cybercriminals

What are the cybersecurity measures to carry out your Christmas shopping safely?

by

Christmas is a time to share with your family, and to celebrate your appreciation you buy gifts for your loved ones. The races begin between preparations for Christmas dinners and hurried purchases, without a doubt we decided to make purchases via internet. The cybercriminals are aware of your Christmas stress and will take advantage to access your information. There is no need to be a victim of stress! Follow these basic cybersecurity measures to carry out your Christmas shopping safely so you can enjoy this time of year peacefully.

Make your Christmas shopping online safely:

One way to save time for our Christmas shopping is to buy items online. This allows us to avoid travelling to shopping centers that are full of people as you look for gifts that can cost you hours out of the day. If you decide to do your shopping online, follow these recommendations below:

  1. No matter how hurry you are, do not connect with a public Wi-Fi to make purchases, it is preferable to do so from a secure network with your devices or with a trusted one. If it is extremely necessary, do it using a VPN.
  2. Choose websites from well-known and reputable brands, one way to find out if the site is credible is to review the comments of other users who have made purchases on the site before. In addition, if you follow these tips you can identify a secure web page to make your purchases.
  3. It is also important to check that they have a transparent system for tracking orders.
  4. Use prepaid cards: Some banks offer virtual prepaid cards, these provide greater security because they can be charged with the exact amount you need for your purchase.

Christmas shopping physical stores with a credit card

With the rise of cyber attacks, every day they become more serious and more complex. It is not surprising that large numbers of the population resist shopping online, the problem is that the dangers are also present in the purchases we make in physical stores, so we must be cautious at all times.

Beware of Skimmers:

One of the ways that criminals have to attack is through “skimmers”. These are devices very similar to the usual payment terminal but they are designed to read the card when passing scanning it. They capture your PIN number and bank details when a simple card transaction is made.

If the establishment says they have had problems with the payment terminal all day or very often, it may be because a “Skimmer” has been implanted in the reader, making it necessary for you to swipe your card more times than usual for it to capture the data.

Keep distance when you pay with contactless payment systems:

The contactless payment system are in danger too, there is a technology called “near-field communications”, which can be controlled or captured remotely. For this, the person who tries to intercept the payment information needs to be close to the victim. So if you are using this payment system, look around and insist that no one is by your side when you go to pay.

Avoid using the magnetic stripe of the card:

It is unusual to use magnetic stripe cards because almost all have chips instead. However, cybercriminals can disable the chip reader or cause an error message to appear, thus forcing you to re-pass the card using the magnetic stripe. If the payment device has been enabled to read chips, but still shows an error message, you should consider another form of payment.

We must be aware that cybersecurity is present at all times and all areas of our lives, if we take the proper precautions each day, we can enjoy our holidays in peace.

10 tips to ensure your web page of possible cyber attacks

by

A web page is not complete if you do not add the necessary security levels. According to Hootsuite, 82% of users immediately leave a page if they feel unprotected when visiting a website. Therefore, it is useless to have a nice and easy to use website if it is an easy target for hackers who can carry out possible cyber attacks.  

The cybercriminals have a wide range of tools that they can use to attack you through your web page. The most severe dangers that you may encounter will be the access of sensitive data that is exchanged on your website, a virus or malware, or even send emails from your accounts using your identity.

Another important point to consider is that major search engines such as Google have increased the penalties for unsafe websites, therefore your website would have less exposure to searches due to lacking the appropriate security for your website. There are some fundamental measures to ensure your website is safe from possible cyber attacks. The following are some ways to protect yourself and help safeguard from a potential attack.

How to secure my website of possible cyber attacks?

  1. Add HTTPS security with an SSL certificate: The basic rule of how to know if a site is safe or not is to check if the beginning of the URL is “https”. Websites that have this have a padlock, and for this you need an SSL certificate. The typical connection where websites are hosted is HTTP, notice it is the same but there is no  “s” at the end. This website would be open to leak any sensitive data of users such as users and passwords or banking information if it is an e-commerce.

Using HTTPS, an encrypted connection is established between the browser and the website therefore data cannot be intercepted. The SSL certificate is what will provide this encryption and you should only install it on your hosting, the way to do it will depend on the provider.

Another clear benefit is that by having these type of secure pages, search engines will give them a better promote them.

  1. Add a Security Seal to a website: Having a site seal is an extra layer of security  because it acts as an antivirus for your page. These stamps can monitor your website under searches of malwares or viruses that may have been loaded by a hacker, and it notifies you so you can eliminate potential harm.
  2. Keep your website code updated: Just like you do with any application or software on your devices.
  3. Similarly, keep the platform and the scripts updated especially for the CMS (content management system) that you use.
  4. Change the prefix of the table in the database of your website: In the case of blogs like WordPress they have the default prefix “wp”, this can be changed and it will be harder for hackers to obtain information from your website.
  5. Place a password on the database of the site, thereby adding more protection to the information collected by your website.
  6. After having uploaded or updated the content of your website, be sure to delete the copy that remains in your device. Mainly since if you do not, any cybercriminal could access your computer and have access to your files, therefore save them in a secure place.
  7. It uses a CDN: A content delivery network consists of a network of several servers that are spread over different points between which the work and information is distributed. Its advantage is that if one server is attacked, the others serve as a backup.
  8. If your website is an e-commerce, you must ensure that your customers can trust it.
  9. Use robust passwords to access your website: Although it seems obvious, many people omit it, thereby making a hackers life much easier especially if they are seeking to access all site content, so you must protect it.

Although no measure is 100% infallible to avoid possible cyber attacks, the more layers of security you add to your website, the harder it becomes for hackers.

Hackers vs cybercriminals: Who they are and how to identify them

by

When we talk about hackers, many people imagine the typical image of a person (usually teenagers) hiding in a room behind a computer, typing indecipherable commands until getting ahold of any valuable information that seems impossible to access. The reality goes beyond this stereotype created by Hollywood, a hacker may be the person we least imagine and their motives can be different. Some hackers are not always focused on money. To determine the best defense to protect our information, it would be better to know who these people are and what motivates them to cause this type of damage.

The word “hacker” comes from the English word “hack” which means “to give an ax”. Originally, the term was used to describe the way technicians fix defective devices, but now, the word has evolved to acquire a negative connotation.

This connotation is clear that it is due to the serious damage that can occur to a person or a company, the main purpose for doing so varies.

Hackers vs cybercriminals

Adam Tyler, Innovation Director of the company CSID, explains that the profile of the current hacker is a young videogame aficionado, accustomed to Internet and social networks, who learns hacking as a personal challenge, the same way that they try to overcome a complicated video game.

This profile of hacker – which we already know – uses hacking for fun. Their motivation is not financial but a challenge to itself, rather achieving notoriety in its community. However when the game starts to be a business, then the rules change, or they skip.

As explained by Chema Alonso, CDO of Telefónica, “do not confuse a hacker with a cybercriminal, the second can enter systems with a purpose with a monetary objective or companies to steal information. Hackers, on the other hand, do it only out of passion and without the intention of doing harm. “

The profile of the hacker

Virtually anyone with access to the internet can learn to be a hacker. A survey conducted by a computer security company in Latin America, states that 76% of hackers are men whose ages are between 14 years (8%) to 50 (11%). The average age is 35 years (43%).

It is difficult to differentiate one from another, since many hackers end up being cybercriminals. Hackers are restless minds who are always looking for new ways to use technology. A poll of 127 hackers revealed that 51% of respondents said that their main motivation when launching cyber attacks is “the search for emotions”, while 18% point to economic benefits as a reason.

Another characteristic of cybercriminals is that they do not act alone, they can operate in large organizations around the world attacking approximately 600,000 times per day.

Cybercriminals carry out their attacks not only to obtain monetary gains and confidential information, but also to affect the reputation of the company and its brand. For example, interrupting digital services such as blocking access to emails or websites, among other types of attacks that affect the operating system of companies.

Types of cyber attacks

The type of cyber attack could determine the ideals or motives of the cybercriminal, the most common are:

Cybercrime: uses techniques such as phishing, steal the identity of people or companies to perform bank fraud, empty accounts, etc. This is generally for economic purposes.

Hacktivism: Is damaging pages of large companies or the government to make a protest. The objective of these cyber attacks is ideological and / or social. Most known within the hacktivists is the Anonymous organization.

Cyber ​​espionage: Compromises cybersecurity in companies. Since it deals with the theft of sensitive and valuable information, such as stealing private financial information from customers and employees, which then can be sold at very high prices on the black market.

Cyberterrorism: usually directed against governments or countries, affecting services such as health, defense, or infrastructure of great importance.

Types of hacker and how they operate

Each hacker has his way of operating. According to the actions he commits and the reasons he has, the most common classification is the following:

White Hat: The hero you who helps save you from cyber attackers, also known as “ethical hackers”, since they are people who work in computer security companies constantly looking for vulnerabilities to correct them.

Black Hat: This type of hacker is what we can define as a cybercriminal, he is the villain of the movie, they hack only for his personal interests. They use sophisticated techniques to access systems and steal data, destroy it or sell it on the black market.

Gray Hat: This person is a hybrid between the previous ones, because it is possible that he acts illegally but with good intentions. It can penetrate systems and disclose useful information to the general public, for example, accusing large companies of testing for the unauthorized collection of user data.

How do they choose their victims?

Hackers know who are the most vulnerable people for an attack. Their main targets are employees who have little knowledge about the proper use of computer systems. They also focus on hacking freelance workers, since typically these profiles consists of of people who have access to the systems of the company, but are not subject to corporate policies.

Why hack Social Networks?

Another favorite space for hackers are social networks. What do hackers look for in them? People using social media post photos, comments, new purchases etc. daily with family and friends. We are leaving information public to everyone, although it seems that it does not have importance, is of great value for cybercriminals. Since they can obtain a large amount of personal data and then use it in their favor.

Disseminate malwares sell our personal data, deceive users through phishing or other malicious actions that hackers can allow with all the information they get from our social networks.

How to recognize a cybercriminal in organizations

As we mentioned above, it is difficult to identify a hacker, because it could be the person you least expect. In spite of this, some characteristics could be taken into consideration in order to recognize a cybercriminal:

• A person with a high knowledge of computers and networks in general, such as, change of IP, use of Keylogger programs, use of unusual browsers, among others.
• People who take advantage of social spaces to ask about customer data and sensitive or restricted use information.
• They install spyware without authorization.
• Deactivate the antivirus software on the work equipment.
• They make use without authorization of computers or devices of the other members of the organization.
• Employees who work extra, beyond office hours without giving justification.

Although some features may be a bit exaggerated to justify the profile of a “possible” hacker, paying attention and getting to know the staff of the company does not hurt. The important thing is to ensure possible ways of where the attack may come.

The best cybersecurity practices in the advertising world

by

Advertising agencies are becoming the focus of hackers. For example WPP was targeted by a cyber attack last year, which cost this multinational ad agency about 17 million euros. Agencies of all sizes, even boutique ones, are under attack. The reason why agencies are so attractive to cybercriminals is mainly due to the amount and type of confidential data they handle on behalf of their clients. Therefore, if the appropriate cybersecurity measures are not applied, it can result in damage to your customers and their brands.

As you know, an online marketing campaign requires very specific planning, both to carry out market research and to develop an advertising strategy. It generally includes content to be developed in tools such as social networks, email and other marketing actions to attract potential customers.

In many cases, advertising agencies compete with each other to get an important brand account. During this process, confidential proposals are exchanged which, if they fall into the hands of the competition, can mean the loss of the client, with the consequent economic impact. That is why it is important to ensure the protection of this type of files.

It is also important to secure the creative pieces, before they are approved and go out to the public. It is regrettable that this type of sensitive information reaches the hands of hackers or unfair competitors, and that the losses have a negative impact on the income and the reputation of the agency.

Some risks that may occur are:

During the market investigation it will be necessary to share sensitive information with customers, this information will determine the effectiveness of the campaign. If these data are not sent with the right tools, they could easily be vulnerable to falling into the wrong hands, including competition.

Creative content and its tools: Content marketing is fundamental in a campaign. To do this, the agencies use content management tools such as WordPress, which allow them to create content periodically (in blogs, for example) and keep information about the company updated.

Because of its ease of use anyone with a basic knowledge can manage a WordPress account, and if not properly protected, a hacker could access the site and use it to their liking, even distributing malware to users.

Email is also widely used by agencies for targeted email marketing campaigns to contacts and customers. If a cybercriminal manages to access one of these accounts, he could not only have access to the contacts of the company, but could also send fraudulent or virus-infected emails, which would result in the company’s website or emails being blocked by the clients’ servers, and poses legal, reputational and financial risks.

Social networks are also an easy and vulnerable way to attack, and in addition you should be especially careful with the information that is published in this way, because of the ease and speed of dissemination that they have, they could also be channels of distribution of false information.

To avoid reaching any of the situations mentioned above, some basic cybersecurity measures to protect the information of a marketing campaign could be:

Cybersecurity measures to apply to online marketing:

– The fundamental thing is to use a strong and unique password that is difficult to guess, for each of the services mentioned above. It’simportant to set a different password for each tool, including each social network. 

– It is also important to periodically perform all updates to each service.

– You should avoid connecting to public Wi-Fis if you are going to use this type of tools, since the data that is being sent at the time of publication does not have the needed level of encryption protection.

– In the case of email marketing, you can use software that offers monitoring.

– Ensure that personnel who have access to these tools are aware of the threats that exist and the security measures that must be applied.

– When you need to share sensitive files that compromise the research or business proposals that you do, use applications that allow you to encrypt the information from the moment you send it until it reaches the recipient. With HushApp you can send documents easily and safely, even if your recipient does not use the application.

Cybersecurity is an issue that should concern all business sectors, it is important that all company personnel are aware of the dangers of a cyber attack. In the case of the marketing sector, where the activity is mostly online, the dangers are much more likely, taking the measures and using the right tools, you can successfully reach your ideal customers.

IoT Cybersecurity: 10 tips to protect the security of your home

by Leave a Comment

Talking about IoT Cybersecurity should not be surprising these days. The popularity of the Internet of Things (IoT) has increased dramatically and is taking over our homes, but as the Smart Home trend grows, the possibility of a cyber attack through one of these devices increases.

According to a study by Gartnet, there are more than 5 million devices connected today and the trend is growing. On the other hand, it is estimated that by 2020 the IoT technology will be the target of more than a quarter of all cyber attacks.

To start protecting your devices and prevent a possible cyber attack, just follow these simple IoT cybersecurity tips that we show you below:

10 tips on IoT Cybersecurity

1. Use different passwords for each device. Just like any other service, remember that each password works like a key, you do not use the same key for more than one door. Make sure they are complex enough so that they can not be discovered so easily.

2. If it is possible to use more than one router. Considering that most people generally connect everything to the same network, it means that this one connection has more doors opened through which it might suffer an attack. It also means that once in, the attacker has access to the whole network.

3. Protect your phone, since from there you will access the rest of the devices in the home. Use passwords and any other protection systems that you consider necessary.

4. It is not necessary to connect all the services of the device to the internet if you are not using them. For example in the case of a Smart TV, disconnect the camera or microphone when you
do not need it.

5. Make sure none connect automatically to open Wi-Fi networks. Manually configure them to connect only to the network of your choice, and make sure they are programmed to do it only when you want.

6. It’s much better if there is some way that your IoT devices can send and receive your data in an encrypted way.

7. Do not buy products that are not compatible with one another, or that can no longer be protected.

8. Buy only brands of known manufacturers and have a good reputation in the market. Cheap is expensive and even dangerous.

9. Avoid buying used devices, they can come with some malware installed.

10. Update the software of the devices regularly. In case the devices don’t update automatically, do verify it manually. Do not use equipment that can not be updated.

Cybercriminals have everyday more tools to attack and access our personal information, so we must not make it easy for them. IoT cybersecurity should be as fundamental as in any other device, software or service that you use in your day-to-day life.

Why use a passphrase instead of a password?

by Leave a Comment

As technology changes and advances, so do cybercriminals. That is why every day sites on the internet, softwares and applications are required to ask users to strengthen their passwords. This is because, users continuously make the same mistakes, using a password that hackers can easily discover.

According to Google’s global data, 68% of people use the same password for different accounts, only 46% change it at least once a year, and 91% use a password that is in the top 1000 most common passwords in the world. This goes to show that we still do not know the magic formula to remember a strong and unique password.

Remembering all of our different passwords is growing more difficult: increased length, numbers, capital letters, lowercase letters, and symbols make it difficult to not make mistakes, or forget. Thankfully, there is a better option: how about we use a passphrase?

Passphrase: what you need to know

A passphrase is nothing more than a phrase that works like a password. It is commonly used in the encryption of access to some software or other electronic systems. Unlike the password, they are much easier to remember.

Not all applications or software have this feature, but you can choose this option if the service allows it, especially when you need to protect the content of the information you want to share. The rest of this article will be dedicated to offering some simple tips that will help you  build a safe and easy to remember passphrase.

Like passwords, passphrases must have a certain level of complexity, or at least creativity, something that makes it unique and that only you will remember. Although this principle is repeated when you create a password, in the case of a phrase it may make more sense than a set of symbols, numbers and letters. Therefore, avoid using familiar phrases such as excerpts from songs, books or popular culture.

Do not repeat the phrase, remember that a password is like a key, you do not use it to open the same room. With the passphrase it will work the same, use a different phrase for different services.

Also, do not share the method you used to create it, it may be a clue you give to hackers to guess your phrase.

HushApp: Passphrases to send your files easily and safely

Now that you know you have this option, you will wonder where you can use it. In HushApp the passphrase has a leading role to protect your privacy. Here you can encrypt your files and store them in in your Hushbox. You will only be able to access your files using the passphrase you have selected.

You can also send your files to contacts you have selected, whether they use the application or not. In case you do not use it, you will also create a passphrase especially for them and send it to the recipient by other means. This way, you make sure that your information is completely secure.

Passwords have a vital function within the scope of cybersecurity, choosing the right one is crucial when stopping our information from falling into the wrong hands. The passphrase is an option to further improve the security and protection of your data, provided you give it the appropriate use.