Wednesday, April 1, 2015

How unique is your password

How unique is your password when compared with 10 million others ?

A lot is known about passwords. Most are short, simple, and pretty easy to crack. But much less is known about the psychological reasons a person chooses a specific password. WP Engine have analyzed the password choices of 10 million people, from CEOs to scientists, to find out what they reveal about the things we consider easy to remember and hard to guess.the following article is a brilliant insight into how weak most passwords are.

Unmasked: What 10 million passwords reveal about the people who choose them




Wednesday, August 20, 2014

CryptoLocker - take extra care with emails.



CryptoLocker is a particularly nasty strain of malicious software that encrypts your files then demands that you pay a ransom to get them back. It does this to files on your local computer hard drive, attached USB drives and shared network drives. It works by tricking users into infecting their own machines.

We've had several customers hit with CryptoLocker this month, the latest being this morning.

In all cases we had to delete the contents of the shared network drive and restore from a recent backup, which resulted in some data loss. The infected computer has to be disconnected from the network and fully rebuilt.  Any files stored locally within the My Documents or the Desktop folders of these infected computers have been lost.
CryptoLocker is distributed by emails that typically have subject lines claiming that they contain invoice, payment, voicemail, delivery or parcel tracking information. 

The email we saw today was from Australia Post (info@auspost-delivery.com)  and had the subject line of "[your name ] tracking notification!"

Please pass this information around your co-workers and colleagues asking them to take extra care with emails. They must be told not to attachments or click through to links if the message is from an unknown source or is not expected.

Feel free to contact us to discuss and learn what further methods we can use to help prevent CryptoLocker from running.

Friday, April 11, 2014

Should I change my password?

Should I change my password?

The mainstream press is awash with advise and warnings about the latest vulnerability named the Heartbleed bug which affects SSL encryption on websites that use the OpenSSL cryptographic library.

Some articles tell you to change your password now while others tell you to wait.

So who is right? 

Unfortunately there is no straight answer to this question and it needs you to do a little investigation.

The first step is to use the following link https://lastpass.com/heartbleed to see if a website you use is vulnerable and if they have updated to the latest OpenSSL library that resolves the problem.

If the website was
vulnerable and has been updated it's advisable that you change your password as soon as possible.

However if the website was vulnerable but has not yet updated to the latest OpenSSL library do not change any credentials yet, wait until the website has updated to the latest OpenSSL library.

You can read in detail about the vulnerability on the LastPass blog here http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html

Thursday, March 13, 2014

A world without XP

On the 8th April 2014 Microsoft are withdrawing support for their most successful and prolific operating system ever, Windows XP. For over a decade software writers and businesses have revolved around the operating system, and it has become the life-blood of many companies.

Speaking to business owners reveals that in many cases Windows XP still lives up to expectations, and there is a lot of confusion why we need to 'move forward'. Why should users and businesses upgrade computers and operating systems, when XP does the job! What's more is that users know Windows XP, why should they need to go and learn something new, costing businesses time and money with training.

Why are Microsoft doing this?

Windows XP is over 10 years old and despite the kicking, screaming, and holding onto the past, Windows XP is in actual fact holding businesses back! New software and features and cloud computing is simply restricted or not possible on Windows XP.

Windows 8 opens up a world of opportunities in terms of productivity, collaboration, and anywhere working. Synchronicity between many different devices comes as standard. Couple this with Office365 and you have a winning combination.

Imagine a world where you save a Word document on your desktop computer at work, continue working on it on the train journey home, on your tablet for example, and finish it off that evening on your laptop at home! Imagine a world where you can collaborate with colleagues actively on the other side of the globe, even when on the move.

With Windows 8 and Office365 this is happening now, and is something that Windows XP users can only dream of!

In conclusion, Microsoft are not just retiring Windows XP because of its age, or for revenue opportunities, they are retiring it to allow for the new wave of IT and cloud computing, where users can work from anywhere, and from any device. Goodbye XP, hello Cloud!

Story from Microsoft Business Hints & Tips

Monday, January 20, 2014

10 Tips to Enforce Your Online Security




David Attard on December 6, 2013 

I recently wrote an article called What the Hack, in which I discussed the spate of hack attacks happening at the time. Unfortunatley, not much has changed since then, and we keep on hearing of more and more password leaks, hacks, identities being stolen and loss of personal information. One of the password leaks that made headlines was that involving the loss of millions of Adobe passwords.

This week social media platforms are the target with around two million login credentials of uses on, among others, Facebook, Yahoo, LinkedIn, Twitter, Google and vk.com. Security firm Trustwave discovered a trove of logincredentials. When you analyse the different credentials, it’s alarming to see that a substantial number of people still use passwords that are so easy to guess. The most common passwords are:
  1. 123456
  2. 123456789
  3. 1234
  4. password
  5. 12345
  6. 12345678
  7. Admin
  8. 123
  9. 1
  10. 1234567
If you’re an IT admin, we don’t have to tell you to use strong passwords; but many people you know probably can’t be bothered putting some effort when choosing a password, let alone consider the risks. We’ve put together some DOs and DON’Ts for you to pass on to family, friends, colleagues and anyone else you know would need it. You may need to be a bit more insistent – think Sheldon (from ‘The Big Bang Theory’) type.
  1. Never use a simple password such as those above – it is a guarantee that the account will be compromised at some point. Do not use the following as a password: any sequence on your keyboard (qwerty, qwertyuiop, asdfghjkl, poiuytrewq, zxcvbnm), your name (or any name), your surname, your date of birth, or anything else which is easy to read or type. Don’t use dictionary words. Rule of thumb: what is easy for you to remember, is probably easy for someone to guess!
  2. Do use a complex password, or pass phrase for your most frequently used websites and office credentials. Use a phrase that makes sense to you, but to no one else; use mixed case, punctuation marks and symbols, and make it long. You will get used to it once you use it often. Here are some examples of complex pass phrases: Mycatisn0tgrumpy!, Mydogbump5intowall$, IS1ngwhenIc*ok, Iwillr3tireat40$$. You get the gist. This infographic might help you to create a strong password http://lifehacker.com/5876541/use-this-infographic-to-pick-a-good-strong-password
  3. Do check your password complexity against the Password checker: https://www.microsoft.com/security/pc-security/password-checker.aspx
  4. Do use a separate password for each website you have an account with. Do NOT reuse passwords. When you reuse a password you are making it  easier for a hacker who compromised a single password to get access to ALL your accounts. Even if you use a complex passphrase such as those in 2, do not reuse that passphrase.
  5. Do enable two-factor authentication (2FA) whenever it is available: Google, Facebook, Twitter all allow you to enable 2FA. This will generate a time-limited token (usually a text message on your phone) or a password generated by an app such as Google Authenticator.
  6. Do use a password manager to store your passwords – especially the ones used for websites you don’t use often.
  7. Do not use the password manager for passwords where you have sensitive information such as credit card details. Your office login and password, Paypal, Google, Facebook, Amazon and your other sensitive information accounts should NOT be stored in your password manager.
  8. Do not store payment information such as credit card numbers in your email account (for easy access).
  9. Do protect your passwords from prying eyes; never reveal your password(s) to anyone.
  10. Do change your sensitive website account passwords regularly. It’s better safe than sorry.
Can you think of anything else that should be added to this list? Leave a comment below and let us know!
About the Author: David Attard

David Attard has been working in various roles in the IT Industry for more than 10 years. He currently specializes is in the Internet security space. He is Product Manager for GFI WebMonitor® at GFI Software™.


Tuesday, January 14, 2014

Surface Pro and Office 365

I setup today for a customer a Microsoft Surface Pro with Office 365, this makes a fantastic combination of device and services from Microsoft.



Wednesday, November 6, 2013

7 Ways to Manage Email So It Doesn't Manage You

By Jeff Weiner CEO at LinkedIn

I'm always struck by the number of people who complain about the amount of email they receive and how much they despise their inbox -- not because their complaints aren't valid but because my own view couldn't be more different.

By design, my inbox has essentially become the central hub of my workflow -- it's the way I routinely communicate and exchange information with our 4,300+ employees operating in 26 cities around the world. That's not to say I've always been a fan of email, or that I haven't had my own Sisyphean inbox experiences.

However, over the years I've developed several practical guidelines that have enabled me to manage my inbox effectively and ensure it's not managing me.

I look forward to hearing your best ideas and hacks for managing email in the comments below.

1. If you want to receive less email, send less email

As ridiculously simple as it sounds for such a pervasive problem, I've found this to be the golden rule of email management: Send less of it.

This rule first occurred to me during my experience at a previous company where two of the people I worked most closely with ended up leaving the organization within the span of several weeks. They were both highly effective communicators, worked long hours, and as it turned out, sent a lot of email. While they were at the company, our email cadence seemed absolutely normal. It wasn't until after they left that I realized my inbox traffic had been reduced by roughly 20-30%.

Turns out, it wasn't just their emails that were generating all of that inbox activity -- it was my responses to their emails, the responses of the people who were added to those threads, the responses of the people those people subsequently copied, and so on.

After recognizing this dynamic, I decided to conduct an experiment where I wouldn't write an email unless absolutely necessary. End result: Materially fewer emails and a far more navigable inbox. I've tried to stick to the same rule ever since.

2. Mark as unread

When hovering over any individual email in your Outlook inbox, a simple right mouse click results in a series of subsequent options you can take. One of those, "Mark as Unread," has fundamentally changed the way I work.

Having the ability to mark an email unread enables me to quickly glance through my inbox, respond to things that are most time pressing, delete the things that are irrelevant, and mark unread those items I'd like to return to once I have the time. This alleviates the pressure of feeling I have to do everything right now for fear if that one important email falls "below the fold" of my screen, it will be lost forever under the looming avalanche of prospective incoming messages. It also essentially serves as a to-do list of items to be addressed later.

I try to end each day with as few items marked unread as possible, with the goal of having none. If I'm unable to get to everything that night, I'll start the next morning by addressing the unread emails received the prior day.

3. Establish a routine

Over the last several years, I've settled into a very specific daily routine during the work week: Wake between 5am and 5:30am; spend roughly an hour on my inbox; catch up on the day's news; have breakfast and play with the kids; workout; go to the office; carve out roughly two hours for buffers each workday; come home; put the girls to bed; have dinner with my wife; and then decompress, typically while watching tv (sporadically cleaning up my inbox via mobile during commercials and the boring parts of whatever we're watching.)

Turns out, my inbox is very manageable when I stick to this schedule. However, every time I've tried experimenting with even the slightest change to this routine, travel for more than a few days at a time, or have a particularly hectic couple of days back-to-back, it never ceases to amaze me how quickly clearing my inbox ends up feeling like this.

In this case, it's the compounding effect that's particularly troublesome, i.e. the rate with which unread emails from the previous day start to mount and the accompanying pressure that generates. It gets so bad for some that they actually go as far as declaring email bankruptcy.

The most compelling way I've found to avoid this state is creating a routine and closely sticking to it. If it worked for Benjamin Franklin, it can work for you.

4. Be precise with your words

Remember the telephone game you played in elementary school where the teacher got the class in a circle, turned to the student sitting next to them, whispered a line like "Do you want to play kickball at lunchtime?" and then asked each subsequent student to whisper what they heard to the child sitting next to them? By the time it came back around to the teacher, it would inevitably be revealed as something akin to "I want to eat a kickball for lunch." While this was laugh out loud funny in third grade, in business it's anything but.

Words matter. Choose them carefully in email to avoid ambiguity and misinterpretation. The more precise you are upfront, the less likely you'll see subsequent emails generating confusion and asking follow up questions seeking additional clarity -- and the more you and your team will be able to focus on the work at hand.

5. Give some thought To: the recipients

It seems like for many people, the To: and Cc: fields in email have become largely synonymous. They're not. Use them to draw a clear distinction between who the email is being sent to and from whom you expect a response from (the To: field); and who is being copied so they have the appropriate context (Cc:).

One of the fastest ways to have an email thread blow up in terms of downstream volume is to be less than clear about who you expect to respond. Six people in the To: line will oftentimes have the unintended consequence of generating six different email responses (and up to six different new threads) when one person's response is all you needed.

6. Acknowledge receipt

Here's an easy one: If the email sender has taken the time to address you in the To: line (and it really was intended for you vs. what should have been a Cc:), take the time to acknowledge you received it. The response doesn't need to be a diatribe. To the contrary, the fewer words the better, e.g. "Thanks," "Got it," "Makes sense," etc. This lets the sender know you received the message, don't need any additional information or context, and thus they can check it off their list.

If you don't respond, they'll have no idea whether or not they've been heard. Not only will this create worry about whether or not you received it, it is likely to generate another email with fundamentally the same content, but this time a number of additional people in the To: line in the hopes they'll respond given you didn't. The more people addressed, the more crowded your inbox is likely to become.

7. Take the combustible stuff offline

Email can be a valuable productivity tool when used properly. It can also be equally destructive when it's not. One of the most egregious examples of the latter is using email to communicate highly nuanced, sensitive subjects that are bound to generate controversy if not a flat out aggressive response.

It never ceases to amaze me what people will convey in an email when they get triggered by something -- words they would never choose to use when in the presence of the same audience. One former colleague of mine described this dynamic as "going strong to the keyboard."

If you find yourself in the throes of what is clearly becoming an antagonistic discussion online, do yourself a favor: Stop. Then either pick up the phone or head over to the person's office to have the discussion in person. Face-to-face interaction will reintroduce all of the important sub-text that will be completely lost in email and help prevent unnecessary arguments or douse heated flame wars before they begin....

These are some of the most valuable inbox practices I've learned and incorporated over the years. Anytime I veer too far from these habits, I inevitably find myself running faster and faster just to feel like I'm standing still. However, when implemented regularly, these rules have resulted in email playing an essential role in my daily work routine.