Tag Archives: Tips

3 Ways to Minimize “Security Fatigue” Among Employees

There’s a side effect to our rising awareness of (and concern over) cybersecurity. It’s called “security fatigue”, and employees the world over are beginning to show symptoms of it. According to a study from the National Institute of Standards and Technology (NIST), the majority of internet users suffer from this so-called security fatigue.

Users find themselves asking two major, and contradictory, questions: 1) if large companies with big security budgets are routinely attacked, how will I protect myself from cybercriminals? And 2) despite all the cyberattacks you hear about in the news, I personally do not know anyone who has been hacked — am I really a target for a cybercriminal? This confusion between the inevitability and probability of becoming a victim of cybercrime is resulting in a kind of nonchalance with respect to matters of security. This lack of concern, this attitude of surrendering to the notion of “whatever will be, will be” puts both users and the companies they work for at risk.

So how can we minimize security fatigue in our companies?

Use a password manager

The average internet user has more than 100 accounts associated with the same email address. Ideally, therefore, they would have 100 different passwords. Obviously, it is impossible to memorize such an enormous number of credentials. In addition, from time to time we require our employees to update their password to start the PC or access a particular software program. And what do they do? Choose the fastest and easiest option. 81% of users use the same password in different accounts and 36% reuse the password in more than 25% of their online accounts.

The solution to this problem is to set up a password manager for all employees. It is the easiest way to generate unique passwords for each account that have a high level of security. With it, employees will only need to remember one password, instead of one hundred.

Update, update, update

We can’t stress this enough.

Limit the number of security decisions your employees have to make. If the security team keeps systems and devices up to date, implements patches, and automatically downloads the latest malware databases, unnecessary risks will be avoided. This should be a mandatory practice, ensuring that employees have safe working tools and will not have to worry about supplementary tasks, nor receive constant alerts to update programs.

Use advanced cybersecurity measures

Employees are overexposed to security alerts, a situation that ultimately ends up becoming a little bit like the boy who cried wolf. Pages reminding them that their passwords are insecure, antiviruses that warn of the dangers of accessing a particular web page or downloading a certain file … The constant repetition of these warnings contributes to a feeling that nothing is safe anymore, so why bother? In the work environment, we can reduce that level of insecurity using tools that block an attack before it even occurs. Advanced cybersecurity solutions monitor the organization’s systems in real-time, detecting and stopping any suspicious behavior that could be harmful. Preventing the attack before it occurs will take some of the stress off of the employee and, in turn, reduce the security fatigue that is increasingly prevalent in our modern times.

The post 3 Ways to Minimize “Security Fatigue” Among Employees appeared first on Panda Security Mediacenter.

Read More

3 Ways to Minimize “Security Fatigue” Among Employees

There’s a side effect to our rising awareness of (and concern over) cybersecurity. It’s called “security fatigue”, and employees the world over are beginning to show symptoms of it. According to a study from the National Institute of Standards and Technology (NIST), the majority of internet users suffer from this so-called security fatigue.

Users find themselves asking two major, and contradictory, questions: 1) if large companies with big security budgets are routinely attacked, how will I protect myself from cybercriminals? And 2) despite all the cyberattacks you hear about in the news, I personally do not know anyone who has been hacked — am I really a target for a cybercriminal? This confusion between the inevitability and probability of becoming a victim of cybercrime is resulting in a kind of nonchalance with respect to matters of security. This lack of concern, this attitude of surrendering to the notion of “whatever will be, will be” puts both users and the companies they work for at risk.

So how can we minimize security fatigue in our companies?

Use a password manager

The average internet user has more than 100 accounts associated with the same email address. Ideally, therefore, they would have 100 different passwords. Obviously, it is impossible to memorize such an enormous number of credentials. In addition, from time to time we require our employees to update their password to start the PC or access a particular software program. And what do they do? Choose the fastest and easiest option. 81% of users use the same password in different accounts and 36% reuse the password in more than 25% of their online accounts.

The solution to this problem is to set up a password manager for all employees. It is the easiest way to generate unique passwords for each account that have a high level of security. With it, employees will only need to remember one password, instead of one hundred.

Update, update, update

We can’t stress this enough.

Limit the number of security decisions your employees have to make. If the security team keeps systems and devices up to date, implements patches, and automatically downloads the latest malware databases, unnecessary risks will be avoided. This should be a mandatory practice, ensuring that employees have safe working tools and will not have to worry about supplementary tasks, nor receive constant alerts to update programs.

Use advanced cybersecurity measures

Employees are overexposed to security alerts, a situation that ultimately ends up becoming a little bit like the boy who cried wolf. Pages reminding them that their passwords are insecure, antiviruses that warn of the dangers of accessing a particular web page or downloading a certain file … The constant repetition of these warnings contributes to a feeling that nothing is safe anymore, so why bother? In the work environment, we can reduce that level of insecurity using tools that block an attack before it even occurs. Advanced cybersecurity solutions monitor the organization’s systems in real-time, detecting and stopping any suspicious behavior that could be harmful. Preventing the attack before it occurs will take some of the stress off of the employee and, in turn, reduce the security fatigue that is increasingly prevalent in our modern times.

The post 3 Ways to Minimize “Security Fatigue” Among Employees appeared first on Panda Security Mediacenter.

Read More

Post-vacation cybersecurity tuneup: Get your company ready!

panda-security-tips-companies

It’s that time of the year when most of us return to the stress of our jobs after having enjoyed a well-deserved summer vacation. But, if getting over the post-vacation blues is hard for anyone, for the members of the IT team it is a real nightmare: out-of-date computers, new software vulnerabilities, systems that do not work, organizational changes… It’s time to get ready for the situations you’ll have to face in the return to normality. And you better do it as thoroughly as possible to avoid risks. Here is a list of things you need to do in order to make sure that everything is in order.

Update

The first thing you must certainly do is update all systems, patch all applications, and download the latest malware signatures and security updates. This process is critical and must be completed immediately. You never know what may have happened during the time you’ve been on vacation.

Check your operating systems’ hardening status 

Hardening your computers’ operating systems is essential to keep your entire network safe. There are some differences between general and specific hardening. However, in both cases you must check that all necessary security measures are properly in place. And if you don’t have a hardening plan yet, now is the time to implement one.  Evaluate the possibility of unauthorized access, prevent user misuse, protect your network from known attack vectors, etc.

Review security rules with your network users

It is essential that your organization’s employees and other users are aware of the basic security protocols required to ensure network protection. Remind them of the need to comply with the company’s password policy, and ban the installation of non-corporate software on corporate computers. Reviewing all of these security aspects and procedures with your employees will save you from future headaches.

Use a centralized security tool

The best security solution for your business is a centralized defense system that allows you to monitor your network in real time, make decisions, and take immediate action. With Panda Endpoint Protection, you’ll be able to keep your company safe from a single, centralized, cloud-based console, across all platforms and with minimal resource consumption.

Monitor your networks

Having a good intrusion detection system (IDS) is crucial. Intrusion detection systems inspect network traffic thoroughly, comparing it against identifiers of known attacks and suspicious behavior. Check the HIDS system deployed to your customers and your network IDS to make sure that everything is in order.

Check your firewall rules

Having a good firewall is essential too. Hardware firewalls are great allies, but perimeter protection rules must be regularly checked and updated. Some security solutions, such as Panda Adaptive Defense, allow organizations to monitor connections efficiently and automatically, maximizing efficiency and minimizing efforts.

ISO 27001, your best ally

ISO/IEC 27001 is an information security management standard that specifies all the directives you must follow to keep your corporate network safe. Regardless of whether or not you apply for the certification, the ISO standard can be used to check that you comply with every single safety procedure required to ensure that your systems are operating properly. The aforementioned recommendations are just a summary of the directives included in the ISO standard, which covers all of the above and much more. Faithfully following all these recommendations may seem difficult, but it is definitely the best starting point to make sure your business runs smoothly. And what better time to do this than now that you have just returned to work charged up after your vacation?

The post Post-vacation cybersecurity tuneup: Get your company ready! appeared first on Panda Security Mediacenter.

Read More

Cyber Security Tips for Parents and Children

cyber security tips for children

How to protect your children from cyber threats

The summer just gracefully glanced over our lives, and now it is time for things to get back to normal – we will soon start feeling the cold breeze and the days will become shorter. Even though that the good old days of casual dress code in the office are now gone, being back to reality has some positives too. Lots of quality TV shows such as The Big Bang Theory and Gotham will be back on the small screen, and your house will become less noisy as the little, and sometimes not so little, bundles of joy will be going back to school. As parents, it is our duty to keep our children safe. One of the ways to protect them from cyber threats is to educate them about the dangers and give them some advice on how to be alert and avoid becoming a victim.

Similar to the well-known parents advise such as to never get into a stranger’s car and to always cross on green, we need to remind our children that irresponsible behavior on their PC or wireless devices, is equally as bad as crossing a street on a red light. Every kid with access to a tablet, cell phone or a computer needs to be aware of how to use them safely. Even though they may not fully understand the fact that using these devices makes them vulnerable, you need to talk to your children about some of the dangers and discuss possible ways to prevent them from happening. The time before they get back to school is perfect for such a conversation.

Here are a few tips worth mentioning;

  • Keeping passwords safe

    Tell your kids always to be cautious when they are using passwords in school/college. Make them aware that people could steal their password by shoulder peeking. Give them an example, tell them to imagine how they would feel if someone starts posting nonsense from their profile on social media only because he/she knows their password. Advise them to make sure no one is watching them when entering a password. Tell them not to share their passwords with anyone!

  • Locking and logging off

    Things can go wrong if students do not log off from a computer at school after using it. If they do not log off, the next person who will be using the same PC may end up intentionally or unintentionally tampering with their work. Tell your kids that it would be a real waste if they’ve worked so hard on a project or a painting, and suddenly everything gets messed up simply because they forgot to lock or log off from their computer.

  • Password changing

    As you know, databases are sometimes not well protected and get compromised. The best way to deal with the ongoing problem is to change passwords often. Remind your kids that changing their passwords at least once every three months is important for them. Make it like a fun game and get them to want to change their passwords even if they don’t do it because of the dangers, but because it is fun. Tell them they can use a funny password such as ‘BieberLikesBananaz12%’.

  • Report cyber bullying

    A quick reminder about the existence of cyber bullying is a must before sending the little ones back to school. Remind them how to notice it and report it. Cyber bullying could be destructive for children of all ages. Tell them not to engage with anyone who they do not know in real life and to tell you if anything abnormal happens with the ones they know. You can use various tools to exercise parental control too. And if you spot something disturbing, do not press the WW3 button but pull quietly them away from the harmful content or friendship. You want your children to trust you!

  • Be aware of belongings

    Stress on the fact that devices can be tampered with and children should not leave them around. Youngsters need always to keep their devices securely locked. Tell them that if they don’t take care of their belongings, you will not buy them new ones. Get them to imagine how long and exhausting will be the months without a phone or a tablet should they end up not taking good care of it.

When you are a parent, some of the things that you do to remain protected are as obvious and as natural as breathing. However, kids from all ages might not have experienced the bad side of technology yet, and things may not feel as natural to them. While you can proudly say kids are tech savvy, they are not necessarily experienced enough to be safe and to be left on their own.
Before you send them back to school, make sure the OS of their devices are fully up-to-date and have stable anti-virus software. It not only protects their devices but quality antivirus software comes with parental control options that give you more freedom to monitor their online behavior safely and from distance.

The post Cyber Security Tips for Parents and Children appeared first on Panda Security Mediacenter.

Read More

Back to School with Cybersecurity on our Minds

The multitude of devices that have entered our lives over the past decade have also entered the classroom, and the security issues we face every day are just as real in the school as they are in our homes or businesses. Tablets, computers, even smartwatches can be useful educational tools, but the personal data that they store, belonging to students and teachers alike, can be a major liability. As we prepare to go back to school, how can educational institutions protect their data and guarantee the security of their students and faculty?

The Risks of Flunking Cybersecurity

According to Verizon’s 2017 Data Breach Investigations Report, there were 455 security incidents in the US education sector last year. This sector has greater exposure and a crucial responsibility as schools handle a large amount of personally identifiable information, including financial and credit card data. According to the report, more than half of these incidents resulted in the disclosure of personal data — belonging to both students and employees — while just over a quarter resulted in the publication materials subject to intellectual property.

In January of this year, a phishing attack on the Manatee County School District led to the disclosure of names, addresses, salaries, and social security numbers from more than 7,700 employees. More recently, the WannaCry ransomware affected schools and universities in China, negatively impacting hundreds of institutions, including Beijing University and Tsinghua University. According to Chinese media, students had important data encrypted or wiped, including thesis files and other important work that could impair their ability to graduate.

However, the risk goes beyond endangering academic or financial information. There are plenty of other areas associated with these institutions that can be targeted by cybercriminals. Some colleges and universities have their own affiliated medical centers and hospitals, which means that medical records and confidential patient information have also been endangered. Even university admissions processes are vulnerable to external manipulation by cyberattacks.

In terms of security, educational institutions face some very basic problems, such as a lack of funding. With the need for continuous maintenance, implementing advanced cybersecurity programs can be very costly. However, it is vitally important to change our mentality regarding the money we invest in cybersecurity. Given the invaluable data at stake, security should be a priority, no matter the initial costs.

Back to School: How to Pass the Cybersecurity Test

At present, the risks of data being exposed to threat actors are still very real, and it is paramount that any type of institution has a detailed plan to address the hazards it may face. To develop this plan, colleges and universities should consult companies providing cybersecurity and monitoring services to ensure their students, teachers and employees are protected. Cybersecurity professionals will help to devise preventive policies and response methods to alleviate the effects of a possible cyberattack on the institution.

Panda Security recommends implementing this series of measures:

  • Educate employees and students to raise awareness about security and encourage them to report suspicious activity such as phishing. Training and reporting is a very relevant first step, and often ignored.
  • Establish protocols to protect especially sensitive data. Limit access to and sharing of certain folders.
  • Require constant updates for user passwords, and combine this measurement with multifactor authentication for the school’s most important data.
  • Most of the computer attacks in China occurred because they were using pirated versions of Microsoft Windows. These versions do not receive the Microsoft update patches, and are therefore vulnerable to attacks that use exploits. It is always recommended to use secure and official versions of software.
  • Implement advanced cybersecurity solutions, tailored to the specific needs of the education sector, with detection and rapid remediation capabilities.
  • Develop a response plan and test it regularly to ensure that the institution is prepared for any kind of attack, just as physical training is often carried out in such educational institutions to prepare for the possibility of earthquakes, tornadoes, fires, etc.

The post Back to School with Cybersecurity on our Minds appeared first on Panda Security Mediacenter.

Read More

Are All Hackers Bad? 7 Types of Hackers

Top Seven Types of Hackers

You hear about leaks and hacks on a daily basis, but most of the times the identity of the people involved in these events remain hidden from the society. Every time there is a cyber-incident, the media releases a lot of information about the damages, but you rarely get much about the hackers themselves. Sometimes names of a mysterious group such as ‘Anonymous’ or ‘Fancy Bear’ are mentioned but nothing else about the people behind the hack. There are a million reasons why journalists usually do not share their sources, but this leaves us with questions about who they are. Often hackers end up portrayed negatively in the media. Even though that this is sometimes correct, it depends on the type of hacker. Knowing how to do something illegal does not mean that you necessarily do it, or that you cannot use your skills in a way that could benefit your government or the society. This is why we’ve decided to put a list of top seven types of hackers. Next time you hear the news; you will know that at least one of these characters have been involved.

Good Guys

These are the type of people who sometimes have regular day jobs and use their hacking skills to find security holes in business systems. Most of the times they are not after financial reward. They do it because they can and because they care about the people who use these vulnerable services. Multiple hacker organizations claim to be the good guys such as the German Chaos Computer Club (CCC). Groups such as CCC have their issues, but it is not a secret they have done some admiring things in the past.

Consultants

These are the type of individuals that look for exploits, and then offer their services to companies who need them. Technically they do not do anything illegal because they do not blackmail or exploit the flaws in the system. They just notify companies that things could be more secure if they get hired. They are no good, but they are not bad either, they are businessmen. Some of the greatest entrepreneurs of our time have started as hackers.

Bad Guys

Not everyone is ready to obey the laws. The evil hackers are the ones who do not have the patience or the abilities to negotiate with businesses and are known to take advantage of system flaws. These are the type of people whose primary purpose in life is to steal your sensitive information and ruin your life. They are money driven and of questionable morals. They are in it for the money and have no remorse to blackmail or scam anyone who crosses their path. Very often they think they are above the others… until they get caught.

Hacktivists

They are the type of hackers who often make it to the news. They break the law to gain information that will help them support a certain cause. Sometimes they think what they do is right, but most of the times it isn’t helping their cause at all. They consider themselves the Robin Hood of modern society. Very often they are not familiar with the whole picture and end up causing chaos by exposing truths that can be hurtful for the regular people – the very same people they are trying to protect. Anonymous is an excellent example of such group.

State Sponsored

To say the least, cyber warfare is not precisely regulated. State sponsored groups have been known to interfere in foreign elections. Each advanced country in the world has its army of hackers that work for the government, and sometimes the same folks are assigned to interfere with other nations. Of course, governments openly deny interference, but there is plenty of proof confirming these cyber armies exist to not only protect country’s citizens but also to manipulate other countries and gather intelligence for the government that sponsors them.

Imposters

These are the type of hackers with average IT knowledge who go in chat rooms and threaten regular folks for no apparent reason. The imposters are sometimes able to achieve something as significant as stealing their neighbors’ WiFi password, and they cannot stop talking about it to their friends. And to the media, as these are the type of people that we see on morning shows acting as hackers. Imposters feed on the public attention and most of the times they are harmless for the society as in reality, are not who they claim to be.

Incompetent Hackers

They have a special place in our hearts. They are the ones who have no idea what they are doing and leave digital traces everywhere they go. Most of the times you can get the tracks of such hackers only by doing a google search. Sometimes they manage to survive and move up the hierarchy but usually these are the guys who we often see in the news being jailed for cyber crimes.

Bonus: Broke Hackers

They are so successful in pulling off heists that they start being irresponsible. Until that one day when they get hacked themselves. They are similar to the incompetent hackers but are much smarter. However, they are not smart enough to keep their hard-stolen money away from other hungry cyber criminals. Filing a complaint with the police is not an option when someone steals your vast amounts of stolen digital currency.

There are all sorts of hackers out there and the more you learn about them, the more you realize that they are regular people like you. Next time you walk in Target; it is possible you will walk past a Bitcoin millionaire with questionable past. Or the next client you work with may be one of WikiLeaks’ primary sources. You never really know because real hackers live in mystery.

You have to make sure you are always protected and add an extra layer of security. Don’t tempt the good hackers and don’t fall victim to the bad ones. Very often the choice is yours because if you are not an easy target, hackers will exclude you from their target lists. They would rather move on to an easier target that has less protection.

The post Are All Hackers Bad? 7 Types of Hackers appeared first on Panda Security Mediacenter.

Read More

Are we “cyber safer” than ever?

After all recent attacks, what is the current cybersecurity status?

2017 has already seen a number of high profile cybersecurity events, and we expect many more before the year is out. As an evidence of this, PandaLabs records a 40% increase in attacked devices this quarter. Cybercriminals have been carrying out attacks on an unprecedented scale, even bringing the country of Ukraine to a virtual standstill during the Petya ransomware outbreak.  These attacks are highly publicised, as is expert advice for managing security breaches – so are we cybersafer than ever before?

The short answer

Despite increased awareness of cybersecurity issues, the answer has to be “no”. The fact that breaches are increasing in frequency every year is proof that we are definitely not cybersafer.

Why are we struggling?

Historically, the computer systems used to run large operations like electricity generation or hospitals were operated ‘offline’ – the only way to access them was via a terminal directly attached to the equipment. Over time, these systems have been connected to corporate networks, making them easier to access and manage by authorised users.

Once connected however, these systems are potentially exposed to anyone on the network. If a hacker can break into the network, there’s a very good chance they can crack the security surrounding these critical systems too.

Our reliance on data for improving products and the delivery of efficient services means that businesses are under increasing pressure to network even more of their systems. Which means that cybercriminals have even more opportunities to cause problems.

As a result, we can expect to see more attacks taking place even more frequently in the near future.

Cybercriminal groups are on the rise: The Shadow Brokers plan to continue publishing stolen NSA data, and the cyberarms race is coming to a boil. Individuals and companies should take extra security precautions.

Individuals and businesses, in the crosshairs: Out of all the machines protected by a Panda Security solution, 3.44% of them were attacked by unknown threats, representing an increase of almost 40% from the previous quarter. If we look at the type of client, home users and small businesses make up 3.81% of attacks, while in the case of medium and large companies the figure is 2.28%. Home users have far fewer protective measures in place, and they are therefore more exposed to attacks. Many attacks that successfully run their course in a home setting are easily detained in corporate networks before they can have an effect.

Cybersecurity – we all have a part to play

In the most high profile cases, big businesses and government are the targets for cybercrime. But in order to launch these attacks, hackers typically infect computers that belong to ordinary people, taking them over for use as part of a coordinated botnet. Compromised computers are then used to break through firewalls, or to spread malware.

Which means that we all have a part to play in raising cyber safety standards.

Protecting your PC has a big effect to become cybersafer

Although businesses and governments are trying to improve cybersecurity provisions, we need to help out. The first (and most important) step towards becoming cyber safer is the installation of anti-malware software. These tools automatically identify and block malware before it can install itself. Which means that hackers cannot use your PC as part of a botnet.

You can take the first step towards becoming cybersafer by downloading a free trial of Panda Gold Protection right now. And by telling your friends and family about the importance of anti-malware tools, we can help the rest of the world become cyber safer too.

The post Are we “cyber safer” than ever? appeared first on Panda Security Mediacenter.

Read More

Cybersecurity Tips for Small and Medium-sized Businesses

When it comes to ransomware, big businesses get all the attention in the press, which might lead one to think that this kind of cyberattack only targets companies with a big name. But this is far from the truth. On a global level, 43% of attacks are aimed at small and medium-sized businesses (SMBs). In fact, as we’ve recently seen in PandaLabs’ quarterly report, SMBs have a much higher probability of becoming infected with malware. This is because although cybercriminals know that attacks on large companies are more profitable, they are also aware that SMBs have fewer protective measures in place.

Don’t underestimate cyberattacks

Although half of the problems in cybersecurity stem from malicious activities, the other half can be chalked up to a simple lack of preparedness on the part of the victim: carelessness in clicking on links, lack of awareness, inadequate information, and similar shortcomings. And let’s not underestimate the potential costs of these attacks, which can be so damaging that, according to statistics, up to 60% of small businesses never recover.

Make sure your computers are prepared

The tools you use are decisive to the level of protection that your devices achieve. A defense mechanism able to protect against malware of all types, even before it becomes active, is indispensable. These tools should, for example, be able to monitor the activity of your computer in real time. Panda Adaptive Defense combines state-of-the-art protection with detection and remediation technologies as well as the ability to classify 100% of running processes. This allows you to secure your network against both external and internal attacks.

Avoid system mobility

In a perfectly controlled network, the contingencies that could endanger the system are reduced to almost zero. However, as soon as IT employees clock out for the day, that control is lost. Keeping the system isolated, maintaining no contact at all with personal networks or devices outside the working environment, is the best way to avoid this.

Use secure solutions

When it comes to payments, data transfers, and other sensitive operations, we must take into account all manners of security. Using adequate encryption methods, reliable certificates, and secure payment platforms is essential to maintain the “purity” of data. This should of course go hand in hand with active security solutions that are able to detect data theft or “smuggling”.

Regarding this last point, this threat often stems from employee mistakes or from pure chance, and its impact can be reduced enormously with some educational measures and behavior monitoring. Which leads us to our next point…

Educate your workforce

Employees must be made aware of the danger they face when we talk about cyberattacks. Due to their lesser involvement in the future of the company, it is more difficult for an employee or collaborator to pay attention to the errors that could open the doors to a hacker. That is why it is imperative to explain to them the hazards of poor security practices, to provide them with working protocols, a list of prohibited actions, and to explain how problems stemming from cyber activity are solved. And not only in case of emergencies. These things must be taken to account in everyone’s day to day.

Never forget your passwords

Passwords are that thorn in security’s side. Few users are really aware of the value of a password and how relatively easy it is to circumvent it. A password of a certain length that includes alphanumeric characters, uppercase and lowercase letters, and symbols will increase its strength. It is also advisable to change them from time to time, and the same one should never be used for more than a year.

Use backups

Although there are solutions and companies dedicated exclusively to safeguarding companies’ data, the value of backups should never be underestimated. Ransomware doesn’t only affect large companies. SMBs can also be affected, and for them it can be deadly. Solving this problem would be relatively simple by maintinaing consistent backups of sensitive data. This can (and should) be done both at the general level of the system and at the local level of employees. But you have to do it properly to avoid compromising the company’s data. It is not a simple task, at first, but with some training, it should become second nature. And it could ultimately save your business.

The post Cybersecurity Tips for Small and Medium-sized Businesses appeared first on Panda Security Mediacenter.

Read More

Hotel hijacking: Are your bookings at risk?

What to keep in mind when booking your next trip?

Planning your next trip has never been easier. You just go online, browse around until you find a price that works for you, and book your flights, room, and rent-a-car. Once it is all done, you save all your reservations, and you truly believe you are all set for the next big adventure in your life! You see the money leaving your account, and you simply wait until the vacation starts! It’s all rainbows and butterflies until the moment you go to the airport or a hotel, and want to check in, but you are unable to do so. Then you start realizing that the site with the fantastic rates that you used for your booking is fake and you have been scammed. Sounds like a modern day nightmare!

Unfortunately, this happens more often than we want. Quite often, due to the excitement individuals experience, while they are booking a trip, they sometimes end up on fraudulent websites that make them believe they either scored a top last minute deal or they think that they are lucky enough to win a free Caribbean cruise. Sadly, in most cases, this is not true. It’s not that you are not lucky enough, those things happen because there are armies of hackers always trying to penetrate and exploit the $8 trillion-dollar tourism and travel industry. As PandaLabs reported last year, hotel security is notoriously unreliable. Some of the Trump hotels as well as Santa Rosa’s Sandman Hotel recently became victims of cyber-attacks, and an enormous amount of customer credit card information was confirmed stolen.

Hijacking a hotel: How does it work?

The American Hotel & Lodging Association earlier this year confirmed about 15 million online hotel booking scams occur every year solely in the US. This translates into the mind-blowing amount of $1.3 billion worth of insufficient bookings per year. You don’t have any control over how hotels hold your information, keeping you protected is their job. However, you have ways to avoid fraudulent websites and avoid contributing to the $1.3 trillion pot of bad bookings.

  1. Use service provider that you recognize

The best suggestion is to always complete the booking with well-known service providers such as Expedia or Priceline. Even if you go through a deal finder such as Kayak, always make the booking through a brand you recognize. And always make sure the URL you are visiting is green and the website starts with ‘HTTPS’.

  1. Avoid booking from hotel’s official website

Very often, hotels allocate more budget for improving the physical condition of the hotel rather than their cyber security. Especially if the hotel you are visiting is not part of a chain but it is a family owned business. We firmly advise you to get the reservation done through a verified third party website. Very often such sites offer additional perks such as free cancelations, free Wi-Fi and free breakfast.

  1. Use antivirus software

Make sure that the device that you use to complete the booking has quality antivirus software installed. Having such piece of mind will not only protect your personal information from malicious software while you are browsing, but it will also notify you in case you end up on a website that do not feel legitimate. Having an extra layer of security pays off, especially if you are new to online bookings.

  1. Use credit card

One of the signals that things may not be right is if the website you are visiting wants you to use a debit card, send a check, or make wire transfer. These are an absolute rarity in the 21st century. Even if you are going to an undeveloped country, we recommend you to not go to a hotel that is unable to process a credit card payment. Credit cards often have protection against cyber theft which makes them the best choice of payment.

  1. Call the hotel to confirm the reservation

Once your booking has been confirmed call the hotel that you will be visiting and get them to reconfirm the reservation you just made. This will not only allow you to be entirely sure the transaction went smooth, but it is also an opportunity to ask questions and confirm the freebies that come with your reservation such as; free breakfast, free Wi-Fi and free parking, etc.

Although cybersecurity measures in the hospitality sector are particularly exhaustive, “it is advisable to activate all possible security measures on our computers, tablets and mobile phones when we stay in a hotel and when we connect our devices to a wireless network,” warns Hervé Lambert, Retail Global Consumer Operations Manager of Panda Security.

All branches of the tourism and travel industry are under constant pressure of hackers wanting to find and exploit every loophole possible. The hotel industry one is arguably the most vulnerable one. Booking trips is fun when you follow our guidelines, nothing bad will happen if you are cautious and use common sense. Online booking is similar to physical shopping, do not hand over your credit card unless you are 100% satisfied with what you see. Enjoy the rest of the summer!

The post Hotel hijacking: Are your bookings at risk? appeared first on Panda Security Mediacenter.

Read More

Mistakes to avoid when choosing an app

Risks of downloading apps

The snappy catchphrase “there’s an app for that” is true – there really is a smartphone app for almost every task you can think of. There’s a virtual cow milking simulator, a carpet cost calculator and a tool for counting how many beers you have drunk for instance.

But next time you are looking for an app that’s a little unusual, there’s a risk you could be downloading something far worse.

The problem of infected apps

Smartphones are now essential to daily life, making them a target for hackers and cybercriminals who want to access the sensitive data stored on them. Bank details, passwords, sensitive images and work-related information can all be found on most phones now – exactly the kind of information that criminals will steal and use for profit.

One way to grab this data is through the use of infected apps. These apps may offer some genuinely useful features – but behind the scenes, they are also stealing information and sending it back to the hacker. You probably won’t even notice anything is wrong until it is too late.

So how can you protect against infected apps?

1. Always use a reputable app store

For Apple users, the App Store is the only place you can download apps officially. You can install apps from other places if you jailbreak your phone, but doing so makes you much more vulnerable to attack.

Android users have much more choice when it comes to installing apps. As well as the Google Play store, they can get new applications from Amazon and Samsung too. There are also dozens of third party sites to choose from too.

However, to stay safe you should only ever download apps from official stores. Official store owners check every new app to confirm that it is safe to use before making it available for download. Which means that you are much less likely to fall victim to a smartphone hacker.

2. Never install apps direct

Android phones can install apps without connecting to a store at all. You can easily download new apps using the browser on your phone for instance. You should never, ever install an app in this way unless you are certain it is safe.

And just as email is used to spread malware that infects your home computer, cybercriminals can also attach infected apps to their messages. You should never open APK Android attachments on your phone that have been sent by email. Instead, ask your contact to send a link to the relevant app in an official store – that way you can be sure it is malware free.

3. Check the permissions

When installing apps, you will often be asked to confirm access to your phone’s data, like the address book or camera roll. You should always carefully check to whether the app really needs that access, and block any permissions it doesn’t need.

Consider the virtual cow milking app – if it asked for access to your camera roll, you should take a second to consider the request. Does a game really need access to your photographs? If you are in any doubt at all, you should decline the request.

Get help

Finally, you should ensure your smartphone has a robust anti-malware security app installed. This will allow you to check the apps you have installed, how they work, and whether any are behaving badly and stealing data.

To protect your phone against fake apps and mobile hackers, download a free trial of Panda Mobile Security from the Google Play store now.

The post Mistakes to avoid when choosing an app appeared first on Panda Security Mediacenter.

Read More