Monthly Archives: July 2016

How to Keep Safe in the Cloud of DropBox

A Dropbox cyberattack has compromised the accounts of more than 68 million users, security experts revealed.

The attack occurred in 2012, and it was confirmed just this week that hackers had access to and leaked the email addresses and passwords of these millions of users online. As a preventive measure, the file hosting company emailed customers informing them of a mandatory password reset, advising them to login and create new passwords.

For small business owners, a cyberattack against Dropbox is a very serious concern. If a giant like Dropbox can be hacked, many providers are also at risk. To help you keep your data safe, here are three ways to protect your business on Dropbox and other cloud services.

1. Turn on two-step verification

Besides changing passwords, Dropbox highly recommends that customers enable two-step verification on their accounts. Two-step verification is available on most cloud platforms and apps, adding an extra layer of security to prevent unauthorized access.

It works by requiring both a password and a token to access accounts. For instance, in addition to entering a password, the service will also require a six-digit code that was sent by text, email or its mobile app. Without both credentials, the service will not allow anyone to log in to your account.

Two-step verification also keeps accounts safe by verifying new devices the first time they log in. Many services also alert users when an unrecognized device or browser is being used, so you know when a third party is attempting to access your account.

2. Don’t reuse passwords

One of the main reasons the Dropbox cyberattack is particularly alarming is that hackers didn’t just get access to passwords to millions of Dropbox accounts. Worse, they obtained email and password combinations.

This means that if you used the same email address and password to log in to Dropbox and other services, those accounts have also been compromised. Because many people use the same login credentials for everything — and many services use your email address as your username — it’s an effective way for hackers to gain access to inboxes, apps and even bank accounts simply by trial and error.

To keep your data safe, make sure to use a unique password for all of your accounts. This way, when one service suffers a breach, the rest of your accounts stay safe. (In light of recent events, Dropbox has also advised customers who used the same Dropbox password on other services to change their passwords on those accounts.)

3. Use a password manager

Although it’s easier to use the same password for all your accounts, it’s also very risky. But being safe by using strong, unique passwords doesn’t have to be complicated.

Password managers take the headache out of storing passwords, so you don’t have to remember all of them and to which account each password belongs. All you need to remember is a single master password and the password manager takes care of everything else. Features include auto-logins to accounts, device syncing, multi-user access and more. Most password managers also offer password generators that lets you create strong password combinations consisting of upper- and lowercase letters, numbers and symbols.

Two password managers we like are RoboForm and LastPass. Both of these services are accessible anytime, anywhere, whether you’re on your computer (Windows, Mac and Linux) or on a mobile device (iOS, Android and Windows Phone). They’re also very affordable for small businesses. RoboForm costs $9.95 and LastPass costs $12 to start.

Guide to Computer Encryption On Small Business

images-13Encryption is a difficult concept to grasp, but it’s a necessary part of protecting your business’s sensitive data. At a basic level, encryption is the process of scrambling text (called ciphertext) to render it unreadable to unauthorized users. You can encrypt individual files, folders, volumes or entire disks within a computer, as well as USB flash drives and files stored in the cloud.

Why is encryption important?

The purpose of file and disk encryption is to protect data stored on a computer or network storage system. All organizations, including small to midsize businesses (SMBs), that collect personally identifiable information (PII) like names, birth dates, Social Security numbers, financial information and the like, must secure that information. An organization can be sued if a computer containing PII is stolen and the information is leaked or shared.

According to Joe Siegrist, vice president and general manager of LogMeIn’s LastPass password management software, encrypting your entire hard drive is good business practice.

“Laptops are frequently lost or stolen, so SMBs should take steps in advance to protect the data on them to prevent them from being a data breach risk,” Siegrist said. “To keep data safe from prying eyes, install a full disk encryption tool on employee computers and laptops.”

If a laptop is lost or stolen and the files or disk isn’t encrypted, a thief can easily steal the information. He or she doesn’t even need to know the sign-on password to access the files – it’s easy to boot a computer from a USB thumb drive and then access the disks within the computer.

That being said, disk encryption doesn’t protect a computer entirely. A hacker can still access the computer over an insecure network connection, or a user can click a malicious link in an email and infect the computer with malware that steals usernames and passwords. Those types of attacks require additional security controls, like anti-malware software, firewalls, awareness training and so on. However, encrypting a computer’s files or the entire disk greatly reduces the risk of data theft.

Types of computer encryption

Individual file and folder encryption does just that — it encrypts only specific items that you tell it to. This method is acceptable if relatively few business documents are stored on a computer, and it’s better than no encryption at all.

One step up is volume encryption, which creates a container of sorts that’s fully encrypted. All files and folders created in or saved to that container are encrypted.

Full-disk or whole-disk encryption is the most complete form of computer encryption. It’s transparent to users and doesn’t require them to save files to a special place on the disk – all files, folders and volumes are encrypted.

With full-disk encryption, you must provide an encryption passcode or have the computer read an encryption key (a random string of letters and numbers) from a USB device, when powering on your computer. This action “unlocks” the files so you can use them normally.

Strong encryption is built into modern versions of the Windows and OS X operating systems, and is available for some Linux distributions as well.

Microsoft BitLocker is a disk encryption tool that’s included in Windows 7 (Enterprise and Ultimate) and the Pro and Enterprise editions of Windows 8.1 and Windows 10. It’s designed to work with a Trusted Platform Module (TPM) chip in your computer, which stores your disk encryption key. It’s possible to enable BitLocker even without the chip, but a few settings must be configured within the operating system, which require administrative privileges.

To enable BitLocker, open Windows Explorer or File Explorer and right-click on Drive C:. If your version of Windows supports BitLocker, the menu will display a “Turn on BitLocker” option, which you can click to enable the program.

When you enable BitLocker, Microsoft prompts you to save a copy of your recovery key. This is an important step because you need the recovery key to unlock your disk. Without the key, neither you nor anyone else cannot access the data. You can save the key to your Microsoft account, to a file or print it. BitLocker also lets you require a PIN at startup.

Apple FileVault provides encryption for computers running Mac OS X. When enabling encryption, FileVault prompts you to store the disk encryption recovery key in your iCloud account, but you can choose to write it down instead.

For Linux, you typically encrypt the disk during installation of the operating system, using a tool such as dm-crypt. However, third-party tools are also available for post-installation encryption.

Third-party encryption programs

TrueCrypt used to be one of the most popular open-source disk encryption software programs, but its developers stopped maintaining it in 2014. Security experts are still torn over whether it’s safe to use. To be on the safe side, stick with a product that’s regularly tested and updated. The following products are a few open-source products that are well regarded:

  • VeraCrypt: Free software that runs in Windows, Mac OS X and Linux. Frequently gets the highest ratings from users and third-party testers.
  • DiskCryptor: Geared for new and old versions of Microsoft Windows. Can encrypt partitions and entire disks.
  • Gpg4win: Uses military-grade security to encrypt and digitally sign files and emails.

Be careful about yahoo hacked if you use it for small business

unduhan-18Yahoo has confirmed that it was the target of what may be the largest cyberattack of all time. The breach took place back in 2014 and compromised the data of an unprecedented 500 million users.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.

For small businesses, this means it’s not just sensitive business data that’s been stolen. Because the cyberattack has given hackers and their associates access to entire Yahoo accounts, customers’ private information — such as those stored in emails and linked accounts — are also at risk

The only bright side, however, is that the breach did not include financial information, such as credit card numbers or bank accounts, the company added.

Yahoo believes that the cybersecurity breach was “state-sponsored” — a hacker working for a government — and is working closely with law enforcement officials in their investigation. In the meantime, the company is taking action to protect users, such as informing them of the attack and prompting them to change their passwords and security questions (previous security questions have been invalidated to prevent unauthorized access to accounts).

Users should also change their passwords and security questions to other online accounts and never use the same the same credentials to log in to multiple accounts. For small business users, this could be anything from e-commerce, bank, marketing, social media and other related accounts.

Yahoo also recommends that users set up a free Yahoo Account Key. This service eliminates the need for passwords. After activating a key, users will need just their username to login. Yahoo will then send a phone notification to approve access.

In addition, small business users should stay vigilant about monitoring their accounts. Yahoo advises users to review any suspicious activities, be cautious of any emails or websites asking for personal information and not click on links or download attachments from unknown senders.

For more information on how to protect your business from hackers, check out our comprehensive cybersecurity guide for small business.