Are Autocomplete Passwords Safe?

Advertisements and suggestions based on our internet browsing habits are sources of online tracking. However, autocomplete passwords are also another source of online tracking. This sneaky tactic comes with serious security risks. Here’s how you can stop it from targeting you.

Why auto-fill passwords are so dangerous

As of December 2018, there are 4.1 billion internet users in the world. This means users have to create dozens of passwords, either to protect their account or simply to meet the password-creation requirements of the platform they’re using. Unfortunately, only 20% of US internet users have different passwords for their multiple online accounts.
Certain web browsers have integrated a mechanism that enables usernames and passwords to be automatically entered into a web form. On the other hand, password manager applications have made it easy to access login credentials. But these aren’t completely safe.
Tricking a browser or password manager into giving up this saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.

Using auto-fill to track users

For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do many people know that shrewd digital marketers also use password auto-fill to track user activity.

Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to track the sites that users visit. They’ve made no attempts to steal passwords, but security professionals said it wouldn’t have been hard for them to do. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold the information they gathered to advertisers.

One simple security tip for today

A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:

• If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
• If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
• If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

Chrome Extensions Are Being Targeted For Hacks

If you’re like most people, no matter how careful you are when you surf the web, you seldom think to review the permissions browser extensions ask for when you install them. It’s just one of those things that’s easy to lose sight of, and unfortunately, hackers are aware of this.

That’s why vulnerable extensions have become a newly emergent threat in the ever-evolving threat matrix.

Browser extensions can do things that simple websites can’t. Enterprising researcher, Doliere Francis Some took a deep dive into the murky world of extensions and find out if it was possible that they could bypass SOP (Same Origin Policy), which keeps websites from different domains from sharing data.

Over the course of her research, she analyzed more than 75,000 Opera, Firefox, and Chrome extensions. Although her research revealed that it was uncommon, she was able to confirm that in 197 cases, the answer was yes.

171 of the 197 instances she discovered were Chrome extensions. That fact should not be seen as an indication that Chrome is inherently less secure than the other browsers, but is reflective of the fact that Chrome has vastly more extensions than the other two browsers included in her survey.

Based on Some’s research, while this is a troubling discovery to be sure, it’s not something you’re likely to encounter or need to devote significant resources to guard against. In fact, the simplest way to protect yourself is to prevent extensions from communicating with web pages at-will. Although be aware of the fact that this may cause some legitimate extension functions to stop working.

Of course, in a perfect world, browser vendors would do a far better job at analyzing extension behavior before making them available to the general public, but this is extremely unlikely to occur. Again, it just isn’t a common enough problem to throw a lot of resources at.

In any case though, it’s something to be aware of, and it’s certainly worth checking the permissions of the extensions you’re using. Better safe than sorry.

Malware Drains Your Computer’s Resources Without Your Knowledge

Cryptominers are among the most common type of malware in the wild today, based on the latest research by digital security company Check Point. While there are dozens of variants deployed by hackers, the cryptojacker “Coinhive” is the malware of choice this year. Once installed on a computer, it works in the background siphoning off your computing power to mine Monero any time your computer is on and sending the gains to the hackers.

The second most popular is a piece of malware called Jsecoin, which is a JavaScript-based miner that can be embedded into websites and runs in a target’s browser. Then there’s Cryptoloot, which is a Coinhive competitor and works in much the same way.

Although cryptojacking software dominates the top-ten list, they’re not the only types of malware on it, and this year’s list features two venerable contenders: Emotet and Ramnit, both of which are banking Trojans that have been in circulation for a long time.

While all of these threats are bad, the one that’s getting a lot of attention from security professionals is a relative newcomer to the rankings called Smoke Loader. Interestingly, Smoke Loader isn’t dangerous by itself, but then again, that’s not its real goal. It’s a gateway malware. A Trojan whose express purpose is to infiltrate a system and then download additional malware.

The specifics are entirely open-ended. If a hacker using Smoke Loader to infiltrate a system wants to follow that attack up with a cryptojacker, he can do that. If he’d prefer to launch a ransomware attack, he can do that too. The sky is basically the limit.

In any case, the Check Point top-ten list is well worth a closer look, if for no other reason than to be sure your IT staff is up on all the latest threats.

Google Is Rolling Out New Features For Gmail Users

Google has recently announced a trio of new features for Gmail users that are going into place immediately, and may in fact be available for use by the time you read this article. Here are the details:

One of the first things you’ll notice is a new strikethrough button, visible when you’re composing. You’ll find it on the right-hand side of the menu.

Per Google’s statement about the new additions, “Strikethrough is a visual cue that something has been completed or can be used as an edit suggestion. We’ve heard from you that this functionality is critical to quickly and efficiently write emails, especially when you want to visually indicate a change in language.”

In a similar vein where edits are concerned, the company is also introducing an “Undo/Redo” button, which will allow Gmail’s email compose screen to function more like a conventional word processor. Undo/Redo is incredibly handy in those instances where you intended to copy a block of text and deleted it by mistake instead.

Finally, the company is now allowing its users to download their emails as EML files for remote or offline viewing. EML files are compatible with most major email clients, leaving open the possibility of sending them in batches to yourself or someone else who is authorized to received them. The download can be accomplished by clicking on the three dot menu and selecting “Download Message” at the bottom of the menu.

Again, by the time you read this article, the changes may already be in place for all Gmail and GSuite users, so be sure to check them out to see if you find them helpful.

The early buzz is quite positive for all three changes, with the Strikethrough functionality having been on several people’s wish lists for quite some time. Kudos to Google for listening to their user base and making the changes.

Half of Executives are Unclear on Data Compliance Laws. Are You?

Regardless of what industry a company is classified under, they all are responsible for upholding particular standards to ensure compliance with industry regulations. However, according to the 2018 State of Compliance survey, a shockingly high number of organizations were shown to be a bit fuzzy on their requirements.

More specifically, the survey (run by data management firm Liaison Technologies) delivered results demonstrating that, of the 479 executives of medium-to-large-sized United States organizations surveyed, 47 percent of them were uncertain of which standards would even apply to their particular industry.

This uncertainty could cause enormous problems for an organization of any size. If an issue were to arise that complying with industry regulations could have prevented, the company in question would have a lot of very difficult answers to provide. What’s more, the issue could very well cause the company to fail; either directly, by hindering its activities to the point of bankruptcy, or indirectly, if client and customer faith in the company were shaken enough by its lack of preparation.

Look at it this way, if you had entrusted sensitive personal information to a company only to find out that their noncompliance with basic security standards had put you at risk, would you continue doing business with that company? It’s probably a safe bet that the answer is a resounding “no.”

However, the State of Compliance survey revealed that this very scenario could be happening all the time. For example, the Payment Card Industry Data Security Standard (PCI DSS) was only reported to be “applicable” in 3 percent of client responses, a number shockingly small when one considers that the PCI DSS applies to any and all entities that interact with cardholder data storage, processing, or transmission.

Making an already alarming situation even worse, a full quarter of survey respondents admitted that they were “unsure” of who in their operation held primary responsibility over information security and privacy. As a result, this full quarter of surveyed businesses could very easily have serious information security and privacy issues that have gone (or could later go) unnoticed.

Perhaps most disconcerting was the fact that a full 85 percent of respondents still felt secure in their job, whether or not their company exhibited any compliance issues.

Here at Net Activity we think this is an unacceptable situation, and we would hope that you feel the same way. Moreover, we can help ensure that you are, in fact, fully compliant with any information-based regulations for your industry. For more information, give us a call at 216-503-5150.

Single Sign-On: The key to user management

Making passwords can be tedious. From complexity requirements to minimum lengths, creating a password for each new account brings its own set of headaches. If this problem is reaching a boiling point, Single Sign-On (SSO) solutions can help. These techniques are secure, easy-to-manage, and do away with the need to manage a long list of usernames and passwords.

What is SSO?

Single Sign-On solutions allow you to create one username and one password that thousands of websites will recognize. If you’ve ever clicked “Login with Google” on a non-Google website, you’ve already enjoyed the benefits of SSO. It’s faster, simpler, and more secure. Now, small businesses can accomplish the same level of efficiency between their employees and cloud platforms.

Instead of asking everyone in the office to track separate accounts for Office 365, Slack, Quickbooks, and whatever other cloud apps your company relies on, you can give them one set of credentials and manage what they have access to remotely. Employees come to work, enter their designated username and password, and they’re all set for the day.

Why is SSO more secure?

There are a number of ways to set up a small business SSO solution, but most of them focus on removing login information from your servers. Usually, you’ll provide your employees’ logins to an SSO provider (sometimes referred to as an Identity-as-a-Service provider) and each employee will receive a single login paired with a secondary authentication — like a fingerprint or an SMS to a personal device.

Every time one of your employees visits a cloud platform, such as Office 365 or Google Apps, the SSO provider will verify the user’s identity and the security of the connection. If anything goes out of place, your IT provider will be notified.

Should your network or any of its devices be compromised, hackers would find nothing but logins to your SSO accounts, which are meaningless without fingerprints or mobile devices.

How to get started with SSO

The first step when setting up a Single Sign-On solution is making sure you have a healthy and responsive IT support system in place. You need a team that is constantly available to review suspicious alerts and troubleshoot employee issues. If you don’t currently have that capacity, contact us today and we’ll help you out!

Here are 6 Simple Ways to Get the Most Out of Your CRM

Building rapport with customers has never been easier with customer relationship management (CRM) software. You can keep track of contact information, buying preferences, and sales patterns. It’s a must-have for all sales and marketing teams. If you want to know how to make the most out of your CRM, follow these tips.

1. Always update customer information. A CRM system is only effective when the data it provides is current. If the customer’s address, company name, or preferred method of contact has changed, your staff should update the information immediately, so your sales and marketing teams are always equipped with the right information and will know how to respond accordingly.
2. Use purchasing history for upselling opportunities. It’s easier to sell to existing customers than acquiring new ones. With your CRM, you can boost your sales performance by analyzing your existing clients’ purchasing history and designing promotions or events just for them. For example, if they recently purchased a razor from your online store, you can program your CRM to recommend related products like shaving cream or aftershave. Not only does this widen your profit margins, but it also makes your customers’ lives a lot easier and promotes repeat business.
3. Automate your processes. Since many of the tasks associated with data entry can be automated, take advantage of the workflow automation features in CRM apps to eliminate time-consuming and repetitive functions. For instance, when new leads are added to your CRM (via newsletter subscriptions or website visits), you can program your CRM to send follow-up emails, offer promotions, and push other marketing efforts to keep your business at the forefront of their attention and to help them remember your brand. This saves you from writing the same canned responses while also making sure that you’re engaging your clients throughout the entire sales process.
4. Learn from analytics. CRM can analyze customer trends and behavior. If you notice a spike in demand for certain products and services during the holidays, be more aggressive in pushing them out the next year. If certain email campaigns were more successful than others (e.g., higher open rates, click-through-rates, and potential customers), understand what elements were responsible for that success, and try to replicate them the next time you send a newsletter.
   Customer data should also be used to shape sales and marketing tactics. A salesperson that already knows the client’s name, location, and preferences can deliver more targeted sales pitches and has a better chance of closing a deal. The point is this: If you’re not learning from your data, your business growth will be limited.
5. Integrate CRM with other business software. Incorporating CRM software to other programs makes it even more powerful. Integration with accounting software combines customer and financial data, eliminating redundant manual data entries and providing more insightful reports. When used alongside a VoIP system, your staff will get relevant customer information from multiple databases displayed on one screen when they’re about to make a call.
6. Get some CRM support. Work with a CRM provider that offers 24/7 support. Ideally, your provider should keep your data safe, update your software regularly, and advise you on how to use complex CRM features.

This may seem like a lot but remember: like every technology investment, CRM requires active participation from executives, managers, and frontline staff. If you need more advice on keeping customers happy or want to know what technologies can add value to your business, call us today.

Change Your Display in Windows 10: Here’s How…

Customizing your display settings is one of the best ways to make Windows 10 feel like your own experience. There are a ton of settings you can change to your specifics. This week’s tip will walk you through how you can change the settings on your displays, whether it’s a new monitor or the old one you’ve been using since the beginning.

To access the settings for changing your display, you need to go through the Start menu. From there, select the gear icon for Settings. The first option on the Settings screen is System, and the first option inside the System interface will be Display. Here are some of the options you’ll see:

Change Your Screen’s Brightness
With this option, you have control over your screen’s brightness, which can have a direct influence on how long your device’s battery lasts. Adjust the slider to change the screen’s brightness. You’ll also see the option to turn on the Night Light, which can make your device’s screen use warmer colors for easier use at night. You can also schedule the time that the night light turns on.

Scale and Layout
You can use this option to change the default size of text and applications, among other things. You’ll see some dropdown menus under the heading that give you control over many aspects of your display, including the display’s resolution and screen orientation.

Multiple Displays
If you want to get more done in the workplace, why not try using multiple displays? Multiple monitors allow you to consume more information and remove the need to exit out of windows to view more. You have various options to connect monitors to your device, and the settings will provide you with these ways. You can connect them wirelessly, detect connected devices, and so much more. All you have to do is click on the links presented to learn more about how to do it, or reach out to Net Activity for more information.

Of course, we always recommend consulting technology experts before making any changes to your device’s settings, whether it’s your own internal IT department or giving Net Activity a call. Still, changing your device’s display settings can have lasting effects on your battery life and productivity, so it’s well worth looking into. To learn more about these settings and find out what you can do to improve your monitors and displays, reach out to us at 216-503-5150.

Flaws In Several Adobe Products Could Let Attackers In

Two new critical flaws have been discovered in Adobe Acrobat and Reader that require your urgent attention.

In fact, the flaws were rated as so severe that the company broke with its tradition of releasing security updates around the middle of the month in coordination with Microsoft’s “Patch Tuesday”.

They released an update sooner this time, in order to make sure that these issues were resolved, and ensure the fixes were in the hands of their users.

The first issue, listed as CVE-2018-16011, is an exploit that takes advantage of the software’s ‘Use-After-Free functionality that allows a hacker to craft a special, poisoned PDF embedded with code that could allow them to take full control of the system targeted by the attack.

The second, identified as CVE-2018-16018 bypasses the JavaScript API restrictions in place on Adobe Reader.

The flaws can be found in all versions of Windows, macOS Acrobat DC, and Reader 2019.010.20064 and older. The company recommends updating to version 2019.010.20069 to address the flaws and be sure your system is protected.

The company has listed both of these as critical flaws with a rating of two, which is about as serious as it gets.

In related news, we have learned that Adobe’s regularly scheduled security patch will address a total of 87 security flaws across a range of the company’s products, with 39 of the issues patched being rated as critical.

Kudos to Adobe for breaking with their tradition and addressing both of these flaws ahead of their regularly scheduled update. It’s a sad testament to the times we live in that such actions are becoming increasingly necessary. However, it’s always good to see instances of prominent tech companies rising to the occasion and looking out for the best interests of their user base.

Be sure to grab these updates and apply them as soon as feasible if you use either of the products mentioned above.

Should You Consider Reducing Your Organization’s Printing Costs?

Cutting costs in the workplace doesn’t always mean eliminating services you don’t need or eliminating positions that aren’t necessary. One of the easiest ways to make it happen is by taking a closer look at printing costs. By carefully analyzing and controlling your printing resources, you can minimize the amount of assets you invest in printing and save a considerable amount of revenue.

It should be mentioned that the specifics of how to cut costs related to your organization’s printing will largely depend on your current costs in the workplace. Your business uses printers, paper and ink/toner (depending on the device used) and filing cabinets to store all of your documents. All of this doesn’t even include time and resources spent making sure that these devices are being managed and maintained properly.

We can help your organization overcome the many struggles that a business faces when suffering from printing costs.

Upgrade Your Printers
If you’re using outdated printing technology, your business could benefit from a hardware refresh. For example, some businesses that use old ink-jet printers can benefit from using a laser printer, as they are generally considered more efficient with their print jobs and the costs associated with printing over an extended period of time.

Manage Your Resources More Efficiently.
Cutting out printing as a whole might not be possible, so you should instead identify how you can better spend your resources. Your business can make more efficient use of resources by closely monitoring how much of what you use to cut down on waste. Sometimes all it takes is changing settings on computers and printers and storing the right surplus without risking running out of resources.

Go Paperless
Loose papers can make any office look messy and disorganized. Physical documents are simply too hard to keep track of in an office environment. A document management system can help your business better manage its files in a digital environment, which means no more digging through bulky filing cabinets or manually searching for files. You might be surprised by how much time you can save with this.

When it comes to printing costs, Net Activity can help you maximize your return on investment for your printing solutions. To learn more, reach out to us at 216-503-5150.