Connect with us

IT Security

How Compliant is your Small Business?

person on computer

Operating a small business doesn’t mean you can be complacent with how you’re protecting customer data and the prevention of the real threat of credit card theft.

Hacking gangs are alive and well hence the tightening of data protection rules  in the western world including the European Union’s GDPR.

Data Protection

So there’s two major compliances to work on immediately if you’ve not done so already.  Doing the basics  to ensure your business is in compliance with data protection laws including the GDPR even if you’re not in Europe is a must-do and here’s how you can get started if you’ve not done it already.

Every website collecting email addresses and more, need to comply with the requirements for protecting customer data.  There’s more that’s needed too see (Website policies) further on in this article.

PCI Compliance

There is also a pressing concern for all businesses, eCommerce and particularly those in the retail sector to commit to  PCI compliance.  You might be wondering what it is and is your operation too small to be bothered with it right now.

A really good explanation of what PCI DSS is and why any business transactions using credit cards needs to comply can be found in this article on BusinessBlogs.

Self Assessment

Smaller businesses can do a self assessment and why you might sigh with relief, don’t get too comfortable, you’ll still need to know exactly how to do a PCI self assessment and how to get set up so when your business grows it’s got everything in place for external assessments.

PCI and Networks

The real difficulty lies in understanding how sensitive data moves along your network which is a must for assessment.  The wireless LANs and other connectivity points like USBs and bluetooth can be penetrated hence they need to be monitored and secure.  This is where a PCI compliant specialist comes into their own not only for your self assessment but also when using external PCI auditors for your compliance.

Website Policies

Earlier on we mentioned protection of customer data and laws like GDPR.

Any business with a website that collects customer data can not avoid the basics website features that allow for transparency of how customer data is collected, utilised and shared with privacy and cookies policies.

This really is the norm now and it’s the entry level for all websites so all website developers will implement it, so it’s just the older sites and the Do-it-yourself crowd who need to be aware of the requirements.

Website visitor expectation is they’ll see the pop up that asks for acceptance of re. your website cookies policy and they’ll take the necessary action.  Without it, your business is not perceived as being secure and visitors may take no further action i.e. they’ll exit your site.

All websites should also be using the SSL (HTTPS), and be mobile ready.  Plus have all the bells and whistles in place to manage customer data collection and management for protection of customer data.

Summary

Ignorance is not bliss and it will be hurting your business if your website is not on top of it’s compliance requirements.   Get curious, find out what you need to know and when you need to take action to keep the hackers out and the visitors in.

Continue Reading

IT Security

Why Shopping Cart Abandonment?

online shopping

Shopping cart abandonment is not decreasing. Buyers add stuff to their shopping cart, however exit without finishing the purchase. The term ‘buyer’s remorse‘ needs to coined another way to describe why online shoppers abandon their shopping carts.

Relinquishment is an electronic business term used to portray a condition wherein a visitor on a page leaves that page before completing the pined for movement. Occurrences of betraying, are the place shopping cart abandonment happens the most! The reasons change from site to site and they’re explained well in the infographic created by Fullestop. We’ve added it to this post for you.

Web business destinations attempt to decrease their cart abandonment rate; however it’s a losing battle with a high level of customers still slipping past. Honestly, shopping case surrender rates if all else fails are actually rising. Business Insider reports that $4.6 trillion worth of stock was left in spurned trucks in 2016, up from $4.2 trillion out of 2013.

Reasons behind Shopping Cart Abandonment

For the retail part, these were the most widely recognized explanations behind the surrender:
• 34% were ‘quite recently looking’ i.e. not prepared to purchase.
• 23% had an issue with transportation.
• 18% needed to look at costs.
• 15% chose to purchase in-store.
• 6% relinquished because of an absence of instalment alternatives.
• 4% encountered a specialized issue.

Distinctive edifications have been offered trying to state why buyers leave shopping bushels. Most, by far, of the reasons, take after the ones in this present reality shopping process. The basic enlightenments behind shopping wicker container betraying have been seen as:

Perplexity with astound costs: in the far-fetched event that it’s not clear how to influence a purchase and you to leave your prospects with no other individual, expecting that “they’ll appreciate it”, you’re in for an epic dissatisfaction. Correspondingly, if they are out of the blue given some extra costs that they didn’t expect, you were showing the portal yourself.

Alert or secure site: An alert about the website can without much effort change over into fear. The starting point for a business is website security and assuring customers the website is safe and secure and this includes their shopping cart and when it comes to credit card data, what information is requested from purchasers.

Most electronic business purchasers are careful about revealing their own particular information, especially with respect to MasterCard inspirations driving interest. Purchasers are already nervous and it’s not long before they end up plainly suspicious especially if an overabundance of information is requested from them.

shopping cart abandonment infographic

Continue Reading

IT Security

How To Protect Your Business From Cyber Attacks

dealing with toxic co-workers

There is no getting away from the fact that cybercriminals and hackers are everywhere these days. Business owners need to remain vigilant and take precautions if they don’t want to become the victims of crime. The information in this article will educate all readers about the basics of protecting their operations and ensuring information theft doesn’t occur. The last thing any entrepreneur wants is for a hacker to steal their customer payment details because that often results in bad press and a lot of headaches. With that in mind, use the advice below to ensure you leave no stone unturned when it comes to securing your company.

So how do hackers break into my website or computer network?

There are many ways in which hackers might attempt to breach your security tools and gain access to your website or office computer network. However, some methods are more common than others. In recent times, business owners report the following strategies when hacking attacks occur:

  • The hacker will upload specialist tools to your website that allow them to create multiple backdoors. That means that if you identify the first vulnerability and fix it, the criminal can still gain access using a variety of different methods.
  • The criminal will use malicious Javascript code to your website template and use it to infect the computers of anyone who visits your domain. However, they won’t do that every single time someone clicks your link because that might expose their efforts. Instead, the hacker will randomly attack computers so their strategy is harder to detect than it otherwise would have been.
  • Some online hackers will attempt to download all user accounts and then use specialist tools to break through password encryption. Alternatively, those criminals can just steal the contact information like email addresses before selling the data to spamming organisations.

Well, how do I stop that from happening?

Protecting your computer network:

You have lots of options on the table when it comes to protecting a computer network against hacking attacks. In most instances, it makes sense to build a relationship with an IT Support company that can offer assistance if the worst occurs. However, there are lots of preventative measures you can take in advance. Considering that, be sure to read the following information carefully and put the tips into action as soon as possible!

  • Invest in digital and physical firewalls – You can get those items online for little money these days. Just be sure to conduct a lot of research and read reviews from other business owners before committing.
  • Keep all software updated – Software developers release updated versions of their products all the time to help combat security vulnerabilities. If you don’t have the latest version of the program, you might expose your company to hackers.
  • Provide employee security training – It’s vital to offer all employees training on the best practices for maintaining maximum security. For instance, business owners should ensure their workers never connect personal smartphones to the business network. Likewise, the team members should never access their social media accounts in the workplace. However they should follow an IT Security expert and learn from their views and news. That could create security concerns.
  • Use strong and random passwords that contain numbers and letters – There are lots of random password tools that anyone can use if they want to ensure hackers can’t guess their way into the network. It’s worth investing in one of those programs as soon as possible.
  • Don’t connect unknown devices to your computers – As mentioned a moment ago, connecting smartphones and other media to your computer network could create problems. If hackers already have access to that device, they will have no issue when it comes to penetrating your system.
  • Encrypt all sensitive data or store it in the cloud – Cloud storage providers use some of the most advanced encryption tools and strategies possible. So, business owners shouldn’t have to worry too much if they keep their sensitive data secure using one of those services. However, it’s also vital that you encrypt information on your office network too!
  • Never use unsecured WiFi networks – If you connect your computers to unsecured public networks, hackers can break into your system in a matter of sections. Indeed, there are low-cost computer programs that even teenagers could use to steal your information if you make that simple error.

Protecting your website:

Business owners also need to follow the correct strategies when it comes to ensuring their websites don’t become vulnerable to hacking attacks. The list of tips below will assist you in making sure your site has the most robust protections possible. Failure to implement the advice from this section will mean you stand a much higher chance of becoming a victim than those who pay attention.

  • Keep all software, and website plugins up-to-date – Hackers will look to exploit the vulnerabilities that developers work hard to solve with their software and plug-in updates.
  • Use complex passwords – Again, you can find programs that create random passwords without breaking the bank.
  • Don’t allow users to upload files – Unless there is no alternative, allowing users to upload files is a recipe for disaster.
  • Only use HTTPS to deliver private information (payment details, etc.)
  • Use the best website security tools – There are new programs and plug-ins hitting the market every single day. So, business owners just need to keep abreast of the latest advancements and invest at the right time.
  • Always use a secure online payment gateway – Consumers expect to see that little padlock in the left-hand cover of the address bar when they enter payment information. Ensuring the page is secure should help to protect against hacking attacks. However, it should also mean you miss out on fewer sales.

Now you know all the basics of protecting your business from cyber attacks; you just need to put that advice into action. There is no time to delay because criminals work around the clock to steal information and profit from their crimes. So, sit down with your most dedicated team members as soon as possible before discussing the matter and designing your strategy. As stated only a moment ago, sometimes company bosses will benefit from the expertise of professionals. With that in might, weigh all the pros and cons and then work out if you have enough money in your budget to pay for assistance. If you don’t, just follow the advice from tips post!

Continue Reading

IT Security

IT Security Basics: A Basic IT Security Awareness Program for Your Employees

cyber security

cyber security

As a business owner, you have probably heard that your staff are the weakest link when it comes to security. In my opinion this is not true, your staff, if trained well, can be the most effective security you can have.

The key to success is how they are trained.

In this post, I will provide an approach to IT security training that I have used for many businesses, from sole traders to large multi-nationals and much in between, that has shown to be very successful.

The Key to Successful Training

The success of any business training program is to make it interesting to the attendees in a way that what they have learned can be applied to their personal life in some way.

Let’s be realistic – people are more focused on their friends and family than their day jobs.

So, if the training program gives value that can be applied to their personal life, including friends and family, then the training material will be remembered and applied far more successfully in their work environment.

For example, if your business IT security training program provides tips on how they can secure their home baby-cam through changing password defaults, then that will stick far more readily in their minds than telling them they need to change the password on business system default accounts.

The benefit to your business is that focusing on adding value to their personal life will provide a higher level of success that the staff member will apply the knowledge to their work environment.

Hopefully you can see the benefit of this approach instead of providing an IT security training program every 12 months where they must sit through a slide pack of boring statements about complying with the rules or face disciplinary action.

Topics Covered in the Training Program

Just to re-cap, the training program I am presenting is basic IT security training that all your staff and contractors should undertake.

The topics covered address some of the most prevalent and effective attacks such as ransomware, social engineering and other tricks that malicious people use.

Most attacks require the target user, such as your staff member, to perform an action in order to kick-off the attack such as clicking a link or attachment within an email, downloading software or divulging their password.

Of course, there are other types of attacks that don’t require the user to perform an action, but they will be covered in another post (Five Basic (And Cheap!) Tasks That Will Dramatically Improve IT Security For Small Businesses) and is not applicable for the IT security basics training program for your staff.

Here is the list of topics that will be presented:

  1. Keep software updated
  2. Think before you click
  3. Avoid getting tricked
  4. Use strong and unique passwords
  5. Don’t plug in unknown media into your computer
  6. Secure your computer (screen saver)
  7. Protect sensitive data
  8. Do not use public Wi-Fi or any public networks

For each topic, I will provide the business context as to why this topic is important to your business and for staff to be made aware of the topic. I will then present a “story” providing context on how the topic is relevant to their personal life and how the recommendations help towards protecting their family and friends if implemented. You can add in your own business statements at the end, if you wish, to provide some context to their obligations at work.

You don’t have to use every topic or all the content – just grab the bits that feel right to you. Also, change the text to suit your own businesses style of language as you may find my approach too informal for your tastes.

How you present the topics is up to you, though I have found that booking a one-hour group meeting just before lunch, and providing a free lunch, has been effective. A free lunch provides an incentive for people to stay and discuss the topics which helps reinforce the information into their memory.

To keep the momentum going after the meeting you could setup a business group in your collaboration software that allows for people to ask IT security related questions, both for business and home.

Other common reinforcement tools are posters covering one of the topics in this series using graphics and text that addresses the topic in a funny manner (I have found almost zero success in threatening you staff with disciplinary action – unless you are in the military or police force!!).

If your business does suffer an attack on the IT systems, be transparent and send out a summary email to all staff stating what happened and how it was fixed. This shows that attacks on IT systems are real.

So, let’s begin by covering the topics.

1. Keep Software Updated

Business Context

A key requirement for a business is to implement a patch management process to ensure all IT systems are patched frequently to reduce the risk of vulnerabilities being exploited.

This is achieved by having a centralized patch management and deployment process which controls when patches are applied to devices with no action required by the end user.

If your business does not have a centrally controlled patch management and deployment function then you may be relying on each staff member to update their own computer.

This approach is not recommended, but it is common for small business to approach patching in this way. So, it will be important to set in the mind of your staff, the importance of patching at work by first addressing patching home IT systems.

The Story

Updating your software applications and operating system is one of the most important tasks you can perform to reduce the chances of your personal IT devices from being hacked.

Hackers break into your IT systems such as home computers, mobile devices, webcams, Internet enabled toys/smart TVs and other home appliances, and online security systems by exploiting vulnerabilities that are within the software running on the device.

Software is never 100% bug-free so the makers of the software constantly release patches that fix bugs in their software.

That is why patching is so important!

It’s the software bugs that can allow hackers to hack your IT devices!

One approach to make sure you are patching frequently is to check each software applications settings for an automatic update feature. If the software application provides this feature then you should enable it so you don’t have to remember to check for updates. All major operating systems such as Windows and Apple operating systems provide an automatic update feature – check that its enabled.

2. Think Before You Click

Business Context

Clicking on an email attachment or link within an email is probably one of the most effective ways of getting a computer infected with malware such as ransomware.

Depending on the staff members role it can be almost impossible to not have to open email attachments; roles such as HR and finance receive emails with attachments all the time – CV’s for the HR department and spreadsheets for the finance team, for example.

What makes it even worse is that most anti-virus software is useless these days at stopping new malware because the speed at which new variants of malware are created is faster than the anti-virus vendors creating signatures and end-users downloading them to their device’s anti-virus application.

What can help is to first think before you click.

Thinking means applying context to the email before clicking.

The Story

Often friends and family will send videos, pictures and other attachments to share with us. Sometimes the person sending the email may not be the person you think it is. These days it’s very easy to send an email that looks like it came from someone else, containing an email attachment with a virus or a link to a webpage that is designed to infect your computer with a virus.

Also, sometimes a person’s email account is hacked and a baddie sends emails to the person’s contact list with a malware attachment or a link to an infected webpage.

So how can you trust the email came from who you think it is?

If you know the person then check if the tone, language and behavior feels right to you. For example, if the person normally writes using a certain style but the email you received is not using that style then you should be suspicious. If they don’t normally send attachments or the time of day the email was sent is strange or the level of grammar and spelling is different then you should be suspicious. Check with the person by ringing or texting them – don’t reply to the email!

If you don’t know the person then you should never trust the email until you are 100% sure that its safe, especially never open an attachment or click on a link within the email!

Don’t rely on your anti-virus application that it will stop all malware as it will not. Most anti-virus software cannot keep up with the amount of malware being created these days.

Tips:

  1. If the email came from a person you know such as a friend or family member – your gut-feel should direct you as to whether you should trust the email and its contents. If you feel that the email just doesn’t feel like it came from the person you know then contact the person by phone or txt – never reply to the email.
  2. If you receive an email from someone you don’t know asking you to open the attachment or click on a link – don’t. If the email is of interest to you then do some research on the sender of the email via social media or a simple Google search.
  3. If the email feels wrong to you then trust your gut instinct.

3. Avoid Getting Tricked

Business Context

Social engineering is a massive source of IT security breaches. One of the most well-known phone scams is the Microsoft support scam, which involves criminals ringing people and convincing the target that they are from Microsoft and that there is an issue with the targets computer. The criminal then instructs the target to download software that ultimately allows the criminal to have full access to the targets computer often with a goal to locate personal information and account credentials such as online banking account details.

Social engineering also extends to the business environment and can involve cons such as the Microsoft support scam, but also other social engineering tricks such as convincing the finance department to deposit large sums of money into the criminals account for payment or services that do not exist.

Another attack involving social engineering is hacking into a business’s email accounts and intercepting valid payment requests via email and replacing payment bank account details with their own, resulting in valid payments going into the criminal’s bank accounts.

How your staff can help protect the business against social engineering is that they should be able to detect when they are being targeted. This can involve taking a more cautious approach to people contacting them with instructions to change processes without going through correct channels. For example, a finance team member receiving an email from the CEO instructing them to pay a service provider an urgent payment using different bank account details. If this request is not going through the correct process then this will could be criminal activity.

The Story

Baddies know that most people are trusting of others, so they will use this to try and trick you into giving up valuable information or perform an action that can harm you and your family.

Baddies will often send an email or ring trying to convince you to share information that could harm you in some way. Types of tricks include:

  1. Impersonating a well-known business such as Microsoft claiming that your computer needs fixing and asking you to download software that is malicious, resulting in the baddie being able to access your computer to search for bank account details or other sensitive personal information.
  2. Family members that you know are overseas, contacting you via email with an urgent request for money, the email content’s tone or language does not feel like them.

Some of the tricks used can be very convincing so it’s important to take a deep breath and look at the current situation in your own time.

For example, if you receive a call from a stranger stating they are from a well-known company and that they are trying to get you divulge personal information or make changes to your computer, place them on hold and ask yourself if the company would really be doing this, even better if you have company then ask them their opinion to the caller’s intent.

Tips:

  1. You should be very suspicious of anyone contacting you unexpectedly asking for any personal information or asking you to perform an action such as downloading software.
  2. Banks will never ask for your password, or for that matter – no business should ask you for your password – this includes the business which employs you.
  3. Software vendors would not contact you randomly and ask you to download and install software.
  4. Businesses should never ask for personal information unless you have initiated the conversion for reasons such as customer support.

4. Use Strong and Unique Passwords

Business Context

Password management is one of the most important aspects of IT security for any business.

I would imagine that thousands of posts have been written about the need for strong passwords and the need for each account to use a unique password, so I will not repeat the recommendations here.

However, for your staff member, strong passwords and using a unique password for every account is a massive annoyance, especially when you consider how many accounts we all have requiring a password!

If you would like more ideas on password management then read my post: Realistic Password Management Tips

The Story

Why is it important to have a strong password for your accounts and never reuse a password?

The simple answer is that a weak password can be very easy to guess and baddies know that most people will reuse their password on many accounts to avoid the issue of trying to remember all their passwords.

But what you probably don’t know is that if you reuse your password many times ultimately a baddie will get hold of the password and then through researching social media and other resources use that password on your other accounts.

Not all websites are built the same, some websites don’t care too much about security and may store your password in clear text or use weak encryption so that it’s easy to get the password. If a baddie hacks a website that you use and weak security is used to store your password then there is a very good chance that your password is now known to the baddies.

But it gets worse.

Not only will they have your password but they will have some other personal details that was stored with the password such as your email address, name, date-of-birth etc…

All this information can be used to locate more information about you such as your social media accounts and other website accounts.

They will also attempt to use that password on the email account you used. So, if you used the same password as the website that was hacked the baddie will now have access to your email account and all your contacts!

Therefore, it’s very important to use a strong password and never reuse a password.

A weak password is something that can be guessed or is less than 7 characters long. Examples of weak passwords are: “password123“, “qwerty“, “letmein“, family members birth dates, family pets names etc.. It is extremely easy to guess weak passwords using specialized software that is freely accessible on the Internet.

A strong password normally comprises of a combination of lower and uppercase letters, numbers and special characters such as %, #, (, * and is at least 8 characters long.

If creating a strong and unique password sounds daunting then there any many free online password generators such as https://strongpasswordgenerator.com/

5. Don’t Plug-in Unknown Media Into Your Computer

Business Context

Removable media such as USB memory sticks are often infected with malware and left in areas around the target business such as: the carpark, reception and other areas that staff members are known to frequent such as cafes.

If the infected device is plugged into a business computer there is a good chance that the infection will succeed, resulting in a “back-door” into your business IT systems.

This is not uncommon nor is it considered a sophisticated attack. There are devices that anyone can buy and use designed solely for this type of attack.

Your staff should be aware of the risk of inserting any removable device into their own computers as well as your business computers.

It’s important to note that they or a family member could infect their home computer and end up infecting your business computer as well via sharing files from the home computer with the business computer, even if they use different USB sticks. There are variants of malware that will silently infect any portable device plugged into an infected computer thus spreading the malware.

The Story

If you find a USB stick or other portable devices such as a portable hard-drive it’s important that you do not plugin it into your computer. Malware can infect portable devices such as USB sticks, so plugging it into your computer can result in your own computer being infected. Then, if you plug another device into your computer this device could be infected as well, ready to infect other systems.

The best action to take when finding a portable device is to hand it into the nearest authority so they can deal with it or leave it where it is.

6. Secure your computer (screen saver)

Business Context

An unattended computer that has not being locked is a major security risk to a business especially if the computer in question is accessible to the public or visitors, for example computers at reception.

It can only take a matter of minutes for a malicious person to infect the computer by loading a web browser on the computer and visiting an infected web page.

Always have a screen saver activate after a certain number of minutes of inactivity, for example 15 minutes within a non-public environment or a maximum of 5 minutes for a computer within the public area.

The Story

Not activating the screen saver on your devices such as mobile phone, iPad or computer is dangerous especially if you accidentally leave the device in a public area.

It’s bad enough that you will probably never see the lost device again, but its far worse if the person who grabbed your unattended device has full access to your device’s apps because there was no screen saver activated requiring a password to unlock it.

Always set the screen saver to lock the device after a certain period of inactivity – its recommended that a maximum of 5 minutes of inactivity should activate the screen saver requiring a password to unlock it.

7. Protect sensitive data

Business Context

Passwords, business bank account details, staff HR records, payroll data and other sensitive information must be securely stored at all times.

Often, I have seen passwords to software and important accounts shared between people via post-it notes or even a spreadsheet named “passwords.xls” stored within a shared drive with not even a basic file password protecting the contents of the file!

When a business is breached by a malicious person one of the first tasks they will perform is searching the network drives for password files.

Using a standard password lock on a file is not enough as the password protecting the file can be identified using simple brute forcing tools that will ultimately guess the password, normally in a matter of hours.

The use of a centralized password vault that is designed to protect sensitive information, not just passwords but also documents, is a must for any business. There are many benefits to using a password vault such as:

  1. Sensitive information is normally encrypted with very strong encryption ciphers so if the vault is stolen the encryption is almost impossible to crack.
  2. Access rights can be applied to each piece of sensitive information so only the people who need access to that information can access it.
  3. There are no synchronization issues with storing multiple copies of sensitive information in different files and/or locations. The password vault application will provide centralized management.
  4. Most password vault applications provide auditing features so every person who accesses a piece of sensitive information is recorded.

The Story

It’s very important to protect your family’s sensitive information such as online bank accounts details, financial information such as investment portfolio details, social security numbers and other information that can be used to not only steal your money but to also steal your identity which will be used for fraud.

Before we had computers, this information was stored under lock-and-key such as a home safe or a safe deposit box at a bank, however, most of us now store sensitive information on our computer.

The problem is that the computer was not designed to be a safe.

If your computer is stolen or accessed by hackers, and you have not taken steps to protect the sensitive data, then there is a very high chance that the criminal will have full access to that information on the stolen device.

How can you protect sensitive data stored on your computer?

Sensitive information can be protected by using a “virtual safe” such as a password manager application.

Password managers are applications which can store important information such as passwords, bank account details, social security numbers, or files securely.

Password management software can be installed on your computer but, the downside to this approach is that anytime you or someone else needs to access the information stored in the password management vault they need access to the computer.

For families, this can be annoying.

An alternative approach is to use one of the password management systems offered online. The key benefit to the online password management systems is that more than one person can access the vault at any time and on any device.

Some online offerings provide cool features such as a password generator and automatically filling in the password text box for online accounts. This means you can have strong and unique passwords that you don’t have to type into the password text box to log into an account, the system will automatically paste the password into the password text box!

Another cool feature is that most online password management systems allow for multi-factor authentication. This means you need your username and password and in most cases your mobile phone as well to receive a special one-time code. So, if your password gets discovered the person will still need access to your mobile phone in order to successfully log into your password vault.

8. Do not use public Wi-Fi or any public networks

Business Context

Using public Wi-Fi hotspots including hotspots provided by hotels, cafes and other businesses should be treated as highly insecure. The amount of attack scenarios, free tools to set up rouge Wi-Fi access points and hack Wi-Fi transmissions and general poor security of Wi-Fi networks is considerable. Click here to see a product that anyone can buy, especially designed for creating rouge Wi-Fi access points.

If you or your staff need to use public Wi-Fi networks then, at the very minimum, a VPN should be used to protect the data flowing between your device and the access point.

The Story

If you can, try to avoid using public Wi-Fi hot-spots such as the ones offered by libraries, cafes and airports and other businesses.

Wi-Fi can be very easy to hack which means baddies can see some of your network traffic from your device or even control which websites you visit!

Some websites that you visit may not be using HTTPS or other encryption methods to protect the data flowing between your device and the mobile app or website. That means that the unprotected traffic could include your account passwords or other sensitive information!

If you need to use public or free Wi-Fi use VPN software so all your data is protected regardless of which websites you visit.

Recommended Reading

IT Security Basics: My Website Was Hacked! What Do I Do Now?

Continue Reading

Trending