Tag Archives: Business

Links that endanger your cyber-security

panda security

On any given day, employees at your company click a multitude of links and many of them come from unknown sources. But clicking these mysterious URLs endangers more than your security, it can also threaten your business.

Curiosity can cost you. The sole purpose of these links is to transfer malware onto your system. What’s worse is that, as demonstrated in a recent study, the majority of internet users click these unknown links.

Zinaida Benenson, a professor from the University of Erlangen-Núremberg, and her team of investigators sent 1,700 students messages (from both Facebook and email) containing a shortened link in order to access a photo album. To do this they created fake accounts and profiles to see if the students trusted and clicked the unknown sources.

But, of course, a photo album did not appear when the link was clicked. Luckily for the study’s participants, there was only an error page that allowed for the investigators to count how many of them clicked the bait. The study’s results speak for themselves: 56% of those that received the link via email and 38% via Facebook clicked the links.

More than half of internet users click links without thinking.

Later on all of the study’s participants received a questionnaire. Once again, one of the conclusions drawn from the study was the most surprising: The number of those who clicked the unknown links totaled 78%. Why? For most participants, curiosity was to blame.

It is extremely important that employees are aware of the risks when clicking a link from an unknown source: this mistake can endanger all of the private data stored on company systems, including information stored in the Cloud.

However, if you see that curiosity takes flight, the best advice you can adopt is to begin using a solid protection service such as Panda Solutions for Companies, the only way to protect ourselves against these type of cyberattacks.

The post Links that endanger your cyber-security appeared first on Panda Security Mediacenter.

Webcams, Routers and Other Risks to your IT Security

panda security

The fleet of computers in your business may be protected but that does not mean that your corporate information is safe. Beyond tablets, there are a number of devices such as mobile phones and smart watches that have joined the list of gadgets that every enterprise must control and protect to prevent IT risks. Every office contains a number of vulnerable devices that can pose a danger to confidential data.

Although we do not usually pay attention to webcams, they pose a danger to corporate privacy and security—even the founder and CEO of Facebook, Mark Zuckerberg, shared a photo on the social media site where we can see that the laptop’s camera is covered for security purposes.

Covering webcams at your office when they aren’t being used could help keep your corporate information private.  An example of this occurred two years ago when it was discovered that a Russian website issued a direct signal to more than 70,000 private webcams that were hacked.

Printers, routers and USB

However, there is more work to be done than just covering webcams. Every office has routers that are not generally given the proper attention. Without the proper security measures (like simply changing the standard password that comes with your computer), a router can easily be taken advantage of by cybercriminals. They can easily take over your bandwidth and build a network of malicious bots, or worse, link it with a DDoS attack on another website.

There’s more. Corporate printers can be one of the biggest cybersecurity problems in your corporate environment. Every document that is sent out to print has to travel through a network that can be attacked. It is worrisome to think what could happen to this private information on the way to the printer. As you can see, the security of these devices are just as important as any other computer in the office.

Any device with USB storage in the office could put the entire corporate structure at risk. Malware on pen drives can be transmitted using USB ports on computers or can be used as a storage device to steal information.

As you can see, beyond covering webcams and changing router passwords, it is important to have reliable anti-malware  protection for your business, devices and networks in your workplace.

 

The post Webcams, Routers and Other Risks to your IT Security appeared first on Panda Security Mediacenter.

1 in 3 small businesses is clueless about ransomware!

A third of small to medium sized businesses surveyed by AVG had never heard of ransomware, demonstrating an urgent need for education on one of the fastest growing malware categories.

 

Ransomware is one of the world’s fastest growing malware categories. In June, we surveyed businesses to understand who had heard of the term ‘ransomware’ and what they understood about it. 381 of our small-to-medium business (SMB) customers in the US and UK responded to our questions and the results proved revealing and concerning.

Here are the key points:

68% of respondents said they had heard of the term ‘ransomware.’

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/avgransomware

That may look like a good percentage, but this also indicates that even with security industry, media and governments working hard to educate businesses about the risks, nearly 1 in 3 is still not aware of this significant risk.

So what is ransomware and how does it impact businesses?

Ransomware is a generic term for a category of malware that restricts access to a device or the file(s) on a device until a ransom is paid. It’s a method for criminals to make money by infecting the device and has become very effective at causing havoc for a business or organization that is unfortunate enough to become a victim.

It’s not new, which is why the 32% concerns me. The first cases were reported as far back as 2005, which took the form of fake antivirus software claiming you had issues that required payment in order to be fixed.

Over time, ransomware morphed into scareware messages. Scareware messages, designed to trick users into downloading malicious software and often disguised as communications from law enforcement, typically claim that a device has been infected or that the usage history of a device shows illegal activity—or in some cases blatantly locking files until you call and pay the ransom.

The 68% of respondents claiming to know what ransomware is had very different opinions, many of them inaccurate. When asked to explain the term, it turns out that 36% (of the 68%) didn’t actually know what it was.

A major security concern

Since 2013 when Cryptolocker ransomware first surfaced, ransomware has now become a major security issue with organizations being held to ransom – and in some cases paying to get their data unlocked. Numerous incidents have been cited where thousands of dollars have been paid: hospitals, charities, hairdressers have all been held to ransom. One university has suffered 21 attacks in the last year alone!

The true scale of the problem is somewhat hard to define though because, understandably, many businesses and organisations are reluctant to reveal they’ve been held to ransom because of fears about being targeted again, or losing existing or new customers.

People are held to ransom in just a few seconds

Unsuspecting victims are infected through emails impersonating customer support personnel from well-known company brands. Once activated, the malware encrypts files and demands payment, typically a few hundred dollars within a timeframe of 48 or 72 hours.

Last year alone, the FBI received 2,453 complaints about ransomware hold-ups last year, costing the victims more than $24 million dollars! Earlier this year, the UK National Crime Agency claimed ransomware attacks have increased in frequency and complexity, and now include public threats by the perpetrators to publish victim data online, as well as the permanent encryption of valuable data.

4 ways to protect your computers and networks against ransomware

  1. Stay vigilant. One of the most common methods of infecting a system is via a spearheading email with a malicious attachment or link. If you are not expecting the email, or it looks suspicious in any way, do not open it and delete it.
  1. Back up your software and systems. It’s really important you keep your software and operating system updated. Back-up your files regularly and don’t forget to keep your backup media disconnected from your PC. Otherwise, your backups might get encrypted as well. This also applies to storage and network drives e.g. Google Drive, Dropbox, etc.
  1. Use the latest protection software. At AVG, we take ransomware very seriously and our AVG Internet Security and AntiVirus Business Edition solutions detect and block ransomware and other malware variants from infecting your devices and servers – leaving you to focus on what matters.
  1. Don’t pay. If you do fall victim, do not pay. Funding these criminals only encourages them to attack other people. Research the specific infection to see if there is a decryption tool. We offer 7 of these tools for free with more on the way.

Don’t be the 1 in 3

Taking proactive steps to protect your organization from a ransomware attack is essential to the smooth running of your business—it is your livelihood, after all. Contingency and remediation planning are also crucial to business recovery and continuity, and these plans should be tested regularly.

New Distributors Join AVG Channel, Extend SMB Footprint in Europe

 The spotlight is on Europe this week as we welcome new distribution partners to our AVG channel  . . . Sigma Software Distribution in the UK and Dexceo in Denmark.

As our GM Fred Gerritse has shared this year, our distribution go-to-market model has been top of mind for us this year and key to driving value for our partners.

Building a strong distributor network lets us better respond to the security needs of business customers as our AVG channel grows and scales globally. Central to this is finding distribution partners that share our security commitment and bring the expertise and capabilities to sell our full line of AVG Business solutions.

This week, we are announcing the addition of two new European value-added distributors to our AVG channel: Sigma Software Distribution in the UK and Dexceo in the Nordics. Both distributors will provide our full line of AVG Business solutions.

Sigma, who was named CRN UK’s Specialist Distributor of the Year, is a great example of a partner that aligns to our vision with the track record to show they mean business.

Sigma General Manager Jane Silk shared her thoughts on the new Sigma-AVG relationship, “We always strive to truly understand our partners’ needs and establish long term relationships that drive opportunities. The AVG relationship is one where we can work transparently, develop the best model for the channel and then prove this in the marketplace.

“AVG’s proven security expertise and its advanced technology will help us immediately respond to challenges our partners face in the current threat landscape. Product innovations such as AVG Managed Workplace that offer a centralized, automated platform to manage security while also helping our partners provide more services to their customers, have us very excited.”

Sigma has demonstrated consistent and sustainable growth in its specialty field. As proof, the company has delivered seven consecutive years of revenue and profit increases. Sigma’s operating model includes a dedicated sales development team with the knowledge base to work closely with re-sellers to support training, identify cross-sell opportunities, manage deal registration and more.

Our UK team is at the Insight Technology Show in Manchester today and will be sharing more about the Sigma-AVG relationship.

Dexceo, a leading Scandinavian security distributor and our first AVG Business solutions distributor in Denmark, is also ready to start marketing AVG Business solutions. The Dexceo team shared its AVG news this week with Danish media.

Dexceo specializes in IT security and network solutions for an international business client base and carefully selects its IT suppliers and re-sellers to maintain the company’s high quality and service standards. Dexceo is a relatively young company but we are impressed by the team’s experience, knowledge base and growing partner network. The company has also acknowledged a need to complement its security portfolio with cloud security and remote monitoring and management solutions. Both AVG Managed Workplace and AVG CloudCare will support Dexceo’s needs to deliver increased visibility across IT environments and efficiency in deploying and maintaining security services.

Dennis Wøldike, founder of Dexceo, shared his view of the AVG opportunity for Danish businesses, “We are looking forward to building our relationship with AVG and extending new benefits and opportunities to our partner network. As an AVG trusted partner, we can offer new security innovation and a range of solutions and services for the Scandinavian market.”

The additions of Dexceo and Sigma are a natural extension of our partner-focused model and complement our specialty focus, as well as our existing and valued broad line distributors.

We look forward to building strong relationships and sharing big results.

AVG Receives AV-TEST ‘Top Business Security Product’ Score

Independent Security Research Leader AV-TEST recently put our AVG Business solutions to the test.  The result was a Top Product award that AVG channel partners can share with their clients.

 

At AVG, we never miss an opportunity to promote the detection and protection capabilities of our business security software. It’s even better when independent experts are also communicating the power behind our security engine. Our recent AV-TEST scores are a great example.

Our AVG Business solutions were recently awarded a Top Product score by AV-TEST in its May-June 2016 evaluation of 13 business endpoint protection software products. AVG was one of only 4 of 12 security vendors to receive this product score.

In this AV-TEST evaluation, our security technology was put through realistic test scenarios and challenged against real-world threats. We are also proud to share that this is our second consecutive high rating by AV-TEST this year.

AV-TEST, an international, independent leader in IT security and antivirus research, uses comprehensive comparative analysis methods to detect and analyze new malware.  In its analysis process, AV-TEST engineers evaluate security solutions for reliable malware detection and low false positive rates.

Here is a brief look at our results:

  • Our AVG Business products scored 100% for real-world detection with no false positives across protection, performance and usability categories, achieving 17.5 out of a total score of 18, across these categories:
    • Protection 6/6: This focuses on protection against malware infections (viruses, worms or Trojan horses)
    • Performance 5/6: This focuses on the average influence of the product on computer speed in daily usage.
    • Usability 6/6: This focuses on the impact of the security software on the usability of the whole computer

AV-TEST CEO Andreas Marx also shared his feedback on our test results. “With the market’s leading business security software solutions promoting similar features and capabilities, independent test results like ours help the decision-making process for both the IT channel and business customers. AVG’s business products have performed consistently strong in our recent tests this year and this is important for channel providers making product portfolio decisions and managing security for their business clients,” said Marx.

Our consistent product performance is a testament to our 100% focus on SMB security. We continue to be committed to helping channel partners build their businesses and put the best security defense in place for their clients’ IT environments.

Please share these results with your teams and client base. You can find more information about our AVG Business solutions at http://www.avg.com/partners. Thank you for your continued support.

Passwords Protect Your Business, but Who’s Protecting Them?

When we asked AVG Business customers in the US and UK how they keep company passwords safe, we were surprised to learn just how many of them … simply don’t.

 

Hundreds of millions of employees worldwide use passwords multiple times every day to access business resources ranging from email and domain management to banking and accountancy. These passwords—strings of letters, numbers, and symbols used to validate access—are one of your business’s primary ways to protect vital resources. But what is your business doing to protect them?

In June, AVG surveyed businesses about their password-protection policies and practices. 381 of our small-to-medium business (SMB) customers in the US and UK answered 16 questions, and here are some of the things we discovered from their answers:

  • A third of respondents believe their company’s passwords could be more secure.
  • 72% believe their workplace passwords are stored in a safe place.
  • 22% of businesses use password management software.
  • Four out of ten people use the same passwords for different business log-ins.
  • 50% of people use between 1 and 10 passwords to access different networks, software, and accounts.
  • A quarter of participants use two-factor authentication for their passwords.
  • 67% claimed there are 1-2 people who have access to their company passwords.
  • 43% of people with access to company passwords don’t have a clause in their contract to keep these passwords confidential.
  • 51% of employees save all or some of their passwords through their web browser.
  • For one-third of businesses, the owner, president, or MD is responsible for managing company passwords.
  • 16% of non-employees (contractors, freelancers, temps) can access company passwords.
  • 19% of people surveyed said their business uses an automated password generator.
  • 68% of people surveyed say they have heard of the term ‘ransomware.’

The results in full

 

Password Security

A third of participants believe their company’s passwords could be more secure.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure

This result isn’t too surprising, considering the most-used passwords in 2015 were ‘123456’ and, you guessed it, ‘password.’

 

Password Storage

72% believe their workplace passwords are stored in a safe place (i.e. not accessible by unauthorized personnel).

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avbpwsecure1

22% of businesses use password management software.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure2

Small businesses can benefit from using a tool allowing them to securely manage several different accounts simultaneously and store all company passwords in one place. Or a user authentication service, such as AVG Single Sign-On (SSO), lets users employ a single set of log-in credentials—with a two-factor authentication option—to access multiple applications.

 

Logging in

Four out of ten people use the same passwords for different business log-ins.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure3

Using one password for multiple services may feel like a time-saver, but it weakens the gateway to your business, data, customers, and potentially your identity. So just imagine if this one password got into the wrong hands. We recommend giving each employee their own password and account, to ensure accountability and improve security.

50% of people use between 1 and 10 passwords to access different networks, software, and accounts.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure4

Small businesses often use so few passwords because they have a small domain, which combines sign-on for email, network and, other linked services. However, whatever the number of passwords a business uses, they must always:

  • store them somewhere safe,
  • control who has access to them, and
  • ensure the passwords are strong, i.e. contain caps, numbers and symbols.

 

A quarter of participants use two-factor authentication for their passwords.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure5

More and more big brands such as Apple, Twitter, and Evernote have introduced the two-factor authentication option, which confirms user identity through a combination of something you have (e.g. an ATM card) and something you know (e.g. your ATM PIN).

 

Password Access

67% claimed there are 1-2 people who have access to their company passwords.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure6

IBM’s 2014 Cyber Security Intelligence Index showed 95% of all security incidents involved human error. Successful security attacks happen when human weakness is exploited to lure a company’s employees to unwittingly provide access to sensitive information.

43% of people with access to company passwords don’t have a clause in their contract to keep these passwords confidential.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure7

Including a confidentiality clause in every employee or third-party contract is an additional—and necessary—layer of protection for your business.

51% of employees save all or some of their passwords through their web browser.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure8

Using a web browser to remember your password is convenient, but poses a security risk. How big a risk depends on whether you sync with other devices, what browser you use, and how many people have access to your business computer(s) using the same profile. Next time your web browser asks to save your password, reconsider, and select “Never for this site.”

For one-third of businesses, the owner, president, or MD is responsible for managing company passwords.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure9

When it comes to IT security, small businesses are in a tight spot, because they’re heavily dependent on computers, yet not large enough to have a dedicated IT staff member. So often the owner, president, or MD becomes the closest thing a company has to an infosec expert. As a business grows, so will the IT infrastructure, at which point dedicated personnel should take responsibility for managing company passwords.

 

16% of non-employees (contractors, freelancers, temps) can access company passwords.

For the most part we know and trust our colleagues, so granting system access to full-time employees makes sense. But what about for short-term projects involving a contractor with understandably less of a commitment to the company? Should you really share passwords with these staff? The best solution, if access is essential, is to create temporary log-ins, which you can delete when temporary employees leave. Otherwise, you’re left having to change the password for everyone … or be comfortable leaving it alone, knowing someone who’s left the company technically still has access. And in case it’s not clear, we don’t recommend you ever do this.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure10

For the most part we know and trust our colleagues, so granting system access to full-time employees makes sense. But what about for short-term projects involving a contractor with understandably less of a commitment to the company? Should you really share passwords with these staff? The best solution, if access is essential, is to create temporary log-ins, which you can delete when temporary employees leave. Otherwise, you’re left having to change passwords for everyone … or be comfortable leaving passwords alone, knowing someone who’s left the company technically still has access. And in case it’s not clear, we don’t recommend you ever do this.

 

Password Generation

19% of people surveyed said their business uses an automated password generator.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure11

 

The best, easiest way to create strong passwords is to use a password generator.

 

Ransomware

68% of people surveyed say they have heard of the term ‘ransomware.’

 

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure12

However, 36% (101 out of 277) of those who thought they knew what ransomware is actually didn’t.

Ransomware is malware that encrypts your files, then demands payment—often with a time limit—before decrypting them. Not only does ransomware target your most valuable files, it can lock down system files to render your web browser, applications, and entire operating system unusable.

So what do businesses need to know? And what can you do?

Experts warn that small businesses are fast becoming cybercriminals’ favorite target—and those businesses are quite often woefully unprepared. Cybercriminals know that SMBs can be an easy path to a much bigger target, that is your customers and partners. Many breaches could have been prevented with robust employee and contractor education, more stringent password policies, and the use of two-factor authentication.

In 2015, US businesses saw an average 160 successful cyberattacks per week, more than times the 2010 weekly average. Cybercrime globally cost businesses $400-$500 billion last year, and the estimate for 2016 is $2-3 trillion.

In the UK, the latest Government Security Breaches Survey found that nearly three quarters (74%) of small businesses reported a security breach in the last year, an increase from both 2013 and 2014. And the cost of each breach was £75,000-310,800, with 31% being staff-related.

Ultimately, you cannot take it for granted that your employees or colleagues have the tools and knowledge to make the necessary decisions to keep the business secure. But by implementing sound policies and proven practices, you can equip yourself and everyone in your business to be part of protecting it.

And when it comes to IT security and password policies, never, ever, ever underestimate hackers. Where data could be stolen or money could be made, cybercriminals will persist until they find a vulnerability they can exploit. Your password policy is your key to the kingdom, so guard it accordingly.

D&H Distributing Joins AVG Partner Ecosystem

Our AVG Business team is at CompTIA’s ChannelCon event this week, talking with our partners and distributors. We are also excited to welcome D&H Distributing to our AVG channel ecosystem.

 

This week, our AVG Business team is at CompTIA’s ChannelCon event in Hollywood, Florida. This is a great kick off to the second half of 2016 and gives us a chance to meet with our partners and distributors, showcase our AVG Business solutions and talk with channel media.  We are also excited to welcome D&H Distributing to our AVG channel ecosystem.

D&H shares similar values – a partner-focused approach and commitment to driving an effective distribution strategy to deliver new value.  As a leading North American technology distributor, D&H provides a broad range of resources to empower resellers. Known for its multimarket expertise, account-dedicated sales teams, service and flexible financing, the company offers multiple advantages we can extend to our partners and their end customers. Additional advantages of the new relationship include a focus on SMB needs, partner accountability and management, ease-of-doing business, value, performance and premier service.

D&H will provide our full AVG Business product portfolio to its large network of VARs and MSPs throughout the United States and Canada.  This includes our AVG Managed Workplace, AVG CloudCare, AVG Internet Security and AVG AntiVirus Business Edition solutions.

As Jeff Davis, senior vice president of sales at D&H, shared, “We share many synergies with AVG and are excited about the momentum the company is driving through new initiatives focused on channel value. We are commited to providing a robust security offering, and the AVG Business product line offers us tremendous opportunity to execute on this vision for our VAR and MSP community. Products like AVG Managed Workplace and AVG CloudCare are designed and priced with the SMB in mind and offer advanced securiy detection and protection. This is technology innovation and simplicity we can provide across our established footprint as well as help the channel respond to new changes and threats in the security landscape.“

D&H will provide strong value as we continue to strengthen our AVG Business distribution channels to increase flexibility, drive revenue opportunities and help partners take their business to the next level.

Earlier this year, we put several AVG initatives in place focused on driving value for our channel ecosystem – including a new Sales and Marketing model to provide dedicated account support, a Partner Certification Program to deliver on-demand technical training, and a new distribution model to effectively support our partner distribution network. D&H joins several new distributor partners this year as part of this new strategy.

Also key to our distributor model is providing access to specialized, geo-specific distributors to help partners take their business to the next level. To support this localized and specialized approach, we have already onboarded several new distribution partners in the UK, Ireland, the DACH region and North America.  We will continue to work with our large top-tier distributors to complement our model. Our AVG Sales team will remain engaged with our growing partner base while also developing new accounts and relationships within our distribution partner network.

We look forward to sharing more updates.  If you’re attending ChannelCon this year, please stop by the AVG Business booth (#719) – you may even win an iPad Mini 4.  Thank you for your continued support.

AVG offers free ransomware decryptor tools for businesses

AVG just released six new ransomware decryption tools for our channel partners and their clients.  The free tools decrypt the recent ransomware strains Apocalypse, BadBlock, Crypt888, Legion, SZFlocker and TeslaCrypt.

While our AVG Business products help detect and block against all known ransomware strains –  including this recent six – our AVG partners now have helpful tools if a new client, or even a prospect, has a situation where files are already infected by ransomware.

With our new decryption tools, you should be able to recover your clients’ files and data without paying the ransom.

Using the AVG ransomware decryption tools

To use our AVG decryptor tools for the six recent ransomware strains, follow our simple five step process to unlock the encrypted files:

  • Run a full system scan on the infected PC and quarantine all the infected files.
  • Identify which infection strain encrypted the files. See the descriptions of each strain below. If the ransomware infection matches the strain details, download the appropriate tool and launch it.
  • The tool opens a wizard, which breaks the decryption process into several easy steps.
  • Follow the steps and you should again be able to reclaim your files in most cases.
  • After decryption, be sure to properly back up restored files.

The six ransomware strains and AVG decryptor tools include:

  • Crypt888
    • Description: Crypt888 (aka Mircop) creates encrypted files with the prepended name “Lock.” It also changes your desktop’s wallpaper to a message on a black background that begins with, “You’ve stolen 48.48BTC from the wrong people, please be so kind to return them and we will return your files.”
    • Unfortunately, Crypt888 is a badly written piece of code, which means some of the encrypted files or folders will stay that way, even if you pay the fine, as the cybercriminals’ “official decryptor” may not work.
    • Download the AVG decryptor tool:
    • http://files-download.avg.com/util/avgrem/avg_decryptor_Crypt888.exe

 

At AVG, we take ransomware threats very seriously. We encourage our partners to continue being proactive by using multilayered protection, such as AVG Business solutions, which detect and block ransomware. You can find additional examples of the six ransomware strains and detailed descriptions here.