Do you need a VPN at home?

Virtual private networks (VPNs) are great for securing your connection when you’re using public Wi-Fi. However, they can also be put to work in your home. You might use a VPN at work, however do you need a VPN at home?

When you use a VPN, you’re adding a layer of protection to your online activities by building an encrypted tunnel between your traffic and anyone who tries to spy on you. VPNs are great for when you’re out and about, using Wi-Fi networks that aren’t your own. But at home, a VPN can help protect you from other threats and may let you access streaming content that would be otherwise unavailable.

In a recent article aksing written by Darren Allan for msn.com he explores the benefits of having a VPN at home.

Do you need a VPN at home?

People are becoming conscious of the need to take back their privacy online. It is certainly no bad thing to do so at home

What is a VPN?

A VPN gives you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable. Most important, VPN services establish secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot.

The Threats Abroad

Outside your home, it’s hard to tell which networks you encounter are safe. If you’re at a coffee shop, for example, how can you tell which Wi-Fi network is legitimate? Unless the SSID is posted somewhere, you’re just going to have to guess. Clever bad guys will set up access points with familiar names, hoping to trick people into connecting. Once victims are online, the bad guy does a man-in-the-middle attack, intercepting all the information victims send and receive. This includes a lot of mundane stuff, to be sure, but it can also include bank accounts, login information, and worse.

An attacker doesn’t even need to trick you, they just need to trick your phone or computer. Most devices are configured to reconnect to familiar networks by default. But if an attacker uses the same name of a popular Wi-Fi network, your devices may automatically connect, even without your knowledge.

Both of those attacks require a lot of guesswork, but a good attacker won’t bother with that. Instead, they’ll configure their evil access point to switch SSIDs to match the ones devices are asking for.  For example, at the Black Hat conference a few years ago, a security vendor detected an evil access point that had changed its SSID 1,047 times, tricking 35,000 devices into connecting.

These are situation in which you definitely need a VPN. The encrypted tunnel it creates blocks anyone on the same network as you—even the person managing the network—from seeing what you’re up to.

The Threats at Home

It’s very unlikely that a bad guy broke in to your home, replaced your router, and then waited for the good stuff to roll in. For one thing, that’s just too much work. But for another, attackers need more than one successful hit to make an attack worthwhile. They’ll want to rack up as much information from as many victims as possible. Unless you live above an airport, it’s unlikely that there’s enough foot traffic in your home to justify an attack.

VPNs can be fun

At least half of all VPN use isn’t for personal protection. It’s for streaming video. That might seem odd considering the negative effect that VPNs have on your upload and download speeds, but it makes sense.

That’s where VPNs come in. You can use your VPN to tunnel to a distant server and access content that is restricted in your home country. While Netflix is very good at blocking VPNs, this trick is also useful for sports fans.

Trouble at Home

VPNs are all about securing your traffic from prying eyes, and that’s sometimes a problem when you want your traffic to be seen. If you live in an especially smart home, you’re likely to encounter some problems with using a VPN.

A great example is Chromecast, Google’s dead-simple method for getting content from your phone or computer on to your TV. When you try to use Chromecast with a VPN, all your data is shuffled off your devices through an encrypted tunnel and can’t reach other devices on your local network. You’ll have to switch off your VPN if you want to use this feature, or others like it.

One solution to this problem is to simply raise the level of your VPN and install it on your router. That way, all the data on your local network is funnelled through the VPN, giving you all the protection without causing any of the fuss on the local level. Configuring your router to use a VPN can sound daunting, but some VPN companies will sell you a pre-configured router if you want to give it a try. Still, I think this solution is not for everyone and perhaps best left to people with a determined DIY sensibility.

While many people are using VPNs to stream online content, many (if not most) streaming services are very good at blocking VPN usage. One possible solution is purchasing a static IP address from your VPN provider. These “clean” addresses aren’t associated with VPNs, giving you a better chance of slipping past attempts to block your access.

Speed will always be an issue with VPNs. When a VPN connection is active, your web traffic is going through more machines and more fibre. As a result, this increases latency and slower transfer speeds. Not all VPNs are the same in how much they affect your connection, but you will see some impact.

Do you need a VPN at home?

In truth, the answer to the question of whether you “need” a VPN in your house is going to come down to your own preferences. There are lots of good reasons why a home VPN might be a valuable addition to your security arsenal, but what’s most important is whether you will use it. If you find yourself too frustrated with reduced internet speeds, or juggling streaming devices, don’t use a VPN at home. An unused security feature isn’t useful to anyone.

As more of us are working from home, it may be a good idea to explore your options. Contact the LIS Help Desk and talk to one of our friendly team to see how we can help you.

LIS DIGITAL – SECURING YOUR DIGITAL WORLD

#VPN #AddedSecurity #ExtraPrivacy

Daily email attacks

The British Broadcasting Corporation (BBC) receives over a quarter of a million malicious daily email attacks, according to official figures.

This data revealed under the Freedom of Information (FOI) Act by the Parliament Street think tank’s cyber security team. It showed 283,597 malicious emails were blocked by the organization every day over the first eight months of 2020.

The scale of daily email attacks

The data shows that the BBC receives an average of 6,704,188 monthly hostile emails classed as scam or spam. Additionally, an average of 18,662 malware attacks such as viruses, ransomware and spyware are blocked. From January to August 2020, a total of 51,898,393 infected emails were blocked by the BBCs systems.

The highest month of daily email attacks was July with a huge total of 6,801,227 incidents recorded. Of these 6,787,635 were spam and 13,592 were malware. The second highest month was March, when the COVID-19 outbreak was at its worst in the UK. The BBC received 6,768,632 spam attempts and 14,089 malware attempts, totalling 6,782,721.

Daily email attacks

The vast majority of email sent every day is unsolicited junk mail. Examples include:
Advertising, for example online pharmacies, pornography, dating, gambling.

Multiple cyber-attack incidents

In the past the BBC has experienced multiple incidents when it comes to cyber attempts and potential breaches. In 2013 the BBC twitter feed was subject to a phishing hack. It appeared to be sympathizers of Syrian President Bashar Assad. The BBC said the “phishing” emails contained what appeared to be links to The Guardian newspaper or Human Rights Watch online and brought users to a fake web mail portal.

In 2016 there was another hack. An anti-Isis hacking group claimed responsibility for downing BBC websites and services on New Year’s Eve.

Additionally, there were daily email attacks in December 2015, when the BBC’s websites were unavailable because of a large web attack. However, it is believed that a web attack technique known as a “distributed denial of service” was causing the patchy response. This aims to knock a site offline by swamping it with more traffic than it can handle.

A ripe opportunity for hackers

The data suggests that it is an ongoing struggle for the BBC to obstruct these malware, phishing and spam attempts.

Tim Sadler, CEO at Tessian

Tim Sadler,
CEO at Tessian

According to Tim Sadler, CEO at Tessian, The global pandemic has become a ripe opportunity for hackers’ phishing scams. We can clearly see that in reflected in the spike of malicious attacks on the BBC. In the wake of the outbreak, journalists and employees would have been busier and more distracted than usual.

“Using clever social engineering techniques, cyber-criminals’ prey on people’s desire for information during uncertain times. They bank on the fact that busy, distracted and stressed employees may miss the signs of a phishing email. As a result, they fall for their scams. Organizations, therefore, must have security measures in place to automatically predict such email threats and warn people before they click or download an attachment.

What do these daily email attacks means for business?

The various malware, phishing and cyber-attacks on the BBC acts as a warning for all businesses. Criminals will never let a good crisis go to waste. Employees are now connecting to their organizations from home in large numbers. This allows cyber criminals to target businesses in many more ways. These tactics have always existed. Therefore, as Tim Sadler advises, organizations must have the security measures to detect such email threats.

At LIS our clients benefit from the latest anti-spam and anti-virus solutions. They also take advantage of our Office 365 Security Package. This allows them to stop advanced threats and stay compliant. As well as being productive and keeping their data safe. Contact the LIS Help Desk to make sure your business is safe and secure.

LIS – SECURING YOUR DIGITAL WORLD

#Security #Emails #CyberCrime #ITsupport

Attacks from ransomware

Ransomware PDF Guide

Ever wondered what attacks from ransomware are? You’ve heard about it at the office or read about it in the news. Maybe you’ve got a pop-up on your computer screen right now warning of a ransomware infection. Well, if you’re curious to learn all there is to know about ransomware, you’ve come to the right place.

Download our new guide and know how to keep your business safe.

Attacks from ransomware

What is ransomware?

Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files. The cyber-criminal will demand a payment in order to regain access. Developed in the late 1980s, ransom payments were sent via snail mail. Today, ransomware authors want to recieve payment in cryptocurrency or by credit card.

How does a ransomware attack happen?

After your home gets broken into, it may be obvious the intruder came in through a window or smashed down a door. Shattered glass and forced entry are signs that lead you to conclude that there has been a burglary. In the cyber world, these signals might not be as evident. Your first clue might be a pop up saying please pay money to regain access to your computer.

What went wrong? 

Attacks from ransomware happen to a business when they fail to follow common cyber security 101, such as:

  • Choosing strong passwords
  • Enforcing access management controls
  • Security awareness training for employees
  • Using EDR (Endpoint Detection and Response) or antivirus software
  • Updating operating systems and hardware

Cyber criminals use several methods to access your network by exploiting vulnerabilities. However, to prevent attacks from ransomware, businesses need to understand them and be proactive with stronger cyber security.

How can I prevent them?

Follow the advice in our guide. Address the security threats for your business and educate your colleagues. Protect your business from ransomware with effective cyber security solutions and avoid disruption to your business!

However, if you would like to save some time, we can analyse the risks for you, develop a security strategy to enable your business to dig a moat and pull up the drawbridge.

Would you like to learn more about how we can help protect you from ransomware and emerging cyber threats? Contact the LIS Help Desk and one of our friendly and experienced technicians will be able to help you.

LIS – SECURING YOUR DIGITAL WORLD

 #FreeGuide #GotMalware? #HiddenIntruder

Ban ransomware payments

Should ransomware payments be banned?

The Government have been recently lobbied to ban ransomware payments. They have been asked to prohibit companies and individuals being able to pay ransom demands. Cyber criminals try to scam organisation with cyber-attacks using ransomware malware. The prohibition of ransom payments would cut the flow of income to attackers. As well as shutting down the desire to hit U.K. citizens and companies with ransomware.

Prohibition of ransom payments for ransomware could mean there is no point in cyber attackers going after U.K. Alexander Culafi a news writer from Search Security explores the ban ransomware payments story in more detail.

Ransomware payments

A security firm involved in the business of combating ransomware has called for a government ban on the
payment of ransoms by companies. There was no other practical solution other than to ban ransomware payments.

Paying ransomware demands could be illegal

Companies paying ransom when attacked by ransomware in an effort to retrieve their data has always been controversial because it encourages future attacks. Now, doing so may also be illegal.

The U.S. Department of Treasury today warned that paying ransomware demands may be illegal and that companies that do so could be prosecuted.

The warning came in advisories from the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network. Both warned that any company that paid a ransomware payment, or a third party that facilitated a payment, could be prosecuted in the case that the hackers demanding the ransom were subject to U.S. sanctions.

There is an exception: Companies that are considering making a ransomware payment can do so but only with government approval.

Specific attention was given to third-party companies that facilitate ransomware payments. “Companies that facilitate ransomware payments to cyber criminals, encourage future ransomware payment demands. They also may risk violating OFAC regulations,” the Office of Foreign Asset Control said in its advisory.

Ransomware payments are controversial

Paying ransoms in ransomware attacks has always been controversial. Firstly, a serious ransomware attack could and has seriously crippled companies and cost them. Secondlay, hundreds of millions of dollars in lost business and costs. Finally, sometimes paying the ransom to obtain access to core business files is arguably worth it.

The counter-argument is that every single time a company pays a ransomware demand, it encourages future ransomware attacks. Hacking groups know this, which is why they keep deploying attacks.

An expert’s opinion

James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc. compares ransomware to the Italian Mafia.

“Many years ago, in Italy, there were many kidnappings by organized crime groups of the wealthy and affluent families,” McQuiggan told SiliconANGLE. “They would request large sums of money in exchange to return the victim’s loved ones. The kidnappings got so bad that the Italian government initiated a ban on paying any ransom to organized crime groups. The government would seize all financial assets to prevent the kidnapped families from getting the money to pay.”

He went on, “At first, the crime groups called the bluff of the families who couldn’t pay and killed the family member. However, after a short while, the organized crime groups realized they couldn’t pay, and quickly, the kidnapping and ransoms came to an end.”

Returning to today’s advisories, McQuiggan said that even if an organization wishes to pay the ransom, it would have to collaborate with the U.S. Treasury, FBI and other government agencies to send the funds. “The U.S. government’s recommendation of not paying comes with a similar notion of not negotiating with terrorists. Never pay the ransom when involved with kidnappings and thus, the anticipated action of reducing ransomware attacks,” he said.

Stay protected with LIS

Unfortunately, we are unable to stop cybercrime. However, we try and help prevent it. Our clients benefit from our Anti-Spam, Anti-Virus and Office 365 Security Package solutions. Can you afford to take the risk?

Practice safe IT. STAY PRODUCTED! Contact the LIS HELP DESK to discuss your options.

LIS – Securing your digital world

#Ransomware #Cybercrime #Security #ITSupport

 

 

Online Covid scams

The Online Covid scams that steal your data

There have been some shocking online Covid scams in the last 6 months. As cyber-criminals have taken advantage of businesses during the global pandemic. It is important to make sure your business is not caught out. Our new video shows you the scams you should watch out for.

Business owners targeted in Covid-19 VAT deferral scam

HMRC have uncovered a new email scam produced by hackers. The latest of many recent scamming attempts by criminals is using the topic of coronavirus alongside the subject of VAT deferrals to trick you into giving away sensitive data.

A recent article published on the TechRader website, explains how hackers continue to exploit business vulnerabilities.

Aimed at small business owners, the fake HMRC email attempts to purloin confidential information from ventures struggling to cope with the ongoing effects of the pandemic. Between March and June 2020 HMRC allowed VAT payments to be deferred. The email scam pretending to be from the Revenue tries to dupe companies affected into revealing private information including account names, passwords and payment details.

Helpful tips to avoid online Covid scams

Know how scammers may reach you. Scammers are taking advantage of the increase in COVID‑19 communications by disguising their scams as legitimate messages about the virus. Alongside emails, scammers may also use text messages, automated calls and malicious websites to reach you.

Be cautious of requests for personal or financial information. If you receive an unsolicited request for information, take extra time to evaluate the message. Scammers will often ask you to input login information, or share bank details and addresses with them. They may also request payment via bank transfer or virtual currency.

Double check links and email addresses before clicking. Fake links often imitate established websites by adding extra words or letters. If it says something like “click here,” hover over the link or long press the text to check the URL for mistakes ─ being careful not to click it. Misspelled words or random letters and numbers in the URL or email address may also indicate a scam.

Search to see if it’s been reported. If somebody has sent you a fraudulent message, it’s likely they’ve sent it to other people as well. Copy and paste the email address or phone number. Alternatively, copy the most suspicious portion of the message into a search engine to check if it’s been reported.

Not Sure What IT Security You Need?

Security is one of the most important considerations when building any network. It doesn’t matter whether you are a small business or a multi national corporation, security should be your top priority. Recently office, home and mobile networks have been targeted more by cyber criminals across the globe. As with all forms of crime, the first victims are the low hanging fruit. But the criminals are getting more sophisticated. So businesses need to keep one step ahead.

At LIS, we can conduct an IT security audit to help you identify the right level of protection for your network. Contact the LIS Help Desk for your free consultation and find out how to protect your IT network against data breaches, viruses and more.

LIS – SECURING YOUR DIGITAL WORLD

#Covid19Scams #Top10Scams #DontFallForIt