Tip #1: Ransomware
Ransomware is malicious software used by an attacker/suspect to unknowing encrypt the complainant's data and then request payment to unlock it. This typically happens on a Friday and the complainant doesn't realize it until the Monday. The encryption takes some time and having the weekend ensures a good portion if not all the data is locked.
This is generally done because Terminal Services (TS)/ Remote Desktop Protocol (RDP) is left open to the world to access.
This is a default application on Windows Operating Systems to allow remote access to the computer. It is typically only password protected which means attackers can continually guess a variety of different passwords a.k.a bruteforce their way in.
However, there is an easy fix. Don’t use Terminal Services / RDP. If you need to then limit it to only specific IP addresses which can access it, setup a Virtual Private Network (VPN) and or enable two-factor authentication (2FA). Whoever is running your IT will know about these technologies and should be able to implement these changes to protect your infrastructure.
If you are a victim of Ransomware then there are really only two options. Pay the ransom or restore from back up. If you have good backups (offline and up to date) then you can restore your environment and patch the security holes. If you know what type of Ransomware your infrastructure is infected with www.nomoreransom.org might have the decryption key. This site also contains additional information about ransomware in general.
Tip #2: Two-Factor Authentication (2FA)
Long complex passwords are good but adding Two-Factor Authentication is even better. So what is Two-Factor Authentication? Basically it’s another password that is unknown, randomly generated that is used in conjunction with the password you know.
For example, if I log into my email account I type in the password I created then I type in the password that is sent to me through an SMS message or using an authenticator app like Google Authenticator, Authy, Lastpass, Microsoft Authenicator to name a few. The second password is random and used only once and time sensitive.
Why would you want this to use this? If your password ever gets compromised the attacker cannot get in unless they have the second password provided by the Two-Factor Authentication. Most accounts you use will have this feature available and you can enable it with a few clicks. There are two main types, one through and SMS message (secure) and through and authentication app (more secure).
The SMS message is quite convenient but is tied to your phone number. The Two-Factor Authentication app is tied to that app at the time of creation making it way more secure. The codes are time sensitive keep changing after a set period like 30 seconds.
When possible enable Two-Factor Authentication. Most accounts will have this feature and it could save you from being exposed. Many sites have been breached and your username and password have been leaked without you even knowing. There are sites like https://haveibeenpwned.com where you can check to see if your email account have been on a list of data breaches. With Two-Factor Authentication turned on this will give you another layer of protection even if your password is known by the target.
Tip #3: Facebook Security
This Tech Tip is aimed at the largest social network currently in the world, Facebook.
First, pick a strong password and enable 2-factor authentication. As explained in Technology Tip #2, enabling 2-factor authentication is the best line of defence in preventing unauthorized access to your Facebook account.
- In Facebook Settings > Security and Login > Two-Factor Authentication, you can choose to enable this feature by way of SMS or an authentication app such as Google Authenticator.
- In the same token, your backup or recovery e-mail given to Facebook should be just as secure so that someone cannot imitate you using your insecure e-mail account as the weakest point of entry.
Facebook has taken steps recently to improve people’s privacy on its site. Prior to this, many 'Sharing' settings were set to 'Public' by default such as certain pages you "Like" or "Follow", pictures or albums you share, Timeline posts you share, and more.
- Once again in Facebook Settings > Privacy / Timeline and Tagging, you can customize how public you want your default sharing settings to be.
This prevents someone from learning too much about you, such as a home address if you were to unknowingly share a picture with your house and address clearly visible in the background, or many other possible scenarios.
The last part of this week’s tip, is exercising safe practices in Facebook Marketplace. Like Kijiji or other online sales platforms, always be mindful that you may not be showing up for the deal you think you are.
With meetup-style robberies on the rise from platforms like Facebook Marketplace and Kijiji, consider the following tips:
- Meetup during daylight hours in a safe, public place. Police station parking lots are one of the best options.
- Bring a friend with you or tell someone where you're going and what time you're supposed to meet the seller or buyer. You can also have someone on the phone in your pocket while you do the deal.
- Be mindful of newly created profiles with no history and no information or pictures. This isn't always a red flag as their profile may just be very private.