to test the security. In this recent case, the computers were looking to see if the websites were vulnerable to a SQL injection. This is where hackers tell the computers in the botnet to look for fillable sections on sites like comment boxes, search boxes, etc. and input a certain code asking the website's database to list the stored information related to that box.

If the Web developer has restricted the characters allowed in the fillable text boxes, then the code likely would not have worked. The botnet would notice this, and then move onto the next site. However, if the code works, the botnet notes this and essentially alerts the hacker who can then go to work collecting the data.

So, is this serious and what can I do?

In short, this could be a fairly serious problem. While 420,000 sites may seem like a large number, keep in mind that the Internet is made up of billions of websites. This means that the chances of your website's data being breached by this ring are small. That being said, there is probably a good chance that one of the sites related to your website may have been breached.

So, it is a cause for concern. However, you can limit the chance of hackers gaining access to your information and a website's information.

1. Change all of your passwords

It seems like we say this about once a month, but this time you really should heed this warning. With 1.2 billion username and password combinations out there, there is a chance your user name for at least one account or site has been breached.

To be safe, change all of your passwords. This also includes passwords on your computer, mobile devices, and any online accounts - don't forget your website's back end, or hosting service. It is a pain to do, but this is essential if you want to ensure your data and your website is secure from this attack.

2. Make each password different

We can't stress this enough, so, while you are resetting your password you should aim to ensure that you use a different one for each account, site, and device. It will be tough to remember all of these passwords, so a manager like LastPass could help. Or, you could develop your own algorithm or saying that can be easily changed for each site. For example, the first letter of each word of a favorite saying, plus the first and last letter of the site/account, plus a number sequence could work.

3. Test your website for SQL injection

If you have a website, you are going to want to test all text boxes to see if they are secure against SQL injection. This can be tough to do by yourself, so it's best to contact a security expert like us who can help you execute these tests and then plug any holes should they be found.

4. Audit all of your online information

Finally, look at the information you have stored with your accounts. This includes names, addresses, postal/zip codes, credit card information, etc. You should only have the essential information stored and nothing else. Take for example websites like Amazon. While they are secure, many people have their credit card and billing information stored for easy shopping. If your account is hacked, there is a good chance hackers will be able to get hold of your card number.

5. Contact us for help

Finally, if you are unsure about the security of your accounts, business systems, and website, contact us today to see how our security experts can help ensure your vital data is safe and sound.
Published with permission from TechAdvisory.org. Source.

Topic Security