Even with the Cambridge Analytica fallout and subsequent #DeleteFacebook campaigns, people still don’t seem to be concerned that what they post online will remain for life.

Although I have seen a few people want to delete their history being concerned about the recent scandal the majority of users haven’t altered their settings and advertisers appear to be staying put.

The recent focus has been on Facebook due to the Cambridge Analytica issues however the bigger issue I see is Google who basically scrapes, searches and indexes everything on the internet.

They are like the sleeping giant sitting back watching everything, never missing out on anything that is published, just waiting for the right time to pounce as they will have recorded every site you have been to, everything you have ever searched for and every place you have been.

Now with over 55% of the worlds smartphones running Andriod over IOS, the release of Google Home devices, integration with other smart appliances who is really collecting more data, google of Facebook.

At least with Facebook you have a choice as to what you post, Google collects everything you do as I cannot think of anyone I know that does not use Google Searchr

Something to think about maybe ??

Never forget that anything you post, comment on, respond to or like will be stored for life as part of your digital footprint.

Now to remove the tin foil hat and back to work..

The amount of destruction to key infrastructure such as power supply, water and road access caused significant outages in a number of areas where access to even assess damage was an issue.

Restoration of power in certain areas took days and even then was not fully functional with ongoing outages as further repairs were undertaken.

During the cyclone we assisted a number of business clients that had plans in place fill up generators that had been running, ensuring systems were still online as sites with multiple offices outside of Darwin still needed to be operational and finally then work with business to assess damage and provide recovery strategies.

Many people were prepared, not just two days before but had a plan in place, systems ready to go and equipment on standby.

Some of these clients came unstuck with simple things such as below;

-         Keys to refuel generators

-         Blocked building access due to fallen trees

-         Building access due to failed security system batteries

No matter how much planning you undertake there are a couple of small things that are bound to trip you up. We at Territory Technology Solutions have modified our Disaster Recovery Plans due to a number of small issues we ran into.

Like the equipment needed to keep the business going Disaster Recovery Plans should be constantly tested and they should evolve with the business, risks need to be assessed that may impact the ability for the plan to be enacted.

For us during the cyclone the availability of fuel was a key issue to keep our generators going as the service stations in the immediate proximity of the building were all out of action with no power.

We have now made changes to our plan and spent $300 to have available 200 Litres of fuel in house, which will provide another 48 hours of operation.

There are many things to consider, plan for and continually test. Territory Technology Solutions has been providing such services for our clients for the last 19 years and have established a huge knowledge bank of data that may assist you and your business.

Contact us on 08 8944 2222 to discuss options that may assist you.

With those realities in mind, Webroot recently released its 2018 Webroot Threat Report. It presents analysis, findings, and insights from the Webroot Threat Research team on the state of cyber threats. The company claims that the report analyzed more than 27 billion URLs, 600 million domains, 4.3 billion IP addresses, 62 million mobile apps, 15 billion file behavior records, and 52 million connected servers.

The report definitely shows that attackers are learning just as quickly as security professionals, and are finding new ways to breach networks. Some of the most common attacks were analyzed in the report, including polymorphic attacks, cryptojacking, ransomware, and phishing.

Polymorphic attacks

As security programs and professionals continue to learn how to find and detect malware, attackers are finding new ways to hide it. Polymorphic attacks can be especially difficult to combat because the signatures that can be used to identify it are constantly updating and changing. According to the report, more than 94% of all malicious executables are polymorphic. Supporting this claim is the fact that in 2017, 93% of the malware encountered was seen on only one machine, meaning the signature changed enough from machine to machine that each variant was only able to be detected once.

The report claims that upgrading all business devices to Windows 10, which offers greater security than previous versions, is a great way to combat the spread of polymorphic attacks.  According to the report, combined with advanced endpoint protection that uses behavioral analysis and machine learning, adopting Windows
10 can greatly reduce enterprises’ vulnerability to cyberattacks.

Cyrptojacking

As a relatively new threat on the scene, crytpojacking is quickly becoming a very serious threat. Based on early reports, this threat is becoming quite popular because it is highly profitable and easy to implement. Instead of hijacking someone’s files in exchange for money, like ransomware attacks, the attacker simply utilizes the victims CPU power to mine crytpocurrency. Since this form of attack is mostly invisible to the end user, the system could be compromised for quite some time before it is found.

Ransomware

Although ransomware has been around for a while, it is still an extremely popular form of attack. Just last year we witnessed the most widespread ransomware attacks to date. WannaCry and NotPetya were both extremely destructive and together they were able to infect more than 200,000 machines in more than 100 countries, all within just 24 hours.

Phishing

One of the most successful phishing attacks occurred during 2017. The email that claimed to be a Google Doc from a trusted contact claimed a lot of victims. The main reason it was so successful was that it was highly targeted, and used social engineering to convince the user the email was from a legitimate source. The report from Webroot also found that almost 25% of phishing sites used IP masking, which makes it more difficult to discern the actual IP address of the domain. Another common tactic is to use benign domain names and replace a single web page with phishing content. When inserted as a disconnected, isolated page (i.e. no pages on the site point to the phishing page, nor does the phishing page point to any other pages on the site), it is nearly impossible for crawlers to detect the phishing threat.

There are several more insights into the latest threats and how to combat them within the report. You can view the reportfrom Webroot on their website. However, they recommend, not only making sure operating systems are completely up to date, but organizations should also be using automated, real-time decisionmaking based on continuously-updated threat intelligence, contextual analysis and advanced endpoint and network protection. When coupled with strong user security training, any organization can materially reduce its exposure to unacceptable risk, according to Webroot.

Well much like school the internet has the same thing and a much longer memory.

If your PC or mail server gets hacked and sends tens of thousands of emails the public IP address of your internet connection will get a bad reputation to the point other systems may not accept email from you.

Your public facing Website may get hacked and hidden pages are created that can be used for delivering malicious content via the emails I have warned you not to open.

These types of issues can be very harmful to your Internet Reputation which will impact access to sites, email and a number of things you depend on daily.  Many smart firewalls will now simply block connections to sites purely based on reputation scoring.

Sites such as the below are used to check how your IP Address, Email Domain and WebPages appear to the outside world, many you can subscribe to for automatic alerting if you are added and it is key to protecting your Internet Reputation;

WatchGuard Reputation Enabled Defense - Firewall based reporting & blocking for IP Addresses, Countries (Geo) and Content.
http://www.reputationauthority.org/

SPAM Database lookup - Check to see if your IP Address is listed a SPAM Sender.
https://www.dnsbl.info/dnsbl-details.php
http://www.mxtoolbox.com

BrightCloud Threat Intelligence - Website & Content Reputation
http://www.brightcloud.com/tools/url-ip-lookup.php

There are lots more ways to check, this is to provide a snippet of what can prevent you accessing or emailing content.

Contact us further if you need assistance in checking your Internet Reputation - helpme@itblog.com.au

A more targeted form of phishing is known as ‘spear-phishing’. Rather than emailing many people at once, these emails are more targeted and are usually only sent to one person, and made to look like it’s from someone you know, and that the topic is relevant to you.

Spear-phishing is used to target employees by impersonating senior executives asking for funds transfers. This is also known as ‘wire fraud’.

They usually ask the target to make a wire funds transfer for them- or confidential information (eg tax details). By making the email appear to come from a very senior person, they are hoping you’ll action it quickly without verifying the request.

In recent weeks through our Helpdesk we have seen a huge increase in very personalised emails for smaller amounts of money targeting small companies. 

Many businesses have lost large amounts of money due to spear-phishing- eg Irish airline, Ryanair, lost $5 million to this type of scam.

Raising awareness of these scam emails with employees (especially Personal Assistants or payment authorisers) is important to reduce this risk. If you receive a request like this, simply call the person (on a known number) to confirm they requested the transfer.

Phishing is not just limited to emails. Many cyber criminals are now phishing people via text message.

People more likely to click on a link in an SMS than they are in an email- it feels more personal and intended for them.

In some cases we have seen malware / malicious applications delivered using this method. 

The phone is then hijacked and the hackers monitor access to accounts such as online banking and then logon using your credentials.

To prevent this you need to check the content for validity, remember the Banks, Government and other Large Corporates will not as for personal details via SMSM.

Virus protection should also be installed on your mobile devices.

Now after 30 years in the ICT Industry SPAM has a whole different meaning and is certainly not as appetising as it used to be.

Spam email is a form of commercial advertising which is economically viable because email is a very cost-effective medium for the sender. If just a fraction of the recipients of a spam message purchase the advertised product, the spammers are making money and the spam problem is perpetuated.

Spammers harvest recipient addresses from publicly accessible sources, use programs to collect addresses on the web, and simply use dictionaries to make automated guesses at common usernames at a given domain.

At the present more than 95% of email messages sent worldwide is believed to be spam, making spam fighting tools increasingly important to all users of email.

Did you know that good / clean emails are referred to as HAM.. 

Spam and viruses

Spam is increasingly sent from computers infected by computer viruses. Virus-makers and spammers are combining their efforts to compromise innocent computer users’ systems and converting them into spam-sending “drones” or “zombies”. These malicious programs spread rapidly and generate massive amounts of spam pretending to be sent from legitimate addresses.

It’s important for all computer owners to install and maintain anti-virus software to avoid having their computer infected and possibly become a source of spam without their knowing.

Effects of spam

Aside from the amount of junk arriving in the Inboxes of millions of innocent email users every day, spam can have a more indirect and serious effect on email services and their users.

Hijacking of real users’ addresses or email accounts is also common. Typically these messages will have the From field showing something like “Australian ATO Collections” info@hotmail.com and it is very important to check that the email address has some relationship to the identity the email is coming from.

Several email users have been affected by falsified messages claiming to be from the service’s administrators, stating that users’ account are closed and require some action by the user to be reopened. Such messages often contain viruses and should be ignored or deleted.

When hijackers succeed in sending spam via an email services, it can be temporarily blocked by other services and private domains who try to protect themselves. Providers such as Arafura Connect do everything we can to prevent this, but it’s important that email users protect their own account with strong passwords to prevent their account being hijacked.

Phishing

An increasingly common phenomenon is “phishing”, where messages appearing to be sent from e.g. legitimate financial institutions attempt to trick recipients into “verifying” sensitive data (such as credit card information) on fraudulent web sites.

Legitimate services will rarely (if ever) send messages requesting you to click a link and provide personal or sensitive information. Be sure to verify the source of the message before complying with such a request.

Check out our article here for more details on the embedded content.

http://www.itblog.com.au/articles/11/1/False-Emails---How-To-Check/Page1.html

VoIP stands for Voice over Internet Protocol. It is also referred to as IP Telephony, Internet Telephony and Internet Calling. It is an alternative way of making phone calls that can be very cheap or completely free. The ‘phone’ part is not always present anymore, as you can communicate without a telephone set. VoIP has been named the most successful technology of the last decade.
VoIP has a lot of advantages over the traditional phone system, one of the biggest being it can be typically connected over any Public internet service.
The main reason for which people are so massively turning to VoIP technology is the cost. In businesses, VoIP is a way to cut down communication cost, add more features to communication and interaction between employees and with customers so that to render the system more efficient and of better quality. For individuals, VoIP is not only the things that have revolutionised voice calling worldwide, but it is also a means to have fun communicating through computers and mobile devices for free.

One of the pioneering services that made VoIP so popular is Skype. It has allowed people to share instant messages and make voice and video calls for free worldwide.
Many corporate phone systems support VoIP out of the box with some configuration you can have your office connected for fixed monthly fee including calls.

The VoIP Trend
VoIP is a relatively new technology and it has already achieved wide acceptance and use. There is still a lot to improve and it is expected to have major technological advances in VoIP in the future. It has so far proved to be a good candidate for replacing the POTS (Plain Old Telephone System) and ISDN (Integrated Digital Services Network)

It, of course, has drawbacks along with the numerous advantages it brings; and its increasing use worldwide is creating new considerations surrounding its regulations and security.
The public is getting more and more conscious of the advantages they can reap from VoIP at home or in their businesses.

Combined with the rollout of the NBN and Telstra’s decision to cut all copper networks VoIP is the logical choice for Business to move forward.

For more information contact Territory Technology Solutions - 08 89442222 to discuss what can be done with your existing phone system.

It’s good for search.
Google’s algorithm requires sites to essentially battle it for top search rankings, two websites that could both rank for a user’s query, essentially running toward the finish line of top results.
But what happens if there’s a tie? Do the sites battle it out in a “sudden death” round?
It all goes back to the idea that Google is constantly solving for the user, and makes frequent changes to its algorithm that create a better experience. Which is why our next point makes sense.

It’s better for users.
SSL helps to prevent these “man-in-the-middle” attacks -- “a form of eavesdropping where communication between two users is monitored and modified by an unauthorised party” -- and keeps user information secure.

That makes https especially important if your website accepts credit cards or has a login functionality. With so many of these hacking incidents making headlines, users want to know that your brand is making an effort to protect them from their private information being stolen or compromised.

user privacy = important
https = good for privacy

SSL is required for AMP.
A few pieces of vocabulary to break down here:

“AMP” stands for Accelerated Mobile Pages. It’s the technology that makes certain pages load almost instantaneously on mobile. So, when you search for something on your mobile device through Google, you might notice that some results have a lightning bolt icon next to it, that means that it’s AMP-ready.

Google is indexing mobile.
So, that thing we just said about the importance of mobile? It turns out, Google is actually going to start indexing mobile, which means that its “algorithms will eventually primarily use the mobile version of a site’s content to rank pages from that site.”
But in order for a mobile site to be indexable, Google recommends several best practices, one of which is to “start by migrating to a secure site,” especially “if [you] don’t support HTTPS yet.”

Not secure.
To elaborate -- In 2017, Chrome 56 will start displaying “not secure” in the browser bar for any http (notice it’s missing the “s”) sites that ask users for login or credit card information.

I don’t know about you, but when I’m about to make an online purchase and see that the site isn’t secure -- for example, that the padlock icon in the browser bar is broken -- I navigate my business elsewhere. And I’m not alone. In fact, only 3% of online shoppers say they would enter their credit card information on a site without the green padlock.

Imagine if Google starts doing that work for users before they can even get to checkout. If the number is as low as 3% now, before search engines start doing the legwork to label sites as “not secure” before anyone even visits them, you can see how traffic to those sites will suffer a huge blow -- as well as its digital sales revenue.

The long and the short of all the above is you need for your web site provider / developer to update your site, purchase a SSL Certificate and secure your website, don't act and miss out...