Skip to main content

Charging in public places? Watch out for “juice jacking”

Airports, hotels, cafés, even shopping malls, offer public charging points where you can boost your phone or laptop battery on the go.

They’ve been in the news after the FBI recently tweeted advice to stop using them. Crooks have figured out how to hijack USB ports to install malware and monitoring software onto devices as they charge.

The security risk of “juice jacking” was long thought to be more theoretical than real, but the tech needed to carry out an attack has gotten smaller and cheaper and easier to use. This means less sophisticated criminals are now turning their hand to it.

So how does it work?

The most common charging cables – USB-C and lightning – are dual-purpose. They have pins for charging and pins for data.

When you charge your device, you only use the charging pins. But a compromised charging port – or a cable that someone has left behind – could use both charging pins and data pins without you knowing.

When they use the data pins, criminals can install malware onto your device that gives them access to your credentials and other data. It’s a little like plugging your phone into someone else’s laptop.

To avoid the risk, the best solution is to always carry your own charger and cable, and plug it into a power outlet. If you have no choice but to use a public USB port, invest in something called a USB data blocker. This prevents data being transferred, but the device will still charge.

We help businesses stay secure and productive at the same time.

If we can help you, get in touch.

Published with permission from Your Tech Updates.

LinkedIn takes action to tackle fake accounts

LinkedIn is introducing new verification features over the coming months to help tackle fake accounts.

The business-focused social platform is a fantastic place to connect with like-minded businesspeople, and to find new employees, jobs and opportunities.

But thanks to this popularity, we’re seeing an increase in fake profiles, created by scammers for more sinister purposes.

Bot-like accounts have been cropping up all over the platform. They’ve been spamming people, tricking genuine profiles into downloading malware, and scamming them into giving away personal data.

LinkedIn holds a huge amount of information on each of its members, including their job history, contact details, professional interests and places of work – all valuable data that a determined criminal could put to use.

These fake accounts can be hard to spot. They look like real people (sometimes they’re AI-generated deepfake images), they seem to work for legitimate businesses, and the profiles have been carefully curated to look like the real deal.

LinkedIn is making changes over the coming months to help tackle these fake accounts, by way of an improved account authentication process.

Microsoft, which owns LinkedIn, is partnering with secure identity platform Clear to help verify accounts using work email addresses, government-issued ID, and a phone number.

It’s initially only being tested in the US, but if it’s a success, we expect we’ll see a wider rollout over the coming months.

Once the relevant information has been provided, accounts will receive a verification mark, like the ones introduced by Twitter. However, unlike Twitter, LinkedIn will be offering verification free of charge.

We’ll keep you updated when we know more, but in the meantime, if you need help keeping all your accounts secure, get in touch.

Microsoft hints at some exciting Windows 12 developments

We’re fickle creatures.

Windows 11 still feels like a new toy, yet we’ve already heard (reliable) speculation about Windows 12 arriving as soon as next year. And now it’s all we can think about!

What will it look like?

What improvements will we see?

Will there be new features?

We can’t answer these questions with certainty just yet, but there are whispers of new features that could be big news for businesses.

Three in particular have got us excited.

First (and probably most obvious) is the inclusion of more AI functionality. From automation to chatbots, AI has exploded in recent months. It just makes sense that Microsoft will harness this power to bring us a more impressive operating system.

We’re likely to see better AI analysis of our content, and prompts to help us begin projects or choose apps to help get things done. It will also help us speed up what we’re doing with improved intuition for what we’ll do next.

We do know that Microsoft wants to bring us faster updates and better security.

It’s likely things will be split into different sections rather than having the entire OS as a single entity as it stands today. That means updates to different elements will be able to run in the background while you continue to work, and different people may be granted access to each partition for improved security.

Microsoft also intends to make the Windows 12 experience more modular. The benefit of creating different components in this way is that higher-powered devices will get the maximum Windows experience, while lower-powered devices will still be able to do everything they need, running the Edge browser, Office tools, or web apps, for instance.

Some of these features may be reliant on dedicated hardware and upgraded equipment and we’re waiting for more announcements on that. As soon as we hear, you’ll be the first to know!

If you haven’t yet made the move to Windows 11, now’s a good time. Get in touch if you need any help or advice.

Published with permission from Your Tech Updates.

Criminals are exploiting AI to create more convincing scams

One of the many cool things about the new wave of Artificial Intelligence tools is their ability to sound convincingly human.

AI chatbots can be prompted to generate text that you’d never know was written by a robot. And they can keep producing it – quickly, and with minimal human intervention.

So it’s no surprise that cyber criminals have been using AI chatbots to try to make their own lives easier.

Police have identified the three main ways crooks have found to use the chatbot for malicious reasons.

1. Better phishing emails

Until now, terrible spelling and grammar have made it easy to spot many phishing emails. These are intended to trick you into clicking a link to download malware or steal information. AI-written text is way harder to spot, simply because it isn’t riddled with mistakes.

Worse, criminals can make every phishing email they send unique, making it harder for spam filters to spot potentially dangerous content.

2. Spreading misinformation

“Write me ten social media posts that accuse the CEO of the Acme Corporation of having an affair. Mention the following news outlets”.  Spreading misinformation and disinformation may not seem like an immediate threat to you, but it could lead to your employees falling for scams, clicking malware links, or even damage the reputation of your business or members of your team.

3. Creating malicious code

AI can already write pretty good computer code and is getting better all the time. Criminals could use it to create malware.

It’s not the software’s fault – it’s just doing what it’s told – but until there’s a reliable way for the AI creators to safeguard against this, it remains a potential threat.

The creators of AI tools are not the ones responsible for criminals taking advantage of their powerful software. ChatGPT creator OpenAI, for example, is working to prevent its tools from being used maliciously.

What this does show is the need to stay one step ahead of the cyber crooks in everything we do. That’s why we work so hard with our clients to keep them protected from criminal threats, and informed about what’s coming next.

If you’re concerned about your people falling for increasingly sophisticated scams, be sure to keep them updated about how the scams work and what to look out for.

If you need help with that, get in touch.

Published with permission from Your Tech Updates.

3 essential security tools for every business

Your data is one of your most valuable business assets. Keeping it safe should be one of your main priorities. So if you don’t have much security in place, there’s a minimum standard you should be implementing, right now.

There are dozens of security solutions available that all perform different tasks – from preventing criminals gaining access, to recognizing attacks in progress, and then limiting the damage that can be done. There’s no one-size-fits-all as every business has different priorities and different types of data to protect.

Here are three essentials that every business should put in place as a basic level of protection.

1. A firewall

A firewall monitors the internet traffic coming into and leaving your IT network. It acts as a wall between your network and the outside world. It’s your first line of defense against an intruder breaking in to your network.

2. A password manager for everyone in the business.

A password manager stores all your credentials securely, and can also generate nearly impossible-to-guess passwords for all your accounts and applications.

That’s useful against brute force attacks, where cyber criminals essentially try to force their way into your system by guessing the password. It also stops you writing down your passwords somewhere ‘safe’!

3. A VPN (Virtual Private Network)

A VPN is important for any remote or hybrid workers in your business.

It means your employees can access your network from wherever they’re working, without worrying that their online activity is being watched by a criminal.

VPNs make your browsing completely private, hiding your device and location details, and anything you download. If you or your employees regularly use public Wi-Fi – especially to access your network – a VPN is essential.

These are our absolute minimum recommendations.

The strongest security uses additional tools like Multi-Factor Authentication to prove the identity of all users, and antivirus software to deal with any intrusions.

These work together to create a multi-layered security shield to defend against threats on many fronts.

But it’s important you create a security plan that’s right for your specific business. It’s a good idea to seek some professional help.

Not everyone’s as excited about IT security as we are! But we definitely have a passion for it.

If we can help you, get in touch.

Published with permission from Your Tech Updates.

Microsoft 365 makes Multi-Factor Authentication easier

Microsoft is planning to enable Multi-Factor Authentication (MFA) directly in its Outlook app for many 365 business users.

MFA is a vital tool to help protect your online accounts from cyber criminals. It works by generating a second, single-use passcode every time you log into an account. It’s usually sent to an authenticator app on your phone that you have to download and set up first.

Security codes can also be sent via SMS text message, by a phone call, or you might be given a special USB key to plug into your computer.

The process is often made quicker by using a biometric login like your fingerprint or face ID. It’s a minor chore, but the protection it offers far outweighs the couple of extra seconds it takes to access your account.

Microsoft isn’t so sure about those extra seconds, though. If the tech giant can save you that time, it’s going to do it. That’s why it’s looking to streamline MFA for Microsoft 365 business accounts.

It’s rolling out the improvement by building MFA directly into the Outlook app in a feature called Authenticator Lite. Until now, it’s relied on a separate authenticator app or sending login codes.

There’s no news yet for those of us who want faster authentication on our personal PCs. If Microsoft does announce plans to make this feature available to more hardware or operating systems, we’ll update you with any news.

If you don’t already use MFA for your apps and online accounts, we recommend that all businesses implement it as soon as possible. The additional security it offers protects against the vast majority of today’s cyber threats.

For more help and advice about implementing MFA or getting the best from Microsoft 365, just get in touch.

Published with permission from Your Tech Updates.

Are your productivity tools actually slowing you down?

Productivity tools are supposed to make you more, well… productive.

But if they’re not embedded properly within your business, tasks can actually end up taking longer than they should. That’s frustrating for employees and you. It wastes time, and it costs money – which is the opposite of being productive.

So how can this happen?

Often a lack of consistent training means everyone is using tools differently, or finding their own workarounds. Maybe the tools haven’t been properly integrated with other apps, creating additional work. Or perhaps employees simply don’t find some tools useful and give up on them.

Bringing new technology into your business can be a big step – so big that lots of owners try to avoid it completely. That might be because of understandable risk aversion, or because they simply don’t have enough information to choose the right solution from the thousands of available options. It doesn’t help that nearly all tools work differently and offer different advantages.

What most business owners need is expert help. It’s easy to say you plan to introduce new productivity tools to keep employees happy and to gain a competitive advantage, but in practice it’s a lot more involved.

One thing’s for sure. As AI solutions become more and more integrated into new solutions – and others in your industry start to benefit from the new tech landscape – businesses that don’t keep up, risk being left behind.

Working with professionals can not only help to identify the most suitable tools for your business…

But also to help get the most from them by ensuring all your people are fully trained.

That means you’ll not only be getting all the productivity benefits you hoped for from your investment, you’ll also have a more engaged, better skilled and more productive workforce.

This is something we help businesses with all the time. Get in touch if you’d like us to do the same for you.

Published with permission from Your Tech Updates.

Bot malware is a growing security threat

If we talk about ‘bots’ you’d be forgiven for thinking of the amazing AI chatbots that have been all over the news lately.

But this isn’t a good news story. Bots are just automated programs, and bot malware is a worrying new security risk you need to defend your business against.

Malware bots are particularly dangerous because they steal whole user profiles – that’s a complete snapshot of your ID and settings. This potentially allows cyber crooks to bypass strong security measures like Multi-Factor Authentication (MFA).

Usually, if a criminal steals your username and password, they still can’t access your account because they don’t have access to your MFA authentication method. But with your whole profile available to them, using your cookies and device configurations, they can trick security systems and effectively switch off MFA. 

Once profile information is stolen, it’s sold on the dark web for as little as $5.

And it’s not even super-sophisticated cyber criminals deploying this technique. Just about anyone can obtain your details and use them for phishing emails, scams, and other criminal activity.

Since 2018, 5 million people have had 26.6 million usernames and passwords stolen, giving access to accounts including Microsoft, Google, and Facebook.

All this means there are things you need to do – right now – to keep your profiles and your business protected from bot malware.

  • Update your antivirus software and keep it on at all times.
  • Use a password manager and Multi-Factor Authentication to keep your login credentials safer
  • And encrypt all your files so that, if anyone does access your profile, there’s very little to steal.

These are the things we help our clients with every day. If we can help you, just get in touch.

Published with permission from Your Tech Updates.