About Chris Taylor: Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.
Many sites are set up to automatically switch from http to https. Try browsing to http://google.com and it will switch to https://google.com. But some sites support both http and https and don’t automatically switch. In June 2021 Microsoft introduced an experimental feature called Automatically switch to more secure connections with Automatic HTTPS in Microsoft Edge v92 and announced it in the Windows Blog at https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/. Even in Edge v106 (current as of this writing), the feature is still buried where you have to be pretty deliberate to enable it.
In the address bar in Edge, type edge://flags/#edge-automatic-https and hit Enter. Set the entry Automatic HTTPS to Enabled and restart Edge.
In the address bar in Edge, type edge://settings/privacy and hit Enter. Scroll down to the Security section and toggle on the option Automatically switch to more secure connections with Automatic HTTPS (1 in the screenshot below). You then have two options; Switch to HTTPS only on websites likely to support HTTPS (2 in the screenshot below) and Always switch from HTTP to HTTPS (connection errors might occur more often) (3 in the screenshot below).
I am not sure if the first option works all that well (don’t forget this was enabled through an “experimental” option). I don’t like the wishy-washy nature of the word “likely”. It does not work with http://www.example.com even though the site supports https://www.example.com . Even odder perhaps, http://example.com does switch automatically to https://example.com. The second option: Always switch from HTTP to HTTPS (connection errors might occur more often) seems more aggressive, switching both http://example.com and http://www.example.com to their https equivalents.
Given the warning that “connection errors might occur more often”, I thought the second option might prevent me from browsing to http sites, but with it set, I browsed to http://neverssl.com and was able to connect with no problem.
Even though my experience with the experimental feature seems less than a complete solution, I don’t see any major downside to using it. According to the blog, even if a webpage is prevented from loading, you will get a message that provides the option to continue to the site.
The holiday season is a time for online shopping. It’s convenient, often cheaper, and we can avoid crowds at the mall. But it’s also a time when scammers are out in force, trying to take advantage of unsuspecting shoppers. That’s why it’s important to be aware of the dangers of online scams and protect yourself. At GlassWire we really care about security, that’s why in this blog post we’ll give you some tips on how to stay safe when shopping online during the holidays. Make sure you read this blog post before your next online checkout, during this holiday season!
The importance of online safety when shopping online during the holidays
The holiday season is a time when many people are shopping online and scammers are well aware of that.
The most common type of scam during the holidays is phishing. This is when scammers send emails or create websites that look like they are from a legitimate company, but are actually designed to steal your personal information. They may try to get you to click on a link that will download malware onto your computer, or they may ask you to enter your personal information into a fake website. Be very careful about clicking on links or opening attachments from unknown sources, even if they look like they are from a trusted company. Keep track of all your purchases and store all their tracking numbers. Be suspicious of “missed delivery” emails and when in doubt, check yourself with the tracking number, typed directly into the official courier website.
A very appealing type of scam that is common during the holidays is “free trial” offers. These offers often seem too good to be true, and that’s because they usually are. The scammer will sign you up for a free trial of a product or service, but then start charging you for it after the trial period is over. They may also sign you up for other products or services without your knowledge. Be sure to read the fine print before signing up for any free trial offers, and be sure to cancel any subscriptions that you don’t want before the trial period is over.
Another example of a common scam is the sale of something that has no value. This could be the case with fake gift cards. These card codes could be already redeemed or just be not valid. Purchase only from trustworthy and official websites.
Last but not least, don’t let your goodwill lower your attention. Bogus charity schemes are most likely during the holiday season. Scammers set up fake charities and solicit donations from unsuspecting people who think they are helping others in need. Be sure to do your research before making any donations to charities, and only give to reputable charities that you know well.
How To Protect Yourself From Online Scams
Fortunately, there are some things you can do to protect yourself from being scammed when shopping online during the holidays:
First, only shop on secure websites. Type the name directly into the browser URL bar and avoid following links from suspicious platforms. This will help protect your personal information from being stolen by hackers.
Second, be cautious of emails and attachments from unknown sources—even if they look like they’re from a trusted company—as these may contain malware designed to steal your personal information or infect your computer with viruses. Always check the sender’s address and immediately delete any email coming from addresses that you don’t recognize.
Third, don’t click on links from unknown sources as these could lead you to fake websites created by scammers designed to steal your personal information or infect your computer with viruses. And finally, make sure your computer has up-to-date security software installed which can help protect against malware and other threats.
Unfortunately, it may also be the case when despite paying attention, you do find yourself the victim of an online scam. It’s not time to give up yet, as there are a few things you can do.
How to report an online scam
If you think you have been the victim of an online scam, there are a few people you can contact. First, you should reach out to the company or website where the scam took place. They may be able to help you get your money back or take other steps to help you. You can also file a complaint with the Federal Trade Commission (FTC). The FTC takes reports of scams and works to stop them. To make a report, go to their website and click on “File a Complaint Online.” Finally, you can also contact your local law enforcement agency.
When you make a report, be sure to include as much information as possible about the scam and what happened. This will help the person or organization you are contacting investigate and take action against the scammer.
Conclusions
It is important to be aware of the dangers of online scams when shopping online during the holidays. This is indeed among the most appealing periods of the year, for scammers, to prey on their victims.
Buy only from trustworthy marketplaces, read reviews before making any purchase and, if you still fear the risk, go back to local stores. A good talk, a piece of advice, and recommendations are always included in the price of the present.
About Chris Taylor: Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.
One drawback to using a screensaver is that it doesn’t cut the video signal (even if the screensaver is set to Blank) and this prevents the monitor from going into a low-power state.
On the other hand, power settings in Windows provide the capability of turning off the monitor after a period of inactivity and this feature does cut the signal to the monitor. A modern monitor can then go into a low-power mode.
Go to Settings | System | Power & sleep and select a time for Screen – turn off after.
You can also set the time for individual power plans. Click the Additional power settings link and then Change plan settings.
Unfortunately, the Windows setting to turn off your monitor doesn’t have an option to require re-authentication when the monitor turns back on after you start using the computer again. However, you can combine the two options to get the best of both worlds.
Set your screen saver to On resume, display log-on screen and choose the Wait period you want. Then, in Power & sleep in Settings set the Screen – turn off after to the same time period. The screen saver will ensure re-authentication is required when you resume and the Power & sleep option allows your monitor to go into low-power mode.
While it is possible to use only power options to have Windows prompt for re-authentication when you resume using your computer, it requires modifications to the registry. While not particularly difficult, I don’t think there is a major downside to use the combination of power settings and screensaver as detailed above.
Dynamic lock
You can configure windows to lock your computer if the Bluetooth signal for a paired phone falls below a certain threshold. In Settings| Accounts | Sign-in options under Dynamic lock select Allow Windows to automatically lock your device when you’re away.
Microsoft says Dynamic lock works with “devices that are paired with your PC” but a phone is the “only currently supported configuration”.
I don’t view Dynamic lock as a main means of protection. It only locks your computer after the Bluetooth signal strength drops below a certain level for 30 seconds and it is interrupted by any keyboard or mouse activity. While it might help you if you accidentally walk away from your computer without locking it, a quick-thinking attacker watching you walk out of the room can easily defeat Dynamic lock simply by moving the mouse or pressing a key.
We recently launched GlassWire 3.0 which came with a number of new features: GlassWire Score, Anomaly Detection and the Management Console… but there is a lot more to come! We would like to share with you some of the features we are working on:
GLASSWIRE V3 Windows (APP)
New and Simplified Network Traffic Tab Based on feedback received from our users, we are merging the “Graph” and “Usage” Tab into a new simpler Network Traffic Tab. Stay tuned!
New Tab: Hardware Resources Ever wished your Windows Task Manager gave you a comprehensive history of your PC’s resource utilization metrics? You will soon be able to have one with Glasswire! Next to the Network Traffic Tab, you will soon see a new Hardware Resources tab with a simple to use interface to view historical resource consumption (CPU, Memory, Disk) of all past and present processes and applications running locally on your PC.
New View in Network Traffic tab: Geo Map We are introducing a new view in Network Traffic which will visually and more intuitively show you on a world map where your traffic is going/coming from.
Goodbye Things, welcome Network Scanner The current Things tab is having a makeover. We are renaming it Network Scanner and significantly improving device recognition with the addition of device type, brand and model, so you can better understand what actually is on your network! And by the way, we will soon be moving Network Scanner under the free plan (it’s currently available only to paying subscribers).
GLASSWIRE V3 Management Dashboard (WEB)
Improved endpoint management. We will be enriching the data which is available on the management console (location, username, Organization) in order to allow our heavy-duty users to manage hundreds or thousands of endpoints.
Consolidated reporting across your endpoints. You will soon be able to aggregate historical data traffic reporting (and eventually hardware resource utilization) across your endpoint, seeing totals for your organization (or home) and/or outliers amongst your user base.
New alerts management to allow you to configure email alerting if any anomaly is detected in any of your endpoints.
Austin, November 17, 2022 Securemix LLC. and Domotz Inc. announced today that the companies have entered into a strategic partnership that will enhance the commercial capabilities of GlassWire.
The commercial distribution agreement will allow Domotz to resell the GlassWire software providing even greater strength to GlassWire’s growth efforts.
The partnership brings together the expertise of two players active in the network monitoring space.
GlassWire is an application that provides complete visibility and control over digital traffic generated or received by an end-user endpoint on a computer network. With over 30 million downloads since inception and hundreds of thousands of daily users, the software is currently one of the most popular and well-recognized traffic monitoring solutions for windows PC and android. The company is expanding its offering from the Prosumer market to the IT professional and Enterprise space.
Domotz, established in 2015, is a fast-growing US-based company that operates in the IT Asset Management, Network Visibility, and Telemetry space, helping thousands of IT Professionals, System Admins, and MSPs manage their network infrastructure in over 110 countries worldwide.
In the future, the two companies plan to exploit more partnership opportunities.
Gain even more visibility into your network traffic with our latest features!
We have been working hard over the past months to improve our software and we are proud to announce the introduction of some new and exciting features. We believe they will radically improve your understanding of all the network traffic generated from your PCs.
GW Score – To further enhance GlassWire as an endpoint security solution, we have introduced the GW Score, which will allow you to gain better insights into the safety of the applications running on your PC. Thanks to the GW Score, based on an algorithm that analyzes the applications’ popularity, you will understand if any applications running on your machine are “one of a kind” and therefore potentially dangerous. If you do use customized software, you can mark it as “safe”.
The GW Score ranges from 0 to 100%. If an application looks suspicious (typically runs on less than 1% of users’ machines), you can immediately block it, thanks to GlassWire’s firewall.
Anomaly Detection – Did you ever wonder if the amount of traffic generated by your computer can be considered normal? To help you understand it, we have developed a new feature called “Traffic Anomaly Detection”. By analyzing the volume and frequency of your data streams, GlassWire can identify anomalies in your network traffic and suspicious applications.
You will find these new features on the Security Tab of your GlassWire App.
Create your GlassWire account
By creating an account you will gain access to your personal GlassWire Management Console. The Management Console is a dashboard that you can access from anywhere, allowing you to view and manage all endpoints associated with your account. Within the Management console you can access and make changes to your account information, manage billing details, upgrade your plan and add all the endpoints you need!
Click on the button below to download the new GlassWire.
About Chris Taylor: Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.
In September (https://www.glasswire.com/blog/2022/09/16/how-to-disable-automatic-sign-in-to-windows) I showed how to disable automatic sign-in to Windows and make sure all user accounts have passwords. There are other areas where you might want to consider ensuring authentication is required to maximize security and help ensure your information, privacy, and identity are protected.
Sleep
If you have your computer sleep after a period of time, it is a good practice to require authentication when the computer wakes up.
Go to Settings|Accounts|Sign-in options. In the section Require sign-in set If you’ve been away, when should Windows require you to sign in again to When PC wakes from sleep. In Windows 11, the section is titled Additional settings.
Screen savers
Screen savers get their name from old-style monitors that were highly susceptible to “burn in” if left with the same contents on the screen for a long period of time, resulting in a ghost image permanently etched in. While modern monitors are not (as) susceptible, some people still use screen savers. If you sometimes step away from your computer while a screen saver is active, a good practice is to have re-authentication required when you start using the computer again.
Microsoft has still not migrated the configuration of screen savers to the 10-year-old Settings app! Go to Settings | Personalization | Lock screen, and click the link to Screen saver settings to open the Control Panel applet for Screen Saver Settings.
Put a checkmark in the box On resume, display log-on screen.
Immediately lock the computer
If you are going to step away from your computer, it is a good practice to lock the computer. The simplest way is to press
(Windows key+L) to lock the computer. You will have to re-authenticate to access the computer again.
When Windows turns off the display
There is one other area of concern—when Windows is set to turn off the display after a period of inactivity. It is surprisingly difficult to add the requirement to re-authenticate when you bring the display back to life. I will cover that next month.
For 12 years in a row, the US holds the first spot for the highest cost of a data breach, which currently stands at $9.44 million, twice the global average.
From major corporations to small businesses, no one is safe from the reach of cybercriminals, with healthcare getting hit the hardest. And with the COVID-19 pandemic, geopolitical unrest, and economic instability only exacerbating the problem, 2022 has had its fair share of cyber attacks. Here are just a few of the major cyber attacks news today 2022:
Lapsus$ Group’s Extortion Spree
The Lapsus$ Group has been on a tear lately, successfully extorting millions of dollars from some of the world’s largest companies by stealing their data and then threatening to release it publicly unless they’re paid off. The group has hit companies in a wide range of industries, including healthcare, technology, manufacturing, and retail.
Some affected companies include Samsung, Nvidia, and Ubisoft. In many cases, the group has been able to successfully steal sensitive data, such as customer records and financial information, largely through phishing attacks, without being detected. In March, the group breached and leaked source code associated with Cortana, and the British police managed to arrest about seven people that may be associated with the group.
Chilean Court System Hit With Ransomware Attack
The Chile Consumer Protection Agency was hit by a ransomware attack starting on August 25th, 2022. In September, thousands of emails were hacked from the Chilean military and published on the internet. The judicial system attributed the spread of the attack to a phishing email containing the Cryptolocker Trojan.
The attack affected Windows 7 computers and breached about 1% of the court’s computers. According to Angela Vivanco, the Supreme Court spokeswoman, no data was stolen, and the attack was minor. Using the Windows 7 computers played a huge part in the attack, given that Microsoft no longer offers any updates and support for the system.
Ronin Crypto Network Hack
In April, Ronin, an NFT and crypto company, experienced a data breach that set the company back awhopping $540 million. The cyber attack was so bad that Binance had to come to the rescue and save the company. The hackers breached the platforms and stole the funds on March 23rd. The majority of the funds were owned by customers who won most of it from playing the Axie Infinity game.
Binance injected about $150 million into the company to ensure that customers got back what they lost from the breach. The company took almost a whole week to notice the hack, at which point the value of the coins had escalated to about $615 million. This is the second largest cryptocurrency heist ever recorded.
Crypto.com $30 Million Hack
In January 2022, the popular cryptocurrency exchange, Crypto.com was hacked to the tune of$30 million. The funds were stolen from customer wallets belonging to some 430 users. Initially, Crypto.com downplayed the hack by calling it an incident but then announced that the hackers got away with 443.93 BTC, which would convert to $18 million, and 4,836.26 ETH, which was equivalent to $15 million.
The breach also included other currencies that amounted to $66,200. Crypto-com detected the hack when hackers started making transactions without using the 2FA and immediately suspended withdrawals and forced their customers to log in again in order to set up the 2FA authentication. According to the company, customers were reimbursed fully.
Shields Health Care Group data breach
In March of 2022, hackers breached the Shields Health Care Group and exposed data belonging to some 2 million people in the US. This Massachusetts medical service provider deals in ambulatory surgical services, radiation oncology, and MRI/CT imaging.
The hackers had access between March 7th to March 21st, a long enough time to access sensitive patient data such as full names, social security numbers, billing information, medical record number, insurance information, and much more. This is very valuable information, and hackers can use it for a plethora of things, including extortion, phishing, scamming, and social engineering.
Given that Shields Health Care Group partners with numerous hospitals, the consequences of the breach are said to have impacted about 56 health facilities, some of which may include Winchester Hospital, Central Maine Medical Center, and Tufts Medical Center.
Block Cash App Breach
Block, a Fintech company, confirmed a breach that affected a massive 8 million people. The breach involved one of the employees who downloaded some reports from the Cash App. The employee had initial access while working for the company but breached the information after termination without permission. According to Block, the information did not include personal information such as passwords, payment card information, or social security numbers.
GM Motors Data Breach
In May, GM Motors experienced a major hack that exposed sensitive information belonging to car owners. This included phone numbers, addresses, names, car maintenance history, and mileage.
The company revealed the breach on May 16th and explained that the breach affected an undisclosed number of online users in April. Additionally, further investigation revealed that the hackers also stole customer reward points that were later redeemed for gift cards.
Plex Streaming Site Hack
Plex is one of the largest streaming apps on the internet, with about 30 million registered customers. This app allows users to stream live television and movies and allows users to access their own videos, photos, and audio on the platform.
Both streaming and personal media were affected, but the company did not disclose how many of those users were affected. However, they did admit that the majority of accounts were affected and went ahead to ask users to reset their passwords.
Red Cross Data Breach
The Red Cross and Red Crescent Movement experienced a breach in January. Hackers attacked servers with the personal information of over half a million people. The hackers accessed information that reconnected people separated by violence, war, or migration. To curb the damage, Red Cross took their servers offline.
Hackers Post ‘Child Nudity’ on UCP Candidate Facebook pages
In August, hackers took over the social media accounts of United Conservative Party leadership candidate Leela Aheer and posted graphic images. The images consisted of child nudity and sexual exploitation and were only up for a few minutes before being taken down.
It’s unclear how the hackers got access to her accounts, but Leela Aher said she would not be backing down from her campaigns. The UCP released a statement saying they do not condone the actions of the hackers and will be working with Leela Aheer to ensure her safety.
Cyber Attack News 2022: A Look at Major Attacks So Far
These are some of the major cyber-attacks that have occurred this year. As you can see, no one is safe from hackers, not even large companies with sophisticated security systems. It is important to always be vigilant and take steps to protect yourself online. As a business, make sure you have a robust security system in place and that your employees are trained on cybersecurity best practices.
And finally, if you are a consumer, make sure you are using strong passwords and unique email addresses for different accounts. Cybersecurity is a team effort, and we all need to do our part to stay safe online.
According to research, cyberattacks cost US businesses about6.9 billion in 2021 alone, and even more alarming is the fact that only about 50% of businesses are financially prepared for a cyber attack. This leaves a huge gap in terms of preparedness, and unfortunately, many businesses only realize the importance of cyber security when it’s too late.
The thing is, an ounce of prevention is worth a whole load of cure when it comes to cybersecurity. So, what can you do to prepare for a cyber attack? Here is everything you need to know about how to prepare:
Assess Your Exposure: Not Everyone Faces the Same Risks
You can’t properly prepare for a cyber attack without first knowing where your vulnerabilities lie. Depending on the type of business you have and the industry you work in, you’ll be more vulnerable to some types of attacks than others.
For example, if you store sensitive customer data, like credit card numbers or personal health information, you’re a prime target for hackers who want to sell that information on the black market. But even if you don’t store sensitive data, you can still be a target. Hackers may attack your business simply to disrupt your operations or to steal your intellectual property.
Train Your Employees: They’re Your First Line of Defense
One of the most important things you can do to prepare for a cyber attack is to train your employees in cybersecurity best practices. They need to know how to spot red flags, like phishing emails and suspicious links, and they need to know what to do if they think they’ve been targeted.
You should also have a plan in place for what to do in the event of a cyber attack. This plan should include steps for how to contain the damage, like isolating affected computers from the rest of your network and how to report the incident to the proper authorities.
Invest in Cybersecurity: It’s Worth the Money
You can’t afford to skimp on cybersecurity. Investing in the latest security technology and software is important in preparing for a cyber attack. But don’t stop there – you also need to ensure your systems are always updated with the latest security patches. And you should consider hiring a team of cybersecurity experts to help you monitor your systems and respond to threats.
Use Proper Encryption: It Could Save Your Business
If you’re storing sensitive data, proper encryption is a must. Even if you’re not required by law to encrypt your data, it’s still a good idea. That’s because encrypted data is much harder for hackers to access and use.
Encryption is the process of transforming readable data into an unreadable format. This is done using a key, which is like a password that allows you to decode the information. There are two types of encryption:
Symmetric: Both sender and receiver use the same key to encode and decode messages.
Asymmetric: Each person has their own key, which they use to encode messages. The other person has a different key, which they use to decode the message.
You should always use encryption when sending or receiving sensitive information, such as credit card details or passwords. This way, even if the data is intercepted, the cybercriminal will not be able to read it.
Use Two-Factor Authentication and VPNs: Extra Layers of Protection
Two-factor authentication (2FA) is an extra layer of security that requires you to enter a code, in addition to your username and password, when logging into an account.
The code is usually sent to your phone via text message or generated by an app. This makes it much harder for cybercriminals to gain access to your accounts, even if they have your username and password, as they would also need your phone.
VPNs or Virtual Private Networks also play an integral role in data breach protection because they encrypt all the data sent between your device and the internet, making it much harder for anyone to intercept and read it. This is especially important when using public Wi-Fi, as it’s very easy for cybercriminals to set up fake hotspots and intercept the data sent by unsuspecting users.
Implement Strong Access Controls: Limit Who Has Access
Restricting access to systems and data is one of the most effective ways to prevent cyber attacks. By implementing strong access controls, you can make it much harder for cybercriminals to gain access to your systems. There are two types of access control methods:
Discretionary Access Control (DAC)
DAC is a security mechanism that determines who can access which resources and how they can use them. When using DAC, the system administrator assigns permissions to users, groups, or devices.
Mandatory Access Control (MAC)
MAC is a security model that uses labels to control access to resources. With MAC, the operating system ensures that users only have access to the resources they’re allowed to access, based on their security level.
Know Your Data: Where is it and Who Has Access to It?
To protect your data, you first need to know what type of data you have and where it resides. This seems like a no-brainer, but many organizations don’t clearly understand what data they have and where it’s stored.
Conduct an inventory of all the systems in your organization and map out where sensitive data is stored. Once you know what data you have, you can start to put in place the appropriate security measures to protect it.
Implement Strong Security Measures: Keep Your Systems Up-to-Date
Cybercriminals are constantly finding new ways to exploit vulnerabilities, so it’s important that you close any gaps in your system’s defenses. There are a few technical security measures you can put in place to make it more difficult for cybercriminals to penetrate your systems. Here are some key things to do:
Use a firewall: This will help block unauthorized access to your network.
Install antivirus software: This will detect and remove any malicious software that manages to get through your firewall.
Keep your software up to date: Regular updates will patch any vulnerabilities in your software that cybercriminals could exploit.
Use strong passwords: Long, complex passwords are harder to crack than short, simple ones. Use a combination of letters, numbers, and symbols to make them as strong as possible.
Encrypt your data: This will make it much more difficult for cyber criminals to read your data if they manage to get their hands on it.
How to Prepare for a Cyber Attack: A Comprehensive Guide
By taking these steps, you can significantly reduce the chances of falling victim to a cyber attack. However, it’s important to remember that no system is 100% secure, and there’s always a risk that something could go wrong. That’s why it’s also important to have a plan in place for how to deal with a breach if one does occur.
Due to the pace of digitalization, it’s more important than ever to have a strong defense against cyber attacks. That’s where the human firewall comes in! A human firewall is someone who is aware of the dangers of the internet and takes steps to protect themselves and their company from being hacked.
There are three lines of defense when it comes to cybersecurity: prevention, detection, and response. The human firewall is responsible for all three. By being proactive and educating yourself on the latest threats, you can prevent attacks before they happen. If an attack does occur, you can quickly detect it and take steps to mitigate the damage.
So how do you become a human firewall? Everything starts with understanding the three lines of defense and being vigilant against phishing scams (the most common form of cyber-attacks). You should also make sure your software is up-to-date and that you’re using strong passwords.
Furthermore, being aware of cyber threats and acting as a human firewall is the perfect skill to leverage synergies.
You can train yourself as an employee to be a human firewall by learning about cybersecurity threats and implementing security policies, so to drastically improve your company’s security!
The Importance of a Human Firewall
What Is a Human Firewall
A human firewall is the last line of defense against cyber attacks. He is responsible for stopping attacks that make it past the outer layers of security, such as firewalls and antivirus software.
The Human Firewall in Action
The human firewall is responsible for identifying and stopping attacks that exploit vulnerabilities in hardware or software, such as phishing scams and malware. They do this by using their knowledge of how cyber attacks work to identify suspicious activity and prevent it from happening.
Human Firewall – A Company Asset
Know the Three Lines of Defense
You are the first line of defense against cyberattacks and are responsible for the prevention of cyber-attacks. You need to be aware of the different types of attacks and how to protect yourself. Phishing attacks are one of the most common types of attacks. They are attempts by attackers to trick you into giving them your personal information, such as your username and password. To protect yourself from phishing attacks, you should never click on links in emails or texts from people you don’t know. If you think an email might be a phishing attack, you can forward it to your company’s IT department or security team for analysis.
Another type of attack is malware. Malware is software that is designed to damage or disable computers. It can be installed on your computer without your knowledge and can cause serious problems, such as stealing your personal information or destroying data on your hard drive. To protect yourself from malware, you should keep your antivirus software up-to-date and run regular scans for malware on your computer. You should also be careful about what websites you visit and what files you download. Only download files from trusted websites and avoid clicking on links in emails or texts from people you don’t know.
Your company’s security team and IT department are the second and third line of defense against cyberattacks. They are responsible for protecting the company’s network and data from attacks. To do this, they use a variety of tools, including firewalls, intrusion detection systems (IDS), and encryption technologies. They also create policies and procedures to prevent employees from accidentally exposing the company to risk. As an employee, you need to follow these policies and procedures to help keep the company safe from attack.
Be Wary of Phishing Scams
Phishing attacks are one of the most common types of cyberattacks. They are attempts by attackers to trick you into giving them your personal information, such as your username and password. To protect yourself from phishing attacks, you should never click on links in emails or texts from people you don’t know. If you think an email might be a phishing attack, you can forward it to your company’s IT department or security team for analysis.
Keep Your Software Up-to-Date
One way to protect yourself from malware is to keep your software up-to-date. This includes your operating system, web browser, and any applications you have installed on your computer. Attackers often exploit vulnerabilities in outdated software to install malware on computers. By keeping your software up-to-date, you can help prevent attackers from being able to take advantage of these vulnerabilities.
Use Strong Passwords
Ultimately, but not less important, is to use strong passwords. A strong password is one that is difficult for an attacker to guess or brute force. It should be at least 8 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. You should never use the same password at more than one site or service. When possible, you should enable two-factor authentication (2FA) for additional protection.
How to Train Your Employees to Be Human Firewalls
Educate Your Employees
Thorough education on cyber threats is crucial to keep the security level of a company high. Figures show that 50% of cyber-attacks are due to human failure, thus the importance of having robust education in place for your employees, as a business owner. The first step in training employees to be human firewalls is to educate them on what a human firewall is and why it’s essential. Make sure they understand the three lines of defense and how they can help protect the company from cyber-attacks.
Implement Security Policies
Once the employees are educated on cyber security, it’s important to implement policies and procedures that will help protect your company. Some things you may want to consider are requiring strong passwords, implementing two-factor authentication, and restricting access to certain sensitive information.
Hold Regular Trainings
It’s not enough to just educate employees once; you need to make sure they’re up-to-date on the latest cyber threats and how to protect against them. Hold regular trainings and encourage them to ask questions if they’re ever unsure about something.
Conclusion
A human firewall is the first line of defense against cyber attacks. By being aware of the potential risk in every scenario, and taking steps to protect yourself, you can be a valuable asset in keeping your company safe from hackers. Educate yourself and your employees on best security practices and make sure to stay up-to-date on the latest threats. Following these simple steps can help make your company a harder target for attackers.
About Chris Taylor: Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.
Microsoft has, more or less, continually improved security in Windows. One important layer of security is the sign-in to the computer, which helps secure your information and identity.
We have progressed from Windows 95, where hitting the Esc key at the login prompt allowed you to access all locally stored information. But even in Windows 11, Microsoft still allows you to configure automatic sign-in and local accounts with no password. If you have taken advantage of either of these features and have become concerned about the security of your information and identity, you might want to fix them.
Disable automatic sign-in
Press
type in netplwiz, and press Enter. If you are not currently signed in using an account with administrative privileges, you are prompted to provide credentials for a local admin account. Control Panel’s User Accounts loads. Put a check mark in the box Users must enter a username and password to use this computer. Click the OK button and restart the computer.
Set a password on every local account
An account with no password also allows automatic sign-in, so it is best to ensure all local user accounts have a password. Load netplwiz as above and click on each account listed.
For your current account, you will see the following:
If you have no password on your account, follow the instructions to set a password.
For accounts using a Microsoft Account for authentication, you will not be able to change the password and will see the following:
That’s fine as they have a password. You can change the password for a Microsoft Account at https://accounts.microsoft.com.
For other user accounts, you cannot see if a password has been set, but you can force a password by clicking the Reset Password button.
If this is an account used by someone else, you might want to try signing in under this account to see if you are prompted for a password and then speaking with the person before you force a password on the account.
If you’re having trouble with your internet connection, one of the first things you’ll want to do is test your speed. Speedtest is a free online tool that lets you measure your internet connection speed. In this blog post, we’ll show you how to use Speedtest to measure your internet speed and interpret the results.
What is Speedtest
Speedtest is a tool that allows you to measure your internet speed. It is a useful tool for troubleshooting internet connection issues and for determining whether your internet service provider (ISP) is providing the speed they promised. You can also use a Speedtest to measure the performance of a home or office network.
There are several benefits to using Speedtest:
– Ensuring you are getting the speeds you are paying for from your ISP.
– Diagnosing and fix potential issues with your internet connection.
– Seeing how your home or office network performs compared to other networks.
How to use Speedtest to measure your internet speed.
In order to use Speedtest to measure your internet speed, you will need to follow these steps:
1. Go to www.speedtest.net in your web browser
2. Click on the ‘Start Test’ button
3. Wait for the test to complete – this usually takes around 30 seconds
4. Once the test is finished, you will see your results on the screen
5. These results will show you your “ping”, “download speed”, and “upload speed”.
How to interpret your results.
After you’ve run a speed test, you’ll see a variety of metrics that show your results. Here’s a rundown of what each metric means:
Download Speed: This is the amount of data that your computer can receive from the internet in a given period of time. It’s measured in megabits per second (Mbps).
Upload Speed: This is the amount of data that your computer can send to the internet in a given period of time. It’s also measured in megabits per second (Mbps).
Ping: This is the amount of time it takes for your computer to send a request to the server and receive a response back. It’s measured in milliseconds (ms). A lower ping means a faster connection.
Jitter: This is the variation in latency (ping) over time. A low jitter means a more stable connection.
How can I get a more detailed analysis of my speed traffic?
In spite of its overall accuracy, Speedtest only does a general analysis of your internet speed capability. What the tool doesn’t tell you is how the different apps and services on your computer are draining internet resources.
Let your internet speed connection be 100 mb/s, how can you tell which is the most speed-consuming app on your device?
Well, lucky for you GlassWire is what you are looking for. Our app lets you run a speed test analysis and can tell you how much data your single apps are using.
There’s more, GlassWire can keep track of the historical consumption of data so that you can spot anomalies in the volumes of data exchanged. This is the first alert, for instance, for bad behaving apps and malicious services.
Start your free trial today, download GlassWire at www.glasswire.com/download and start monitoring your traffic now.
Download GlassWire
Instantly see your current & past network activity. Detect malware, & block badly behaving apps.