How To Tell If Your Website Has Been Attacked By Bots

Bots—software applications that run scripts over the internet—make up more than half of all internet traffic. This creates a major blind spot for IT security teams, as 79% of CISOs and other security leaders said they can’t tell for certain if web traffic comes from humans or bots, according to a recent Radware report.

It’s key to understand that there are good bots and bad bots, said Reid Tatoris, vice president of product outreach and marketing at Distil Networks. “‘Good bots enable search engines to index web content, price comparison services to save consumers money, and market researchers to gauge sentiment on social media, for example,” Tatoris said. These also include chatbots, and search engine and social media bots.

Meanwhile, “‘bad bots are used to conduct a variety of harmful activities, such as denial-of-service attacks, competitive data mining, online fraud, account hijacking, data theft, stealing of intellectual property, unauthorized vulnerability scans, spam, and digital ad fraud,” Tatoris said. These include impersonators, scrapers, hackers, and spambots.

Bad bots are used by many different groups, ranging from organized crime to state actors pushing a political agenda to people trying to make money. But there are ways to tell if your website has been visited by a bot and keep it safe.

Here are five ways to spot a bot.

1. Monitor login attempts

One of the most profitable uses of bots for an attacker is via credential stuffing, the mass-scale automated testing of username and password combinations across multiple websites, according to Patrick Sullivan, Akamai director of security technology and strategy. When successful matches are discovered, attackers use these logins to take over the account for fraud or to resell the confirmed credentials.

One simple step to detect bots is to monitor macro-level success and failure rates of login attempts, Sullivan said. “Regardless of how advanced the bots are and how difficult they are to identify, credential stuffing generates high levels of failed logins,” he added. “Even if fraudsters are careful enough not to trigger account lockouts, they will generate failed logins, which are early warning signs of bot activity.”

2. Check your server logs

Most bots will visit the same website regularly, even several times a day, he said. “If you keep seeing the same IP address pop up on your logs, then the chances are they could be a bot,” he added. You can check the IP addresses, location, and hostname manually, using a website like IPAvoid. If the IP is included on a blacklist or is not a residential address, there’s a strong chance that it’s a bot.

3. Check your email outbox

If your Sent messages folder contains messages that have been drafted, sent, or returned to you that you did not write, this is a tell-tale sign that you may have been visited by a bot, said Steve Pritchard, search content manager at giffgaff. “The bot is then intending to infiltrate the computers of your email contacts by sending them emails riddled with malware,” Pritchard said.

4. Watch if your website slows down or crashes

“Bots move fast across websites and do so in hoards, so you get a lot of server requests per second, which can overload the system and cause a major slowdown in loading times,” said Tatoris. “The result is that you end up spending more money on server costs for traffic that doesn’t translate into any benefit for your business. In addition, any humans who try to visit your site or make a purchase at a time when the site slows down will typically leave and take their business somewhere else.”

5. Check if your site content shows up elsewhere on the internet

Bots can sometimes copy website content and post it elsewhere without permission, Tatoris said. “The site Copyscape can help you to determine whether or not any of your site information has been posted elsewhere on the internet,” he added. “If you enter in the URL of a page from your website into their search field, they will return any pages that have high percentage matches to the content on the referenced page. While this isn’t a sure fire way of telling whether your content has been copied, it can potentially give you some idea.”

For more information on how to secure your Window 10 pc, click here.

Window Meltdown patch: No more security updates for your PC…

Microsoft has updated its support notice to say that Windows computers will not receive any security updates at all until their AV software is certified compatible with the Spectre and Meltdown patches.

Windows PCs running anti-virus software that is incompatible with the recent Meltdown and Spectre patches will no longer receive any security updates, Microsoft has warned.

Spectre and Meltdown are design flaws in modern processors that could allow hackers to bypass system protections on a wide range of devices, allowing attackers to read sensitive information, such as passwords, from memory.

Microsoft has rolled out a series of patches for the flaws since January 3rd, but last week said these patches would not be pushed to computers running incompatible third-party AV.

SEE: Incident response policy (Tech Pro Research)

Now Microsoft has updated its support notice to say that Windows computers will not receive any security updates at all until their AV software is certified compatible with the Spectre and Meltdown patches. Windows systems will not be certified as compatible until the AV vendor sets a specific key in the Windows registry.

“Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key,” says Microsoft.

Security researcher Kevin Beaumont has put together a list of antivirus products that are compatible with Microsoft’s Spectre and Meltdown updates, and which have set the Windows registry key.

Compatible anti-virus products include those from Avast, AVG, Avira, Bitdefender, ESET, F-Secure, Kaspersky, Malwarebytes, Sophos, and Symantec. Systems running McAfee, TrendMicro, and Webroot software are also expected to be eligible to receive the updates soon.

Various other security providers, including CrowdStrike, Cylance, FireEye and Palo Alto Networks, have not yet set the registry key, but claim their products are compatible.

Beaumont says that companies whose AV products are designed to be used alongside other security software say they are loathe to set the key, in case other software on the system clashes with the fix.

System admins can manually set the registry key, however, Microsoft warns that doing so may cause serious problems that “require you to reinstall your operating system”. To manually update the registry, follow this guide.

Apple To Release New iPhones

Apple expert Jason Snell offers his take on what the next iPhones’ rumored features and changes could mean for business users.

Apple is set to introduce new iPhone models on Tuesday at a special event on its new campus in Cupertino, CA. Leaks suggest that the new iPhones will include a high-end model that’s dramatically different from any previous model. But what does that mean for the professionals who rely on the iPhone as a key part of their business life?

Let’s start with the most obvious features of any iPhone upgrade: All the new iPhones will presumably offer new versions of the Apple-designed A series chips, with faster processing and graphics power, as well as improved cameras.

That’s always true to some degree, but this year that added power and improved camera feeds into a larger story: In June at its annual developer conference, Apple announced that the new version of iOS, which should arrive in the next few weeks, will feature an augmented-reality framework known as ARKit. With the release of iOS 11, Apple will become the world’s largest augmented-reality platform, and every iOS developer will have access to Apple’s state-of-the-art frameworks.

Augmented reality may sound frivolous, but it has tons of real-word uses. Microsoft has spent several of its recent media events showing off its HoloLens augmented-reality system not just as a way to play Minecraft in your living room but as a tool for businesses. The new iPhones will undoubtedly be optimized to run ARKit at a high level; imagine interior designers and contractors instantly previewing changes to someone’s home or office space, live, via an AR app. Preview that IKEA desk in your office before you order it.

That top-of-the-line iPhone is rumored to carry a large price tag—$999 or more, just to start. That’s a big expense for any businessperson to bear, though Apple has never been the low-price leader on smartphones, and it continues to sell phones and reap the profits. My guess is that with two-year contracts becoming less common in the US as carriers shift to other methods of financing phones, the buying cycle of the average smartphone will lengthen. Perhaps there’s a nice space for a high-end phone that costs a bit more, but lasts for three years. An ultra cutting-edge iPhone might take longer to feel outdated.

Another interesting thing about this rumor is that it suggests Apple is broadening its product line even more than before, from the small and low-cost iPhone SE all the way up to this rumored high-end model. More models at more price points gives businesses purchasing flexibility and gives users more options, and that’s all good.

A major concern about this new high-end iPhone is the rumor that it will do away with the Touch ID sensor found on recent models and instead use a camera system to verify users via their faces. Obviously your corporate IT director is going to be concerned about the security of that system, but biometric security is such a core part of Apple’s strategy—including being the foundation of its Apple Pay system—that it’s hard to believe Apple would ship facial ID technology in its flagship device if it weren’t just as solid and reliable as Touch ID has been.

My guess is that the new face scanner will prove to be the most secure and accurate ever shipped in a smartphone, if only because Apple has the most to lose if it fails. But if the introduction of Touch ID creeped out some people in your company, you might want to expect the same reception for Face ID (or whatever it’s called).

Finally, there’s the rumor that the new high-end model will do away with the home button that’s been on the face of every iPhone since the first one was released 10 years ago. If that’s the case, Apple will certainly replace that button’s functionality with some combination of gestures and haptic feedback. I suspect that this is a direction Apple will go with all of its iOS products in the future—if there’s anything Apple’s designers love, it’s being able to remove a button or port—and some of the interface changes we’ve already seen in prerelease versions of iOS 11 suggest that Apple is beginning to redefine how it handles launching apps and multitasking.

In the long run I don’t think such a change will be a big deal—in fact, you can always argue that reducing the number of moving parts on a device increases product reliability—but any change can lead to short-term productivity drops as people get up to speed. I’d imagine that it won’t take long for the user of a new iPhone to adjust to the lack of a proper home button on the front of the screen, but some adaptation will still be necessary.

In any event, we’ll know more about where Apple’s taking the iPhone product line on Tuesday.

You Are Creating Password The Wrong Way

Was it m@nk3yP@$$w01rd or m0nk3yp@ssw0!rd?

For 20 years, the standard advice for creating a “strong” password that is hard to crack has been to use a mix of letters, numbers and symbols.

It’s so ingrained that when you go to create a new email account you’ll frequently get praising or finger-wagging feedback from the computer on how well your secret code adheres to these guidelines.

And you’re supposed to change it every 90 days.

Now, the man who laid down these widely followed rules says he got it all wrong.

“Much of what I did I now regret,” Bill Burr, a 72-year-old retired former manager at the National Institute of Standards and Technology told the Wall Street Journal.

In 2003, the then-mid-level NIST manager was tasked with the job of setting rules for effective passwords. Without much to go on he sourced a whitepaper written in the 1980s. The rules his agency published ended up becoming the go-to guides for major institutions and large companies.

The result is that people create odd-looking passwords and then have to write them down, which is of course less secure than something you can memorize. Users also lean on common substitutions, like “zeroes” for the letter O, which a smart hacker could program their password cracker to look for. Or they pick one “base” password that they can memorize and only change a single number. That’s also not as safe.

“It just drives people bananas and they don’t pick good passwords no matter what you do,” Burr said.

The new password guidelines are both easier to remember, and harder to guess. The NIST’s revised tips say users should pick a string of simple English words — and only be forced to change them if there’s been evidence of a security break-in.

Image: File picture illustration of the word 'password' pictured on a computer screen taken in Berlin© File picture illustration of the word ‘password’ pictured on a computer screen. Image: File picture illustration of the word ‘password’ pictured on a computer screen taken in Berlin

Not only did the old password format frustrate users, it wasn’t even the best way to keep hackers at bay.

For instance, “Tr0ub4dor&3” could take just three days to crack, according to one viral comic whose assertions have been verified by security researchers, while “CorrectHorseBatteryStaple” could take 550 years.

For some excellent information on Creating Strong Passwords from Cloudwards Click Here

Do Macs Need Malware Protection

On the popular Discovery Channel program “Mythbusters,” hosts Adam Savage and Jamie Hyneman take a legend and deconstruct it to see whether its long-held beliefs are legitimate. They’ve busted all kinds of myths, from Jimmy Hoffa being buried under Giants Stadium (not true) to the ability to kill someone without a trace using an ice bullet (the bullet vaporizes as soon as the trigger’s pulled).

One tall tale they haven’t tackled is that Macs are impervious to malware, so you needn’t worry about cybersecurity solutions. Antivirus and anti-malware protection is for the PCs.

We’re here to bust that myth.

Growing trend

Out the gate we can tell you that it’s true, Macs don’t have the same problem with malware as PCs do. One of the main reasons: sheer numbers. Cybercriminals look at the market and see that the vast majority of folks are on PCs, so they concentrate their efforts on creating malware that will result in the largest return on investment.

But the tide is turning. Macs are now responsible for 7.5 percent of global personal computer sales. In the U.S., Apple is one of the top three PC vendors, just behind HP and Dell. And as creative departments grow in corporate environments (from design and content to programming and testing), more and more businesses are adding larger numbers of Macs to their environments.

The popularity of Macs leads to more cybercriminals wanting to write malicious code for OS X. Although still much lower than PCs, the number of threats targeting Apple operating systems has grown steadily, with a spike in Mac infections observed over the last 18 months. A recent study by Bit9 + Carbon Black found that the number of Mac OS X malware samples detected in 2015 was five times greater than in the previous five years combined.

Forms of malware on Macs

Apple security is fairly tight—OS X has a basic built-in anti-malware feature, and if the machine detects a malicious program, it gets added to the signature database. From that point on, that piece of malware can’t be opened on any Mac, unless the user has explicitly disabled security updates. But clearly some malware is getting through. Which forms?

The worst offender is adware. “There are many different adware programs infecting the Mac right now, and they’re in a constant state of flux,” says Thomas Reed, Director of Mac Offerings at Malwarebytes. “Adware-riddled installers are everywhere, and it’s becoming harder and harder to tell where a safe place is to download software.”

Other forms of malware have given Apple the slip, including Potentially Unwanted Programs (PUPs), Info stealers, Trojans, and even ransomware (KeRanger). While these forms of malware are less prevalent, they can still be quite dangerous. KeRanger was downloaded by around 6,500 people within the 12-hour period that it was available. Some of those users had their data completely destroyed.

How are they getting through?

The main way that adware and malware is getting through on Macs these days is through codesigned apps, using a certificate obtained from Apple. The certificate is either stolen or bought and simply treated as disposable, since it costs only $99. Apple can revoke these certificates if they see them being abused, and they do so quickly when they find a new signed malware. However, Apple doesn’t take a particularly hard stand against most adware, which can persist for a long time with the same certificate.

In addition, video and audio streaming sites and piracy sites often dole out adware. Software download sites distribute installers containing adware that has been added without the permission of the developers. Worse, even some developers’ own sites are guilty of bundling adware. For example, the popular Filezilla FTP client installs adware even when downloaded directly from the official site, and the free version of Avast had (and may still have) an ad-injecting feature in its browser extension.

What happens to your Mac after an infection?

Adware is a serious hassle. Injected ads are intrusive and can contain offensive content. They can also slow down your computer’s performance and result in browser destabilization. Malicious ads can even direct you to tech support scams where you can be scammed out of your money or into installing other harmful software.

But that’s not all, Bob! What else have you won? Info stealers can, obviously, steal your info. And in the case of ransomware, data can be totally destroyed with no shot of getting it back.

Final verdict

Myth: Macs are impervious to malware.

Fact: Macs, while less vulnerable than PCs, are assailable. Their security can be penetrated, especially by cybercriminals looking to deliver adware.

So do you really need a security solution for your Mac? “Although the primary threat right now is adware, it’s still a problem of epidemic proportions,” says Reed. “Even knowledgeable Mac users have been known to fall victim to some kind of adware, so it’s no longer true that you can avoid threats by simply being careful what you download.”

With increases in Mac popularity making OS X more appealing for crooks, plus the already considerable onslaught of adware, it makes sense to install an anti-malware program for your Mac. It should catch what OS X misses and restore your Mac’s performance to the high caliber you expect.

Now what other myths can we bust? Can tooth fillings really receive radio waves?

How to Stop Windows 7 or 8 From Downloading Windows 10 Automatically


Microsoft hasn’t exactly been endearing themselves to tech geeks everywhere lately, with all the privacy concerns and other issues. And now they are automatically downloading all of Windows 10 to your Windows 7 or 8 PC, whether you asked for it or not.


30 Ways Your Windows 10 Computer Phones Home to Microsoft
Windows 10 phones home more than any other version of Windows before it. Along with Windows 10, Microsoft released a… [Read Article]

To be clear, they aren’t automatically installing Windows 10, but they are downloading the entire installer, which is at least 3 GB, which takes up a lot of drive space, and also wastes your network bandwidth. For people who don’t have unlimited bandwidth, this can seriously cost you a lot of money.

According to a statement provided to The Register by Microsoft, their explanation is that they think this is a better experience:

“For those who have chosen to receive automatic updates through Windows Update, we help customers prepare their devices for Windows 10 by downloading the files necessary for future installation. This results in a better upgrade experience and ensures the customer’s device has the latest software.” 

So this only affects people who have automatic updates enabled, but that’s almost everybody since automatic updates are on by default and are rather important for security reasons — the flood of critical security patches in the last year has shown that it’s probably a good idea to leave automatic updates enabled.


But downloading an entire operating system “just in case” you might want to upgrade to it instead of simply waiting for people to decide to opt in — that isn’t the type of behavior that we want.

Make Windows 10 Stop Downloading the Easy Way

If you want a really simple and easy way to get rid of the “Get Windows 10” icon and stop your PC from downloading Windows 10, you can download a little piece of freeware called GWX Control Panel from a developer that isn’t happy with this nonsense either.

Download it, run it, and then click the “Disable Get Windows 10 App (permanently remove icon)” button. And then click the “Disable Operating System Upgrades in Windows Update” button too for good measure.


You’ll have to reboot, but at the end, the icon will be gone and your computer shouldn’t get the upgrade. And luckily you can click those buttons again to put things back the way they were.

How to Block Windows 10 from Downloading (Hopefully)

Unfortunately, there’s no magic button to click to stop Windows 10 from downloading. In fact, you’re going to have to install a special patch from Microsoft to keep them from making you download something else. And that’s if you believe Microsoft’s support documentation, which says that you can block the Windows 10 upgrade this way.

We haven’t been able to absolutely prove that this will stop Windows 10 from downloading because it’s hard to say that this is working just because Microsoft hasn’t forced us to download 3GB of files we didn’t ask for.

This is one of those instances where we normally would avoid writing on the topic, since too much is up in the air and we like to be accurate at all times. So please excuse us if this doesn’t work for you.

Step 1

You’ll need to install this patch from Microsoft’s website (from what we can tell you’ll need to be on Windows 8.1 and not 8 to install the patch), so pick the version for your OS, install it, and reboot.

Step 2

Open up your registry editor using the Start Menu search or by pressing WIN + R and typing regedit and hitting enter, and then navigate down to the following key:


You’ll probably have to create the WindowsUpdate key on the left-hand side, which you can do by right-clicking the Windows node. Click on that new key, and then create a new 32-bit DWORD called DisableOSUpgrade on the right-hand side, and give it a value of 1.


Don’t want to bother with all that? You can simply download our registry hack file, unzip, and double-click on the file to install it.

And you should probably reboot after you do this.

Alternative Option: Set Windows Update to Not Download Things

If you set Windows Update to notify you but don’t download anything, Microsoft won’t automatically send the updates down.

Please note that this is a bad idea for security reasons, so unless you have a metered connection and don’t have the bandwidth to download updates, you probably shouldn’t do this.

You can simply go into Windows Update and click on Change settings, and then change the drop-down to “Check for updates but let me choose whether to download and install them”.


If you do this, please make sure that you keep up with installing updates.

When You Do Want to Upgrade in the Future

The one side effect of going through all of this is that you won’t be able to upgrade to Windows 10 in the future until you remove that registry key.

Luckily you can simply use the uninstall registry key provided in the download.

So You Already Have the $WINDOWS.~BT Folder?

If you already have the folder, which is hidden on the root of your system drive, you’re going to want to follow these instructions over on AddictiveTips to remove it. We haven’t verified these instructions, as we already upgraded most of our computers to Windows 10, and we don’t have the folder on any of our test VMs.

Is A Mac PC More Secure Than A Windows One?

No it is not.

May proponents of Apple would like you to believe a Mac is more secure. The truth is because there are so many more IBM based computers than there are Macs, the bad guys target them more readily. For example, there are (and I don’t know what the actual numbers are) 10 million pc’s and 2 million mac’s, and a virus maker gets a 4% return on their ransom ware, the probability of getting paid is much higher on the pc’s.

So you ask, why not then purchase a Mac? Well, here are my personal reasons.

A Mac is approximately 3 times as expensive as a PC…and they do the same thing. They work the same way. They use the same hardware…it just takes 3 times the resources (hardware) to run the Mac. All computers have two basic ‘parts’, hardware and software.

If the hardware is the same, then what’s the difference?

It’s getting better, but much of the software available as of this writing will not work on Mac.

Mac’s are pretty proprietary, that is, it is difficult to get parts for them and therefore difficult to get service on them, which means they often times need to be sent to an official Apple Repair Facility.

I’m just sayin’…

Facebook Is Tracking You More Than You Realize

Whenever you’re on Facebook, do you ever get the feeling that you’re being watched? An ad pops up that’s right up your alley, or three new articles show up in your feed that  similar to something you’ve just clicked on.
Sometimes it seems like Facebook knows you personally, and that’s because it does. It has algorithms that track what you like, watch and click on. That information is then passed along to Facebook advertisers.
Facebook itself isn’t the only culprit. Tons of companies use Facebook’s platform as a way to track you. In fact, right now there a probably dozens of companies that are watching your posts, storing your profile information and more, without you even realizing it. Today, I’m going to tell you how to stop it.
How did this happen in the first place?
When Facebook first started out, people rushed to the platform because of the many perks that it offered. One of those perks, and probably the most appealing, was the fact that Facebook was entirely ad-free. You could use the platform to connect with family and friends without being bothered by someone trying to sell you something.
Well, like they say, “All good things must come to an end.” Eventually, Facebook began selling ads like everyone else. And that’s when everything changed.
People realized that Facebook provided a treasure trove of information for advertisers. By clicking “like” users were telling companies exactly what they wanted — more of this, less of that, please. This led to the big data tracking we now see.
Three sneaky ways companies are tracking you:
Most people understand that Facebook is tracking their preferences whenever they use the app. But, few realize they’re being tracked in other ways too. And, that’s what these third-party companies are banking on. If you don’t know you’re being tracked, then you won’t ask them to stop. So, here are three things to watch out for.
Facebook apps: This is when you receive a request to play a Facebook game your friends are obsessed with, and you decide to sign up. If you’ve ever done this before, then you’ve allowed that app developer  you. These third-party apps integrate with your Facebook profile and generally have permission to pull whatever information they want. And although you can edit what information they can access, very few people do.
Facebook logins: This is when you visit a site and it says “Log in with Facebook,” and you do, then you’re letting that company track you.
Friends’ apps monitoring you: Even if you didn’t download an app, Facebook’s default settings allow apps your friends have installed to also see YOU. It’s pretty scary.
How to stop it from happening:
You might be wondering why this even matters, and how it really impacts you personally. The easiest way to answer those questions is to point out all of those big data breaches you hear about almost daily. Hackers rarely waste time on individuals these days. They’ve got much bigger fish to fry. Large retailers, for example – or the databases where these third-party companies store the information they’ve gathered. That’s why everyone should take these steps to protect their private information.
Review and edit installed apps: To see what apps you’ve installed over the years, open Facebook in your browser, click the down arrow in the upper right corner and select “Settings.” Then click on the “Apps” header in the left column.
To see what information an app is accessing, click the pencil icon next to any of the apps to see and edit the settings. The first setting lets you set who can see that you use the app. It defaults to “Only Me,” so it isn’t a big deal. Below it, however, is another story.
In the case of Skype, for example, it pulls your public profile information along with your list of friends, email address,  and hometown.
Remember that this information is being stored on a third-party server. Not every app developer is going to have Microsoft-level security, and hackers are good at turning tiny pieces of stolen information into big gains.
If you want to keep using the app, you can deselect certain items, such as your email address. Be aware that won’t remove the information from the app developer’s servers, however. If you change your email address in the future, however, the developer won’t get the new one.
Remove apps you don’t use: If you don’t want to use the app anymore, you can click the “Remove app” link at the bottom of the page. Just remember that this won’t automatically remove your information from the app developer’s servers. For  you’ll need to contact the app developer directly. Facebook has a link for more information on this under the “Remove info collected by the app” section in the app’s settings.
Turn off apps completely: If you’ve deleted all the apps, and you’re not keen on accidentally installing more in the future, you can turn off the app platform completely. Just note you won’t be able to install apps or log in to third-party sites using Facebook until you turn this back on.
To turn off the app platform, go back to the App Settings page. Under “Apps, Websites and Plugins,” click the “Edit” button. At first, this just looks like a way to disable app notifications and invites from other people, which is a big help on its own. However, you’ll want to click the “Disable Platform” link in the bottom left corner.
Facebook gives you the standard warning about what disabling the platform does. If you’re OK with it, click the “Disable Platform” button. Again, this won’t remove information that app developers might have collected about you already.
Stop logging into sites using Facebook: In the future, when you’re adding an app or logging into a website try to avoid logging in with Facebook. But, if you must use Facebook to log in, then look for the “Log in Anonymously” or “Guest” option so it won’t share your information.
Stop friends’ apps from seeing your info: Apps can still get your information through your friends. By default as your friends install apps, those apps have permission to grab whatever info about  friends can see.
To put a stop to this, go back to the App Settings page. Then under “Apps Others Use” click the “Edit” button.
You’ll see everything that your friends’ apps can see about you. Go through and uncheck every option listed on the page, and then click “Save.” Now companies can’t track new information about you.
Apps aren’t the only worry you’ll run into on Facebook. Recently I told you how scammers use Facebook like-farming can put your privacy at risk. Find out how like-farming works and how you can avoid it.
If you want to like something safe that will also bring you the latest news and updates to stay ahead of the game in your digital life, head over to my Facebook page at and click the like button.

Article From USA Today

Are There Cracks In Your Security Foundation?

Security is a game changer for business operations. If you want to take advantage of the benefits of technologies like mobile, cloud, and big data, then security should be your number one priority. Without a secure foundation, your business remains vulnerable to attack. Use these tips to assess the current state of your foundation, fix any cracks you find, and prevent further issues.

Assess your vulnerability to attack

Hackers see small and midsize businesses as low-hanging fruit that often provide the gateway to more lucrative targets. As businesses become more interconnected, hackers can steal information from one business to gain access to another.
For the safety of both your business and others, ask the hard-hitting questions:

  • When did you last perform a security audit of your business functions?
  • Have you installed the recommended patches and upgrades for all devices that access your data, including employee mobile devices?
  • Do you update business policies to match current threats?
  • Do your employees know how hackers gain access to private data?
  • Do you enforce strong password use and two-factor authentication?
  • Do you have an incident response plan if an attack occurs?

An assessment answers these questions and reveals weaknesses in your defenses.

Fix foundation cracks

Mobile. Cloud. Big data. Without strong, secure networks, you cannot safely protect your business from the related threats and risks attending these technologies.
To many companies, mobile devices are vital to operations, and changes in apps, devices, and operating systems plague these devices with frequent security issues. Mobile application management (MAM) and mobile device management (MDM) can close the gaps and back doors hackers exploit. Educate employees on safe mobile device use and why policy enforcement is necessary.

Today, many businesses mix public and private cloud-based technology with on-premise traditional infrastructure. Your organization should determine the safest place to store data, how it is accessed, and how much protection surrounds it. Encryption and access control policies can protect sensitive data no matter where it resides on the network. Sound backup and disaster recovery plans can prevent downtime if an attack leads to data theft or destruction.

Businesses gather and store mountains of business data to achieve greater customer insight and competitive advantage. Event filtering, automated log scanning, and attack path analysis can reveal security risks in real time.

Prepare for future attacks

Security isn’t a one-time task. Your business should continually address vulnerabilities and cyber crime innovations by:

  • Planning frequent security audits to uncover and fix weaknesses.
  • Reviewing policies to ensure they address new threats.
  • Teaching employees to recognize malicious threats that aim to dupe them into providing unauthorized access to sensitive data.
  • Enforcing the basics, including strong passwords, software patches and upgrades, role-based access control, and white-listed and black-listed apps.
  • Creating backup and disaster recovery plans.
  • Preparing for the worst by creating incident response plans for the most likely attack types.

No single action will secure your business. Hackers seek cracks wherever they can find them. A solid foundation will force these criminals to look elsewhere.