Monitor for breached passwords #EightCyberSecurityTips

 Monitor for breached passwords (either via your password manager or use the “Have I Been Pwned” website) #EightCyberSecurityTips

The question isn't whether your passwords will be compromised, it's when.

With online data breaches happening regularly; from social media to online tools, to email providers, millions if not billions of user credentials have been exposed and are circulating on the dark web.

And when a breach occurs on one service, cyber criminals often attempt to use those same credentials on other platforms, in the hope you have reused the same password.

You need to know if your username / password combination has been breached, so that you can change your password on every online account that uses the breached one.

Password breach monitoring is usually included with most password managers. Bitwarden and 1Password definitely include this feature.

But what if you don’t use a password manager? Well, you can use Troy Hunt’s “Have I been Pwned” website to check for any data breaches connected directly to you.

Whichever way you manage it, password breach monitoring is an essential tool for individuals and small businesses.

Chris #TheAntiVirusGuy and #TheDataBackupGuy and #ThePasswordGuy — A bit about me: 💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free. 💻 Really good anti virus (SentinelOne £16 or ESET £4 £8 £10 per month) 💻 Buzz Ambassador

Use a managed EDR anti virus not consumer anti virus #EightCyberSecurityTips

Use a managed Endpoint Detection and Response Anti Virus instead of stand alone consumer Anti Virus #EightCyberSecurityTips

Cyber criminals are getting smarter, but stand alone consumer anti virus hasn’t changed its primary detection method in over thirty five years (since the late 1980’s).

It still uses virus signatures or “virus definition files” as the primary detection method. Or in other words a database of fingerprints of known confirmed viruses.

But the cyber criminals have moved on. They can use “Fileless Malware” or “Polymorphic Malware” to avoid detection using these traditional detection methods.

The criminals can even use the “DOS Copy” command to change an existing viruses signature, making it undetectable using virus definition files.

This is why so many individuals and small businesses get hit with viruses, malware, and ransomware. Their anti virus software is just not good enough to detect and stop these newer, more sophisticated, viruses

So how do we stop these new, hard to detect viruses?

The answer is to use managed EDR software. EDR stands for “Endpoint Detection and Response”, or as I like to call it “posh anti virus”.

EDR doesn’t just look for fingerprints of known viruses. Instead it looks for anything that is acting suspiciously.

If it’s acting suspiciously it gets “killed and quarantined” and flagged for investigation. Within minutes a cyber security expert will remotely analyse this potential threat, and decide if it’s a threat or a false alarm, and then remotely take action to keep your computer and data safe.

My preferred EDR solution is SentinelOne, but there are other products available such as Crowdstrike Falcon, MS Defender for Endpoint, and Palo Alto Cortex XDR, to name a few.

 

My recommendation is to ditch the consumer anti virus and get yourself some “posh anti virus” or EDR anti virus.

Have a chat with me if you need further information on how to get setup with managed EDR or “posh anti virus”.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £4 or £8 per month) 

💻 Buzz Ambassador 

Use LSD Passwords (Long Strong and Different) #EightCyberSecurityTips

Use LSD Passwords (Long Strong and Different), a password manager will help you with this (tip 5 of 8, in no specific order) #EightCyberSecurityTips

Humans are not great at picking passwords. We tend to go for short passwords that are memorable to us. We often pick a family members name, or a sports team we follow, and then add a number on the end (because we are told that’s more secure).

And we then use that password everywhere.

Really passwords need to be three things.

🔵 Long - passwords should be long to make it harder to crack in a brute force attack

🔵 Strong - passwords need to be complex, as this also makes them harder to crack in a brute force attack. I like using three unusual and unconnected words, strung together with some special characters.

🔵 Different - every password should be different. Because then following a password breach we only have to change that one password.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £4 or £8 per month) 

💻 Buzz Ambassador 

What would you do if you received this email?

 What would you do if you received this email?

Hopefully your answer is delete it. Because it's a Phishing scam sent to me yesterday.

What are the clues?

🔵 It hints at the fact it's from Microsoft (with the proper logo), but if you look at the sending email it's not from a Microsoft Domain.

🔵 The email is worded to create urency or intrigue (I wonder what's in the encrypted message).

🔵 The QR code means you don't know where you are being taken to when you scan it.

It's actualy a Phishing site. They are trying to obtain your Microsoft Account username and password. I suspect it probably also uses "session hijacking" to get round any 2FA / MFA you have on your Microsoft account.

Why do they want access to your Microsoft Account?

Well, it might let them do password resets on some of your other online accounts. And you might have used the same password elsewhere as well.

What can we learn from this email?

Always be wary of any emails asking you to open attachments, click on links, or scan QR codes.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £4 or £8 per month) 

💻 Buzz Ambassador 

Ensure smartphones (especially Android) are protected with Anti Virus / Anti Phishing security software #EightCyberSecurityTips

Ensure smartphones (especially Android) are protected with Anti Virus / Anti Phishing security software (tip 4 of 8, in no specific order) #EightCyberSecurityTips

We all use smartphones every day. But a lot of that use isn’t for making phone calls. They are more like pocket computers than telephones. Some people use their phone more than their laptop to run their business (or their personal life).

We all think about having decent anti virus on our laptops, but we rarely think about protecting our mobile phones.

Recently, a lot of hacks and breaches start via a Phishing attack.   And often we open that Phishing email, SMS message, or WhatsApp message on our phones, rather than our laptop or desktop computers.

My advice is to get some decent Anti Virus and Anti Phishing software installed on your smartphone, before it’s too late.

Contact me if you need any advice on this.

Chris

#TheAntiVirusGuy and

#TheDataBackupGuy and

#ThePasswordGuy 

—

A bit about me:

💻 Helping Entrepreneurs, the Self Employed, Sole Traders and Small Business Owners manage their online passwords and keep their computers virus free.

💻 Really good anti virus (SentinelOne £16 or ESET £4 or £8 per month) 

💻 Buzz Ambassador