Tag Archives: Tony Anscombe

Why AVG is the #1 AntiVirus & Security Product for Staying Safe While Online Dating

In an increasingly interconnected community where more relationships are formed through online connections, people not only need a way to safeguard their information, but to protect themselves from cyber threats.

 

Short Version: Since 1991, AVG products, which are now part of Avast, have been one of the most popular providers of online security software, offering a free-to-download antivirus product for Windows, Mac, and Android devices. For those wanting additional features and functionality, the subscription option, AVG Internet Security, automatically scans your system and gets rid of any harmful malware and viruses while keeping your security up to date against the latest threats. For online daters, that means instant peace of mind. While you browse through a dating site, the HMA! Pro VPN application will automatically encrypt sensitive information, hide your location, and keep you safe online. You can maintain your privacy on a dating site by using AVG Internet Security, the #1 resource for security software.

Tony Anscombe, AVG Product Evangelist, has made online security his life’s work. For over two decades, his job has been to speak directly to consumers and raise awareness about cyber-security issues by writing blog posts and articles and giving lectures around the world.

Photo of Tony Anscombe, Senior Security Evangelist at AVG

A while back, in London, he gave a memorable presentation to a group concerned about privacy online. Before the talk, he asked their permission to do some digging and see what he could pull up about an attendee’s online footprint — using just her name.

Even those who consider themselves very private often leave a trail. Someone who knows what they’re doing (like Tony) can follow old accounts and access data that users may not want to be public knowledge.

In the case of one woman, he was able to find old dating profiles where many personal details lay hidden. He’d never met her, but suddenly he was an expert on her.

As Tony rattled off her favorite song, favorite car, and where she vacationed last year, she sat dumbfounded. She hadn’t imagined so much information existed about her online. “That’s remarkable,” she said.

When you enter the world of online dating, you don’t want to reveal too much information to the wrong people. The AVG product line, one of most popular brands of security software, provides the best options to keep you safe while flirting over the web. Since 1991, this tech-savvy team has backed up singles online with state-of-the-art protection from phishing, spamming, malware, viruses, and other threats to personal information.

“We believe everybody has a right to a certain level of protection,” Tony said. “If somebody’s got a laptop or a phone today, there are so many cyber threats that it’s essential they have a security product to protect them from bad guys.”

 

AVG’s Free Online Security Protects You on Any Device

 

AVG security products provide protection, performance, and privacy for people, and you can get a great product immediately at no cost. If you want more features, you can also sign up for the free 30-day trial of AVG Internet Security to experience enhanced firewall, disk cleaner, automatic updates, and other functions that keep all your devices running smoothly.

Whether you’re a fan of desktop dating using your Mac computer or you like to date on the go with your Android phone, AVG Internet Security protects consumers from the latest threats ranging from malware to email spam.

Anyone can be hacked, even Mark Zuckerberg, if proper measures of protection aren’t in place. To keep your dating profile as safe as possible, Avast also offers proactive solutions like the HMA! Pro VPN application, which encrypts your Internet connection and hides your location to keep you and your information safe. In the unlikely event you are hacked, its Remote Virus Removal service can get rid of any viruses or malware on your computer and restore your devices.

Screenshot of AVG's antivirus product page

As his family’s resident IT guy, Tony said he uses AVG Internet Security to manage everyone’s software, sometimes running a scan for his son or updating the software for his parents. “I’ve become their remote IT manager, and I can do all that from my phone,” he said. “There’s a whole host of protection products to choose from.”

The company sees 1 billion malware attacks per month, blocks more than 500 million malicious URLs per month, and blocks around 50 million phishing attacks per month. When it comes to protecting people on their mobiles, in 2010, the AVG AntiVirus for Android app was the first antivirus app available on Google Play to surpass 100 million downloads. Free for the first 30 days, the AVG app comes with a device lock, app backup, and other features to protect mobile users.

My favorite is the Camera Trap, which takes a picture of anyone snooping on your phone or tablet. If a nosy partner tries and fails to unlock your device, it’ll snap a photo and email it to you. Caught red-handed!

A Security Expert Gives 4 Safety Tips to Online Daters

With 20 years of background working as a technician and consumer advocate, Tony has plenty of expertise regarding how to date safely on the web. He takes his security-conscious perspective everywhere he goes.

Sitting at the airport during our phone interview, he looks around and sees people on their phones, most likely using public WiFi to surf online. Unless it’s encrypted, he told us, that traffic can easily be turned into public information.

 

Screenshot of AVG AntiVirus Free

“Especially when you’re dating, you’re sending lots of personal contact information back and forth,” he said. “All of that is flowing in free texts. It’s like sending a love letter via postcard. Everyone along the delivery train is probably going to read it.”

To help you secure your information, Tony shared four essential tips for safely creating an online dating profile.

1. Research Your Electronic Footprint Beforehand

Tony is happily married but tells singles if he were online dating, his first step would be “to actually go out on the Internet and find out what’s out there about me already.”

This is as easy as Googling your name or your username. You’ll see what someone searching for you will find — hopefully, nothing too embarrassing — and you can make sure your virtual identity appears the way you want it. Goodbye, embarrassing LiveJournal profile from 2005.

You can also set up Google Alerts to let you know automatically if any new information about you enters the public domain. That way no one can share any details about you without your knowledge.

2. Create a Separate Email Account With a Unique Password

When you actually set up your dating account, you should have an escape route mapped out, just in case. That means creating a profile that is totally separate from your other online identities: new email account, new username, and new password.

You don’t want people to be able to cross-reference your dating profile with social media accounts. A burner email account will lead any potential stalkers to a dead end, with no way to find your more permanent profiles.

“If everything doesn’t work out on the dating site,” Tony said, “you can kill your existence.”

3. Make Sure Your Pictures Don’t Reveal Your Location

You may not intend to broadcast your location when you post a picture, but for someone who knows where to look, that could be exactly what happens.

Thanks to geo-tagging, when you send your potential match a quick selfie, you could also be sending your exact whereabouts.

“A lot of Internet safety is as much about education and the person behaving responsibly as it is about the technology. Our technology is there as a line of defense to support your good behavior.” — Tony Anscombe, AVG Product Evangelist

“You need to start thinking about if you’re advertising your location,” Tony explained. “If you’re sending a picture in its raw format, and you have your location setting turned on on your camera, your GPS coordinates are attached to it.”

If you’re not ready to share your home address with someone you met online, be sure to extract that data from any media you send.

4. Pay With a Burner Credit Card

“I would also recommend somebody get a burner credit card to pay for a dating profile,” Tony said. “That way it keeps people away from your permanent life.”

You can pick up a prepaid card at the supermarket or buy a virtual visa online. However you go about it, the point is keeping your primary credit card safe from hacking. This way, if the company itself is hacked into — as AshleyMadison was in 2015 — your payment information won’t be compromised.

“Make sure, whatever you’re doing, you’re using different, complex passwords,” he added. “You don’t want to be the next victim of a data breach.”

The Company Continues Growing & Updating Their Safeguards

In 1991, AVG was a small company based out of the Czech Republic. Their security products soon generated high demand, and the company grew to have hundreds of millions of users, and to be known as one of the most reliable products on the market.

By 1998, they were selling products in Europe and the U.S., and in October they were acquired by Avast, an industry-leading maker of the most trusted security software in the world.

Photo of the AVG logo

Because of AVG’s relentless support, singles signing up on a dating site don’t need to feel vulnerable to online scammers or hackers anymore. Daters have the power to keep themselves safe from cyber threats by downloading the AVG software or apps.

As Tony demonstrated in London, a lot of information is floating freely on the web — AVG has an array of versatile products that can hide details you don’t want to become part of the public domain.

“Keeping ahead of cyber criminals is a huge task,” Tony said. “We are continually developing new engines, new techniques, and new mechanisms to keep people safe.”

 

*This article was also featured on Dating Advice online site www.datingadvice.com

 

The secret security trick that will help protect Yahoo! users

Yawn, another data breach. This time it’s Yahoo! that’s affected. Despite news outlets proclaiming it’s the biggest breach of its kind, how many of us even lifted an eyebrow?

 

Are we in danger of becoming complacent when data breaches are being disclosed so frequently and seem to grow in size?

Every month, or less, another story hits the press about a data breach and we are told to hurry along and change our passwords. Now, don’t get wrong – this advice is good. Changing passwords, protecting email accounts, enabling two-step authentication and generally being more vigilant and secure about our online activities are all things that will help stop the bad guys getting too much access to our online life and private information.

But let’s consider the fact that the Yahoo! data breach, which happened in 2014, affects an estimated 500m user accounts and the data exposed may include email addresses, phone numbers, date of birth details, encrypted passwords and, in some cases, security questions. Even if you go and change your passwords today, there may already be an opportunity for cyber-criminals to reset or access your other online accounts as some of this information has already been released by the hackers.

In the face of a breach with such far-reaching implications, maybe it is not that we are complacent, but that we simply don’t know what we can do after the fact. There are a few simple actions we can take, however, that will help.

Stop trusting the traditional password and move to two-step authentication, if you haven’t already. This may sound complicated but it’s a concept you already know from every time you use your ATM card. You have the card and you know the PIN; but without both parts, the card will not work in an ATM machine.

For an online account, the two factors might be your phone and the contents of a text message sent to you at login. It doesn’t have to be inconvenient, either. Some companies only invoke this stronger login process when you try accessing an account from a new device, which seems like a good compromise.

For Yahoo! users, it might be a relief to know that Yahoo! has a fairly unique security system that is called account key. If you are about to change your Yahoo! password, I recommend taking the extra step and switching this service on.

It simplifies logging in by connecting your login request with the Yahoo! app on your phone. The browser login screen asks for your Yahoo! ID, then displays a page that says it’s waiting for confirmation to login.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/yahoo

Meanwhile, your phone will receive a notification asking you to confirm the login with a simple click of a button – yes or no.

1 in 3 small businesses is clueless about ransomware!

A third of small to medium sized businesses surveyed by AVG had never heard of ransomware, demonstrating an urgent need for education on one of the fastest growing malware categories.

 

Ransomware is one of the world’s fastest growing malware categories. In June, we surveyed businesses to understand who had heard of the term ‘ransomware’ and what they understood about it. 381 of our small-to-medium business (SMB) customers in the US and UK responded to our questions and the results proved revealing and concerning.

Here are the key points:

68% of respondents said they had heard of the term ‘ransomware.’

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/avgransomware

That may look like a good percentage, but this also indicates that even with security industry, media and governments working hard to educate businesses about the risks, nearly 1 in 3 is still not aware of this significant risk.

So what is ransomware and how does it impact businesses?

Ransomware is a generic term for a category of malware that restricts access to a device or the file(s) on a device until a ransom is paid. It’s a method for criminals to make money by infecting the device and has become very effective at causing havoc for a business or organization that is unfortunate enough to become a victim.

It’s not new, which is why the 32% concerns me. The first cases were reported as far back as 2005, which took the form of fake antivirus software claiming you had issues that required payment in order to be fixed.

Over time, ransomware morphed into scareware messages. Scareware messages, designed to trick users into downloading malicious software and often disguised as communications from law enforcement, typically claim that a device has been infected or that the usage history of a device shows illegal activity—or in some cases blatantly locking files until you call and pay the ransom.

The 68% of respondents claiming to know what ransomware is had very different opinions, many of them inaccurate. When asked to explain the term, it turns out that 36% (of the 68%) didn’t actually know what it was.

A major security concern

Since 2013 when Cryptolocker ransomware first surfaced, ransomware has now become a major security issue with organizations being held to ransom – and in some cases paying to get their data unlocked. Numerous incidents have been cited where thousands of dollars have been paid: hospitals, charities, hairdressers have all been held to ransom. One university has suffered 21 attacks in the last year alone!

The true scale of the problem is somewhat hard to define though because, understandably, many businesses and organisations are reluctant to reveal they’ve been held to ransom because of fears about being targeted again, or losing existing or new customers.

People are held to ransom in just a few seconds

Unsuspecting victims are infected through emails impersonating customer support personnel from well-known company brands. Once activated, the malware encrypts files and demands payment, typically a few hundred dollars within a timeframe of 48 or 72 hours.

Last year alone, the FBI received 2,453 complaints about ransomware hold-ups last year, costing the victims more than $24 million dollars! Earlier this year, the UK National Crime Agency claimed ransomware attacks have increased in frequency and complexity, and now include public threats by the perpetrators to publish victim data online, as well as the permanent encryption of valuable data.

4 ways to protect your computers and networks against ransomware

  1. Stay vigilant. One of the most common methods of infecting a system is via a spearheading email with a malicious attachment or link. If you are not expecting the email, or it looks suspicious in any way, do not open it and delete it.
  1. Back up your software and systems. It’s really important you keep your software and operating system updated. Back-up your files regularly and don’t forget to keep your backup media disconnected from your PC. Otherwise, your backups might get encrypted as well. This also applies to storage and network drives e.g. Google Drive, Dropbox, etc.
  1. Use the latest protection software. At AVG, we take ransomware very seriously and our AVG Internet Security and AntiVirus Business Edition solutions detect and block ransomware and other malware variants from infecting your devices and servers – leaving you to focus on what matters.
  1. Don’t pay. If you do fall victim, do not pay. Funding these criminals only encourages them to attack other people. Research the specific infection to see if there is a decryption tool. We offer 7 of these tools for free with more on the way.

Don’t be the 1 in 3

Taking proactive steps to protect your organization from a ransomware attack is essential to the smooth running of your business—it is your livelihood, after all. Contingency and remediation planning are also crucial to business recovery and continuity, and these plans should be tested regularly.

Who do you trust with your online data?

Dropbox recently disclosed that 68 million of its user’s login credentials were published after it was initially hacked back in 2012. Does changing a password now really make a difference?

The file servicing company is back in the spotlight after the login details of 68 million of its users were published after it was hacked back in 2012. Dropbox has taken the usual, sensible approach by reminding people to change their passwords regularly in any case and, in particular, when the security of any online provider they use has been compromised.

It has also initiated a push reset that changes all the passwords of those potentially affected to ensure no one was missed, reassuring impacted users that even if their previous passwords were compromised, their accounts cannot be accessed.

While companies suffering an unfortunate hack often recommend resetting passwords, few take the step of actively encouraging users to use 2-step authentication. In its blog, Dropbox recommended this approach – but its email notifications only mention passwords; the same is true of their help page on ‘Email and Passwords’.

I am sure, however, that we are not too far away from a company enforcing enhanced security, such as 2-step authentication, on its users. AVG recently conducted a poll in the US and UK to find out who people think is responsible for their online data. Against this backdrop, the findings are interesting.

Those who are most responsible for keeping online data safe are any businesses that store personal data (74%), banks (66%) and online security companies (57%). Only banks and security companies were seen as taking this responsibility seriously enough by 74% and 63% of people respectively.

So it seems that people expect a company like Dropbox to take responsibility for keeping their users’ data safe but they don’t necessarily think such businesses take this seriously enough. In addition, 86% of people polled said that personal identification data was the type of information they were most concerned about sharing, and having collected by businesses.

It’s great to see that people are aware – and concerned – about how other entities handle their private data and what degree of responsibility they take for holding that data. The news about Dropbox merely confirms that we can’t simply trust companies to keep our data safe.

So if you are affected by this breach, or have been affected by any other, then I recommend taking two steps to try to remedy the situation.

Firstly, secure any online accounts, such as banking or social media, by ensuring they aren’t using the same email and password combination. If you are re-using login details across multiple accounts, change them and use two-step authentication if possible, such as a password and a back-up phone number or other account.

Secondly, be alert to suspicious activity on your accounts such as receiving any potentially fake emails. If your data is at risk for having been compromised, you should validate these as genuine by contacting the company that sent them directly or visiting their website before taking any of the action suggested by the email.

Finally, as you would expect, I always recommend having a good internet security product on your PC or mobile devices. Whether you use a laptop or a tablet to access your online accounts, you should always ensure you are as protected as possible against any hacks, phishing tricks or spam emails because as we have seen, we can’t rely on other people to keep us safe online.

Finding too much in your Pokémon app?

Are you addicted to the augmented reality of Pokémon Go yet? If so, then you are not alone and if not, beware of playing the game because you might be.

 

But be careful, whether you are an existing or new player as with any craze as popular as this then cyber-criminals see an opportunity to make some cash.

In the last week several security researchers have released details of threats ranging from fraudulent social media accounts to malware infected apps available in the Google Play store.

The malware infected app found by security researchers this week was available in the Google Play Store and is reported to have been downloaded over 500,000 times. The apps malicious payload is capable of taking root access rights on a user’s phone. The app masqueraded as a ‘Guide for Pokémon Go’, leveraging the huge success of the game to dupe people into downloading an app that could then uninstall/install apps or display unwanted adverts.

The research on social media accounts found 543 accounts related to Pokémon Go across Facebook, Twitter and Tumblr with over 30% (167) of them delivering fraudulent content to their visitors. With a mix of downloadable game guides, imposter accounts and free giveaways affecting both desktop platforms and mobile devices delivering adware, malware or software not related to the content advertised.

With cyber-criminals motivated to cash in on the phenomena we strongly recommend that vigilance is needed when downloading or researching details about the game and the best way to play.

If you think you may have clicked a bad link or downloaded a rogue app then download AVG AntiVirus for Android, it’s free and detects malicious app downloads in real-time. AVG detects the threat from the malicious app mentioned above and our researchers work 24×7 to ensure that we bring you protection to threats as they happen.

Stay Safe While Online Shopping Labor Day Sales

What’s your Labor Day weekend going to comprise of? If it involves hitting Labor Day sales and shopping online or reviewing finances, stay safe with some tips to stay safe.

Labor Day is a US and Canadian public holiday of festivities held in honor of the working people, very similar to May Day in many other countries. This holiday,make sure you’re not creating yourself additional work and take precautions when online.

Staying safe online, whether shopping in the Labor Day sales or posting pictures of a family day out, it’s an important part of our everyday lives. The risk of identity theft or fraudulent transactions being posted on your credit card will undoubtedly create more work for you and turn the festivities into a nightmare.

 

Below are a few tips to help you stay safe.

  1. Visit websites from brands that you trust. Searching for something online may bring up the bargain of a lifetime but if you have not heard of them and they have no positive reviews to validate them my advice is to stay away. If it sounds too good to be true, then it probably is.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/laborday1

  1. Make sure the checkout page is secure. The example below from the Bank of America shows the company name appearing in green meaning they have Extended Validation Certificate. The certificate means the highest level of SSL encryption and the company verified it is a legitimate entity to the certificate issuer. The padlock gives us visual identification that data between your browser and the server is encrypted so no sneaky cyber-criminal can see what you are doing.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/laborday2

 

  1. Consider checking out as a guest, retailers want you to register so they can communicate offers to you and provide convenience with account information and delivery addresses. If this is a retailer you do not frequent commonly then you probably don’t need an account or your data being kept on their servers. If you do create an account click the option not to store payment details, that way if the retailer does have a data breach then your card details should be safe.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/laborday3

 

  1. Make payments with a single card with a limited credit limit. Having a specific card for online shopping limits problems to a single card and limiting the amount you can spend on the card restricts potential damage should the card details be compromised. Consider paying using other methods, for example PayPal’s buyer protection.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/laborday4

 

  1. If you’re on a mobile device then consider paying through ApplePay or AndroidPay. Many of us may still feel uncomfortable paying through our phones but the new payment methods provide additional security to protect us. In the case of both of the aforementioned services your credit card data is never transmitted keeping you in control of your data./var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/laborday5/var/www/now.avg.com/18.47.0/wp content/uploads/2016/09/laborday6
  2. Keep away from infected or rogue websites by ensuring you have up to date security software, such as AVG. Available for both Windows, Mac and Android, with free and paid options it’s easy to stay protected.

 

We want your Labor day to be the celebration it is meant to be. Taking precautions online will help ensure this. If you do find yourself in a situation that your card or bank account have been subject to fraudulent charges then contact the bank or financial organization immediately and put a stop on the card.

Have a great labor day, stay safe America!

A generation of connected kids

As many of our kids have returned, or are in the process of returning back to school, we should expect to see different behavior patterns in their usage of devices.

 

Hopefully one of those changes will be to use them for studying.

As parents we want our kids to have a balanced life of being online while still appreciating the need to have life skills, such as actually speaking. Our concerns are not new, back when the wireless (radio) was invented I am sure parents told their kids to stop listening to that box, in the same way my parents told me I would get square eyes if I watch too much TV.

Controlling the balance can be tricky, especially when our kids only know a life that’s online and the normal way to communicate. It’s important that device time is understood as a privilege and not a right. Some parents have contracts with their kids stating what is expected of them when using a device, while others do nothing and some block or monitor access.

When thinking about screen time one of the first things to do is walk around the house and count the numbers of devices that are connected. Many of us forget that games consoles and some toys are now connected devices, so asking your child to put down their phone just to see them pick up another connected device might not be achieving the goal of having a balance.

In my house we strike the balance through communication and education, this has worked well for us. One of the first things we implemented was ‘the basket’, a place where phones live during meals times and overnight. This drives conversation at the meal table and texting, posting or gaming late at night has never been an issue. The biggest challenge here is can you as an adult commit to putting your phone in the basket!

Understanding what your kids do online is important. Effective monitoring through parental control software or using software on an internet router, such as the Ally System, supported by AVG, from Amped Wireless will give you oversight that will allow you to have conversations about inappropriate use and behavior. The insight of knowing that your child is spending 3 hours a day on social media should encourage you to have a conversation about time well spent.

Many of these technologies also offer the ability to block, while blocking inappropriate content is a good idea limiting your kids access through blocking will push them underground to connect in other locations such as public libraries, coffee shops or their friends house. And remember their smart phone probably has it’s own access. My point here is that you cannot control their access everywhere, so it is better to educate them having the knowledge of what is being accessed so that they behave well wherever they are and they have the principals to stay safe.

Another important element to limiting both screen time and keeping them safe is understanding the functionality of the apps they run. Listen to your kids talking to their friends about what they use, talk to them to find out and then go off and download the same apps.

Over 900 million Android devices at risk from QuadRooter vulnerabilities

What is QuadRooter?

Researchers at Check Point® Software Technologies have released details of four vulnerabilities, which they have dubbed ‘QuadRooter’, that affect Android™ smartphones and tablets built with Qualcomm® chipsets.

Any one of these vulnerabilities could be exploited by a malicious app downloaded onto the user’s device which, without their knowledge, would allow the attacker to gain full access to the phone. Considering the significant amount of personal and business data we store on our connected devices, this has major security implications.

According to Check Point, some of the Android devices that contain this chipset and which are therefore at risk include:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

 

How to protect your Android device from QuadRooter

If you own one of these handsets, it does not mean that you have been the subject of an attack that gains control over your device. For the attack to be successful, it must download the malicious app that takes advantage of one of these four vulnerabilities to your device.

Ensure you update your handset with any security patches available for the issue. For example, Qualcomm has already released a fix for all four vulnerabilities while Google has released patches for three of the four, with the final fix expected in the very near future.

In addition, there are four steps you can take to make sure your device is as secure as possible:

 

  1. Your device should automatically prompt you to download and install the latest available updates. Tip: make sure you have a wi-fi or broadband connected before downloading as some updates can be large.
  1. Only download apps from official apps stores such as Google Play. Avoid sideloading apps, such as when you are offered an app on a web site. To ensure you get the authentic app, go to the Google Play store directly and download it from there. This reduces the risk of getting a malicious app by accident.
  1. Switch on the “verify apps” function in your Android settings. This means that even if you do download an app from somewhere else, this feature will check with the official app store to make sure it’s compliant.
  1. Protect your device with antivirus software such as AVG AntiVirus for Android and make sure you keep it updated. Should an attacker use the vulnerability to plant the malware on your phone or tablet, an up-to-date antivirus program will detect and prevent its execution.

 

The best advice I can give is not to panic and not to be complacent. Vulnerabilities like this are actually relatively common and taking preventative action quickly will help protect your devices and your data from unnecessary risk.

Don’t believe everything you read about ‘unsafe’ security products

Online reports about the safety of security products can be very alarming, which is why we want to address those concerns and provide assurance that we take them very seriously.

You may recently have read about the discovery of a vulnerability in a number of online security products, specifically regarding ‘code hooking.’ The issue, when originally found, affected a number of antivirus companies, including AVG.

We took this vulnerability in our products very seriously when we first learned of it in December 2015, and we resolved it within two days. In fact, enSilo, the research company that identified the issue, credited our fast response in an article titled ‘Learning from AVG on Doing it Right’.

The new articles on this topic arose from enSilo’s ‘Captain Hook’ report, which details potential security issues regarding the incorrect implementation of code hooking and injection techniques. There is no reference to AVG in this report, and any media articles mentioning AVG in conjunction with this report are inaccurate.

enSilo has not disclosed any new vulnerability or security issue with our products, which they confirmed when we contacted them. Our previous experience with enSilo indicates they are a responsible company that reports issues to vendors prior to disclosing them publicly.

AVG encourages developers and researchers to report any issues with our products through our proactive bug bounty program. This process allows us to investigate potential issues fully and take the steps to fix or mitigate as necessary without unduly alarming our users.

I would like to thank enSilo for their valued partnership to date in helping us to protect our customers in an ever-changing security landscape.

Passwords Protect Your Business, but Who’s Protecting Them?

When we asked AVG Business customers in the US and UK how they keep company passwords safe, we were surprised to learn just how many of them … simply don’t.

 

Hundreds of millions of employees worldwide use passwords multiple times every day to access business resources ranging from email and domain management to banking and accountancy. These passwords—strings of letters, numbers, and symbols used to validate access—are one of your business’s primary ways to protect vital resources. But what is your business doing to protect them?

In June, AVG surveyed businesses about their password-protection policies and practices. 381 of our small-to-medium business (SMB) customers in the US and UK answered 16 questions, and here are some of the things we discovered from their answers:

  • A third of respondents believe their company’s passwords could be more secure.
  • 72% believe their workplace passwords are stored in a safe place.
  • 22% of businesses use password management software.
  • Four out of ten people use the same passwords for different business log-ins.
  • 50% of people use between 1 and 10 passwords to access different networks, software, and accounts.
  • A quarter of participants use two-factor authentication for their passwords.
  • 67% claimed there are 1-2 people who have access to their company passwords.
  • 43% of people with access to company passwords don’t have a clause in their contract to keep these passwords confidential.
  • 51% of employees save all or some of their passwords through their web browser.
  • For one-third of businesses, the owner, president, or MD is responsible for managing company passwords.
  • 16% of non-employees (contractors, freelancers, temps) can access company passwords.
  • 19% of people surveyed said their business uses an automated password generator.
  • 68% of people surveyed say they have heard of the term ‘ransomware.’

The results in full

 

Password Security

A third of participants believe their company’s passwords could be more secure.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure

This result isn’t too surprising, considering the most-used passwords in 2015 were ‘123456’ and, you guessed it, ‘password.’

 

Password Storage

72% believe their workplace passwords are stored in a safe place (i.e. not accessible by unauthorized personnel).

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avbpwsecure1

22% of businesses use password management software.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure2

Small businesses can benefit from using a tool allowing them to securely manage several different accounts simultaneously and store all company passwords in one place. Or a user authentication service, such as AVG Single Sign-On (SSO), lets users employ a single set of log-in credentials—with a two-factor authentication option—to access multiple applications.

 

Logging in

Four out of ten people use the same passwords for different business log-ins.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure3

Using one password for multiple services may feel like a time-saver, but it weakens the gateway to your business, data, customers, and potentially your identity. So just imagine if this one password got into the wrong hands. We recommend giving each employee their own password and account, to ensure accountability and improve security.

50% of people use between 1 and 10 passwords to access different networks, software, and accounts.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure4

Small businesses often use so few passwords because they have a small domain, which combines sign-on for email, network and, other linked services. However, whatever the number of passwords a business uses, they must always:

  • store them somewhere safe,
  • control who has access to them, and
  • ensure the passwords are strong, i.e. contain caps, numbers and symbols.

 

A quarter of participants use two-factor authentication for their passwords.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure5

More and more big brands such as Apple, Twitter, and Evernote have introduced the two-factor authentication option, which confirms user identity through a combination of something you have (e.g. an ATM card) and something you know (e.g. your ATM PIN).

 

Password Access

67% claimed there are 1-2 people who have access to their company passwords.

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure6

IBM’s 2014 Cyber Security Intelligence Index showed 95% of all security incidents involved human error. Successful security attacks happen when human weakness is exploited to lure a company’s employees to unwittingly provide access to sensitive information.

43% of people with access to company passwords don’t have a clause in their contract to keep these passwords confidential.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure7

Including a confidentiality clause in every employee or third-party contract is an additional—and necessary—layer of protection for your business.

51% of employees save all or some of their passwords through their web browser.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure8

Using a web browser to remember your password is convenient, but poses a security risk. How big a risk depends on whether you sync with other devices, what browser you use, and how many people have access to your business computer(s) using the same profile. Next time your web browser asks to save your password, reconsider, and select “Never for this site.”

For one-third of businesses, the owner, president, or MD is responsible for managing company passwords.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure9

When it comes to IT security, small businesses are in a tight spot, because they’re heavily dependent on computers, yet not large enough to have a dedicated IT staff member. So often the owner, president, or MD becomes the closest thing a company has to an infosec expert. As a business grows, so will the IT infrastructure, at which point dedicated personnel should take responsibility for managing company passwords.

 

16% of non-employees (contractors, freelancers, temps) can access company passwords.

For the most part we know and trust our colleagues, so granting system access to full-time employees makes sense. But what about for short-term projects involving a contractor with understandably less of a commitment to the company? Should you really share passwords with these staff? The best solution, if access is essential, is to create temporary log-ins, which you can delete when temporary employees leave. Otherwise, you’re left having to change the password for everyone … or be comfortable leaving it alone, knowing someone who’s left the company technically still has access. And in case it’s not clear, we don’t recommend you ever do this.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure10

For the most part we know and trust our colleagues, so granting system access to full-time employees makes sense. But what about for short-term projects involving a contractor with understandably less of a commitment to the company? Should you really share passwords with these staff? The best solution, if access is essential, is to create temporary log-ins, which you can delete when temporary employees leave. Otherwise, you’re left having to change passwords for everyone … or be comfortable leaving passwords alone, knowing someone who’s left the company technically still has access. And in case it’s not clear, we don’t recommend you ever do this.

 

Password Generation

19% of people surveyed said their business uses an automated password generator.

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure11

 

The best, easiest way to create strong passwords is to use a password generator.

 

Ransomware

68% of people surveyed say they have heard of the term ‘ransomware.’

 

 

/var/www/now.avg.com/18.47.0/wp content/uploads/2016/07/avgbpwsecure12

However, 36% (101 out of 277) of those who thought they knew what ransomware is actually didn’t.

Ransomware is malware that encrypts your files, then demands payment—often with a time limit—before decrypting them. Not only does ransomware target your most valuable files, it can lock down system files to render your web browser, applications, and entire operating system unusable.

So what do businesses need to know? And what can you do?

Experts warn that small businesses are fast becoming cybercriminals’ favorite target—and those businesses are quite often woefully unprepared. Cybercriminals know that SMBs can be an easy path to a much bigger target, that is your customers and partners. Many breaches could have been prevented with robust employee and contractor education, more stringent password policies, and the use of two-factor authentication.

In 2015, US businesses saw an average 160 successful cyberattacks per week, more than times the 2010 weekly average. Cybercrime globally cost businesses $400-$500 billion last year, and the estimate for 2016 is $2-3 trillion.

In the UK, the latest Government Security Breaches Survey found that nearly three quarters (74%) of small businesses reported a security breach in the last year, an increase from both 2013 and 2014. And the cost of each breach was £75,000-310,800, with 31% being staff-related.

Ultimately, you cannot take it for granted that your employees or colleagues have the tools and knowledge to make the necessary decisions to keep the business secure. But by implementing sound policies and proven practices, you can equip yourself and everyone in your business to be part of protecting it.

And when it comes to IT security and password policies, never, ever, ever underestimate hackers. Where data could be stolen or money could be made, cybercriminals will persist until they find a vulnerability they can exploit. Your password policy is your key to the kingdom, so guard it accordingly.