Which is the Most Secure Browser for Safety and Privacy Protection?

With so much of your information online, your privacy is always at risk. Using a is an important first step to keeping confidential information safe. For example, your browser may house your browsing history and login credentials, can have cookies and other trackers, and contain autofill information like your credit card numbers. The most secure browsers have customizable security features and regular updates, but they also must be user friendly. Which are the best? Let’s look at ten browsers including some of the safest, and most popular.

Brave

Brave is ranked as the most secure browser by BestVPN.org, a VPN review site. A relatively recent Chromium-based browser, Brave offers a bunch of features, including a password manager, a script blocker and one-click anti-fingerprinting functionality. It particularly excels at blocking ads and tracking cookies. Brave is open-sourced, which means the code can be thoroughly researched and scrutinized by the Internet community to ensure there is no hidden tracking or anti-privacy spyware. Brave also supports most Chrome extensions, which (as we’ll explain in a moment) is both a blessing and a curse.

Brave is available for Windows, macOS, Linux, Android and iOS.

Chrome

Google Chrome controls nearly 65% of all web browsing, followed by Safari (at around 16%), and then Firefox at around 4%.

Chrome gets high marks for security, and offers continual security updates, which is excellent. But Google is also notorious for data collection, tracking and other privacy violations. One blogger found more than 11,000 cookies that would have been placed on his Chrome browser after just a week of surfing (all of which were automatically blocked by Firefox, which we’ll discuss below). Since Chrome is not an open-source browser—Google is somewhat notorious for their tech secrecy—it’s impossible to know everything they are tracking. They offer many security and privacy preferences, but it takes a great deal of time and effort to research them. There are many user-friendly Chrome extensions, but these are also a constant target for hackers and malware, and can introduce viruses and spyware, making it far from the most secure browser.

Chrome is available for Windows, Linux, macOS, iOS and Android.

Chromium

Chromium is a 100% open source project created to provide a Google Chromium browser, without Google’s privacy issues: settings require manual activation rather than Chrome’s default settings. It receives security updates nearly every day—an unmatched frequency—but since each have to be manually installed, users need to be vigilant. Because Chromium is so tightly affiliated with Chrome, and uses basic Chrome functionality, it is highly user-friendly. But that also means it is still susceptible to many of the same malware infections as Chrome, including being flooded by pop-ups and unwanted re-directs.

Epic

The full name of this browser is the “Epic Privacy Browser,” and according to its website it “blocks ads, trackers, fingerprinting, crypto mining, ultrasound signaling and more.” Every privacy setting is turned on by default and they send “Do Not Track” requests, block cookies, ads and data-tracking web analytics systems.

Epic doesn’t offer auto-syncing, spell-check, auto-fill, any plug-ins, and does not store your history, login data or databases. While this all makes Epic extremely secure, it also makes it impractical for most daily use. One additional concern: Epic has been claiming they would open source the code since 2014, but they still haven’t. Why? Some experts are suspicious.

Epic is available for macOS and Windows.

Firefox

Online privacy and security website Restoreprivacy.com rated Firefox as the best browser for privacy and security. It is also rated as the most secure browser by bestantiviruspro.com and nordvpn.com. Firefox is the only mainstream open-source browser. Like most other major players, it offers a private browsing mode that includes malware and phishing protection, pop-up blocking and anti-fingerprinting protection. It doesn’t gather data, doesn’t show targeted ads, is frequently updated and has many easily-customizable privacy settings. On the negative side, it is not quite as fast as the more popular Chrome.

Firefox is available for Windows, macOS, Linux, Android and iOS.

Microsoft Edge

Microsoft Edge replaced Internet Explorer, a infamously poor browser for security, as Microsoft’s Windows optimized web browser. Edge is only updated twice a year, which means it’s vulnerable to the latest malware and viruses.

Edge does have some nice security and privacy features, but mostly the ones everyone else provides such as the ability to block pop-ups. It has limited extension support which means there is less of a chance of installing malware, but limits its user friendliness.

Edge is available for Windows, Windows Mobile, Xbox One, Android and iOS.

Opera

Opera is a popular browser that boasts a variety of security features such as fraud and malware protection as well as script blocking. It offers updates every four or five weeks, which is excellent. But it is not close to being the most secure browser, mainly because it is owned by a China-based company who collects and monitors user data and regularly share that data with third-parties. While users can add some additional layers of privacy and protection by customizing settings, it can be complicated to set up.

Opera is available for Windows, macOS and Linux.

Safari

As the default web browser for all Mac and OS systems, Safari is the second most popular web browser in the world, although it is only a fraction of the size of Chrome.

Safari has plenty of small but useful features like a password generator, machine learning based protection and anti-fingerprinting tools. It also runs your tabs in separate sandboxes (keeping different programs separate from one another), which helps prevent malicious code from accessing your data.

Safari offers a private browsing mode, as do many other browsers, but Apple has been caught collecting browsing history even with private browsing on, which is worrisome. Safari is partly open-sourced, but not all of it.

Safari is available for macOS and iOS.

Tor

The Tor browser Is endorsed by Edward Snowden, and is often associated with the dark web. The browser blocks Flash, RealPlayer, QuickTime and other plug-ins that can be manipulated into revealing your IP address. Tor also protects you from tracking and automatically clears your cookies and history.

With Tor, all your traffic is encrypted three times and is decentralized and operated by volunteers. This makes it possibly the most secure browser available. But while all its elaborate decentralization means you get unmatched privacy protection, it also slows things down substantially. In fact, the slow connection speed makes Tor impractical for everyday use.

Tor is available for Windows, macOS and Linux.

Vivaldi

Vivaldi calls itself “The Browser that Puts You in Control” due to its highly customizable interface and functionality. Its extensive customization options also extend to its privacy settings, which are numerous. You can, for example, set different default search engines for when you’re using regular and private browsing modes, and create different security settings for both.

Vivaldi is compatible with most Chrome browser extensions, which is good for user friendliness, but also means it can be infiltrated with malware. Vivaldi also offers end-to-end encryption for syncing between devices, but it does not yet have mobile device support which is a major problem. Also questionable: Vivaldi collects IP addresses and stores them on their database in Iceland. They claim this is done merely to determine their total number of users, but some experts are wary.

Vivaldi is available for Windows, macOS, Linux and Android.

Single Path can help you find the most secure browser for your needs.

From helping you find the most secure browser that’s best for your organization, to assessing your desktop security risks, the certified and highly skilled security specialists at Single Path are here to help assist you. Let us help provide the network security solutions and advice you need to protect your business, your school, or yourself.

Contact us to learn more.

What’s the Difference Between Vulnerability Testing and Penetration Testing?

vulnerability testingAll networks, regardless of their size, are at risk from many cyber security threats.

To successfully protect your organization from these threats, you can’t rely on a single line of defense. For example, your cybercrime protection strategy should include both vulnerability testing and penetration testing. These terms are often confused with each other, but they are quite different. As Tripwire recently reports, “It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network.”

Vulnerability Testing, Explained

Vulnerability testing is the act of identifying known vulnerabilities in your network devices including firewalls, routers, switches, servers and applications. It’s usually performed by specific software, often set to run automatically and continually (antivirus software is a form of vulnerability testing). Because the scanners rely on published and regularly updated lists of known cyberthreats, vulnerability testing will only red flag vulnerabilities that are known, and that can be fixed. As you might imagine, there are many cyberthreats that aren’t known, or have no known fix. The latter is called a “zero-day vulnerability”—a vulnerability that is discovered but does not yet have a patch (It’s called “zero day” because developers have “zero days” to fix the problem since it could immediately be exploited by hackers). Google is just one of many companies who have recently reported a “zero day” issue (they reported a vulnerability in their Chrome web browser).

Due to the scope of organizational networks, vulnerability testing may require many different automated tools to manage a company’s assets, and many of those tests will need to be product-specific. For this reason, these tests are usually installed and managed by administrators or the IT team.

Penetration Testing, Explained

While vulnerability testing looks for known network vulnerabilities, penetration testing goes beyond that, examining sloppy business processes, lax security settings, or other weaknesses that a hacker could exploit. Issues that might be found include the transmission of unencrypted passwords, password reuse and forgotten databases storing valid user credentials.

Often, these tests take the form of authorized attacks, simulated on a computer system. The tests can determine if and how effectively an attack can be stopped. They can involve a script and exploit technology and people (including phishing strategies to trick employees). While they don’t need to be conducted as often as vulnerability testing, they should be done at least once a year.

While a vulnerability scan can be automated, a penetration test requires active participation. This usually means using a third-party vendor who can mimic the actions of an external hacker. While vulnerability testing can be done relatively quickly, penetration testing can take days or even weeks. Due to their more hands-on and involved nature, penetration testing costs can be much higher than that of vulnerability testing.

Security Testing Reports

Both vulnerability testing and penetration testing will produce reports detailing the problems found. Vulnerability testing reports are long but straightforward, listing the source of the problem, a description of the problem, and remedial action, which is usually to install a patch.

The report from a penetration test, on the other hand, will list fewer items and won’t be as straightforward. The report will describe what and how the attack was performed, but exact details may be vague. A remedy will be suggested, and while that fix could be simple, such as limiting team access to certain applications, it also may require a lot of time and effort, including staff training. A strong report will provide detailed recommendations.

A Third Party Vendor You Can Trust

When choosing a third party source for penetration testing, or to set up your vulnerability testing, you will want a team with significant breadth and depth of experience, especially in your organization’s area of business. At Single Path, we work with many organizations in such a capacity, with a particular expertise in small-to-medium sized businesses and schools and school districts. Our security solutions also include security risk assessment, data loss prevention solutions and more. We can help protect your organization in many ways.

Contact us for more information!

The Google Calendar Phishing Scam, and How to Avoid It.

While there are millions of phishing scams, every now and then a particular threat emerges that does more damage (and gets more publicity) than most. The recent Google Calendar phishing scam, which first gained attention last May, is the latest to gather national attention, and hurt more people and organizations than the average cyber threat.

What is the Google Calendar Phishing Scam?

A few months ago, cybersecurity firm Kaspersky Labs revealed how scammers were weaponizing the Google Calendar and other Google services. As Wired explained in a recent article: “Phishers have realized that they can take advantage of seemingly innocuous calendar settings to plant their own events laced with phishing links on victims’ schedules.”

In the Google Calendar phishing scam, scammers send a wave of calendar event invites to Google Calendar users, where they are automatically loaded onto each calendar. That’s why so many of us use a Google Calendar: it’s easy for anyone to invite you to a meeting, from an office mate to a friend (or a scammer). Once the invite is sent, you get an automatic calendar notification which further legitimizes the phony calendar event. Spammers use the location and topic fields of those invites for enticing text, such as informing you of an award or cash payment, with a phishing link. If you click on the link you are taken to a form asking for your banking or credit card information, often to “verify your identity” before you can claim your fake reward. These same notifications may pop up on your device repeatedly, until they are clicked or deleted.

As Maria Vergelis, a security researcher at Kaspersky explains, “The ‘calendar scam’ is a very effective scheme, as currently people have more or less gotten used to receiving spam messages from e-mails or messengers and do not immediately trust them. But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it.”

Phishers can use the same calendar strategy to invite you to a fake meeting and send you a link “to RSVP.” As TechRadar warns, “These fake invitations could include a malicious link that could not only be used to steal login credentials (like a standard phishing attack), but also to provide other sensitive information, such as how to gain access to a building where the ‘meeting’ is due to take place.”

Google is aware of this problem and is “working diligently to resolve this issue” according its online help forum. At the moment, however, there’s no estimated timeline for when people can expect a fix. 

How to Protect Yourself from the Google Calendar Phishing Scam

Google Calendar users can protect themselves against unwanted invites that are part of the Google Calendar phishing scam through the Google Calendar app itself.

  1. In Google Calendar, click the “gear” icon on the top right and select Settings.
  2. Scroll down to Event Settings and select the option “No, only show invitations to which I’ve responded.”
  3. Also, under View Options, make sure that “Show declined events” is unchecked, so those events don’t continue to show up even after you’ve rejected them.

Unfortunately, these precautions aren’t perfect, because they limit some Google Calendar functionality, but it’s better to be safe than sorry.

What Comes Around

In 2016, Apple Calendars were affected by a ploy that was a harbinger of the Google Calendar phishing scam. During the holiday season some Apple Calendar users received a flood of spam invites to holiday sale events for major brands including Ray-Ban®. There were warnings at that time that cybercriminals could use similar methods to send phony invites with links to viruses, and for identity theft. It took a few years, but it seems those predictions were right, but with spammers using Google Calendars.

Protect Yourself with Single Path

Being smart about technology is the first step toward protecting yourself and your organization from schemes such as the Google Calendar phishing scam. For example, our earlier article Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked can help you detect if your computer has been hacked. Also, if you know how to perform a routine cyber security risk assessment, you can figure out your technology vulnerabilities, and take proactive action now. At Single Path, that’s what we do every day: give training to staff, offer numerous security solutions to stay out of cyber-trouble, and provide consulting services on how to recover when cyberattacks happen. Let us help you and your organization stay safe, and scam-free.

Ask us how to get started.

12 Potentially Dangerous Apps for Kids

The average teen spends more than 9 hours a day in front of a screen (kids ages 8-12 spend six hours in front of a screen every day). It’s no wonder 54% of teens think they spend too much time on their cellphones. And what are they doing? Using their apps. Mobile apps account for nearly 90% of mobile use! The average smartphone user has between 60-90 apps on their phone, and while many are helpful, some can pose danger, especially to teens and kids. But which of these apps should keep parents awake at night? We think these 12 dangerous apps for kids are worth noting. We’ve chosen them due to their popularity and risk.

1. HIP

HIP is short for Hide it Pro. This app looks like a music manager, but its actual purpose is to store secret photos, videos and text messages. Kids use it to hide inappropriate material from their parents along with …

2. Calculator+

Another “hiding” app, this time using a simple calculator icon. By entering your own code, you can access hidden photos, contacts, browser history and passwords, all kept safely from a parent’s prying eyes.

3. Snapchat

If you have a teen or tween in your house, you probably have at least heard of Snapchat, which has more than 180 million users. Snapchat allows its users to send a photo or video from their phone, which then disappears after a few views. This “disappearing” feature, however, encourages the sharing of inappropriate photos. Unfortunately, it is fairly easy for the recipient to take a screen shot, keeping the image or text forever. For more information, we recommend connectsafely.org’s “A Parents’ Guide to Snapchat.”

4. Tinder

This popular app has more than 4 million users. On Tinder, you can post a selfie and people can “like” you. If you like him or her back, you can connect—the app even includes GPS tracking to help you find one another. Tinder describes itself as “the fun way to connect with new and interesting people around you,” but it’s mostly used as a dating tool or for one-night stands, even between teens and tweens. You only need to be 13-years old to use it, although there is no way to verify someone’s age. It attracts online predators which is why one blogger calls it: “The Worst App Ever for Teens and Tweens.”

5. Whisper

Whisper lets users, including kids, anonymously share whatever they’re really thinking. Does that sound good to you? It even includes a “nearby” section where you can see posts from people who live near you. Lots of trolls post racist, sexual, or abusive content, with plenty of guys asking teens for pictures of themselves. A 12-year-old girl in Washington was reportedly raped by a 21-year-old man who met her on Whisper, making this questionably-appropriate app one of the most dangerous apps for kids.

6. Kik

Kik lets users exchange videos, photos, sketches and gifs to anyone, even to people they are not friends with. There are no parental controls and kids can password protect their information so parents can’t see it. Since it lacks age authentication, predators can easily interact with kids. The app has also been connected with cyberbullying; Rebecca Sedwick, a 12-year old from Florida, committed suicide after receiving messages like “Go kill yourself.” As of 2016, Kik was reportedly used by approximately 40% of all teenagers in the United States.

7. Ask.fm

Ask.fm is a Q&A site where users can ask other users questions anonymously, which makes publishing suggestive or insulting questions pretty easy, and routine. A number of child suicides have been linked to cyberbullying from this app, making it another one of the most dangerous apps for kids.

8. TikTok

TikTok is an incredibly popular app for creating and sharing short videos, with more than 100 million users, many of them children as young as 10 or 11. Special effects can be added, and kids are encouraged to show their creativity. But there is also a lot of inappropriate language in the videos, and by default all accounts are set to public, letting strangers contact children easily.

9. YouTube

The video giant YouTube is one of the Internet’s most popular sites, with more than a billion users. It’s a great resource for educational videos and has robust privacy settings. Unfortunately, it’s also a great resource for inappropriate content, some of which is spliced into cartoons and other videos aimed at children. The most widespread problem, however, may be from user comments, which can be hurtful and bullying.

YouTube also attracts pedophiles. As Wired Magazine reports, “Videos of children showing their exposed buttocks, underwear and genitals are racking up millions of views on YouTube—with the site displaying advertising from major cosmetics and car brands alongside the content. Comments beneath scores of videos appear to show pedophiles sharing timestamps for parts of the videos where exposed genitals can be seen, or when a child does the splits or lifts up their top to show their nipples.”

10. Tellonym

Tellonym is an anonymous messenger app that calls itself “the most honest place on the internet.” It’s one of the most dangerous apps for kids because the app allows kids to ask and answer questions anonymously. So, as you might expect, cyberbullying, violent threats, and sexual content are prevalent. Messages can connect to social media accounts, so if a user writes something terrible about a classmate, it can be shared loudly with the rest of the world. Tellonym is particularly popular in middle schools and high schools.

11. Tumblr

On Tumblr, users can keep a diary, share photos and videos, and chat. This is another very popular website and app, with more than 450 million active blogs. But, like many sites that have no or uneven policing, users can post pornographic, violent and other inappropriate content. Common Sense Media says Tumblr is “too raunchy for tykes” and also notes that privacy settings aren’t easily set up. Plus, anyone can search for terms such as “suicide” and see hundreds of graphic images and blog articles, some of which glorify dangerous behavior. Tumblr has officially banned all “adult” content, but their efforts are not foolproof.

12. Instagram

With more than one billion users (and owned by Facebook) this photo-sharing site is incredibly popular. Users can add filters or create collages to share on social media platforms. While this site does not have as much inappropriate content as Tumblr, users can still find mature or inappropriate content and comments. People leaving mean-spirited and anonymous comments are common.

Be Smart about These Potentially Dangerous Apps for Kids.

In fairness to all of the apps in this list, or at least most of them, when used safely they can be fun, and help children connect with each other. But when in the wrong hands, or accessed by mean-spirited or an unintended audience, they verge from fun to potentially dangerous apps for kids.

Parents should be aware of the apps their children use, how they are being used, and educate their kids on their dangers. Knowing the best apps to use, along with the best Internet safety tips for kids can be incredibly important. At Single Path, we work with educators and businesses on cyber safety, security and education every day. If you have any questions about any of these potentially dangerous apps for kids, we invite you to reach out to us. We are always happy to answer your questions and help the wonderful world of the Internet be safer for everyone.

Contact us for questions, or to get started protecting your organization.

The 17 Best Internet Safety Tips for Children

Technology moves fast. That in itself shouldn’t be surprising, and neither should the fact that most kids know more about technology than their parents. Unfortunately, that puts many parents in the awkward position of not understanding how to protect their children from cyber issues. Knowing the most critical Internet safety tips for children can be the difference between children using the Internet safely, or leaving themselves vulnerable to those with malicious intent. Because all children are at risk.

Tips for Parents: The Top Internet Safety Tips for Children

In a 2016 survey, 40% of children reported chatting with a stranger online, with 53% of them revealing their phone numbers and 6% sharing their home addresses. Those are some scary numbers. To help keep children safe, share these top 17 Internet safety tips for children with parents: 

1-Get smart about social media
You can’t teach your kids to ride a bike if you can’t ride a bike; and you can’t expect to teach them Internet cyber safety without being familiar with the social networking sites they may use, like Facebook, Twitter, Snapchat and Instagram. Social networking sites let kids (and adults) share photos and videos, and have conversations with friends and strangers. Know how to use these sites so you can discuss them with your children.

2-Remind your children, “Don’t talk to strangers”
Kids who are wary of strangers on the street don’t always use the same precautions online. Make it clear that people often lie about themselves and their ages online, especially predators. And under no circumstances should your children ever meet up with someone they met online without your permission (and if they do meet, you should go along).

3-Teach your kids to keep personal info private
It’s important that children understand what kinds of information shouldn’t be shared, and why. For example, they should never post personal information online such as phone numbers, addresses and credit cards, all of which can be used by criminals.

4-Set rules for social media use
Establishing rules or guidelines from the start is a great way to instill positive habits for your children on social media. You don’t want to be too strict, however, or you risk them breaking the rules behind your back. These Internet safety tips for children can be a great starting point for rules.

5-Keep your computer in a common area of the house
It’s more difficult for sex offenders and online bullies to harass your children when you can see what they are doing. Don’t let your kids go to bed with their laptops and phones.

6-Be aware of every computer your children use
Your children probably use computers at their friends’ houses. Talk to their friends’ parents about how they supervise Internet use.

7-Make Internet time, family time
Browsing the Internet as a family can be fun. You’ll learn more about your kids’ interests, and can guide them to age-appropriate websites.

8-Know their passwords
Help your kids set up their social media and email accounts, and make sure to get their passwords. Always be up front with your kids and let them know you might use their passwords to check out their conversations. You don’t want them to lose their trust in you by discovering you are secretly spying on them.

9-Watch for changes in their behavior
Look for signs that an online sex offender is preying on your kids, or signs your children are victims of cyberbullying. These signs include secrecy about what they do online, withdrawing from the family, and negative personality changes.

10-Look for unexpected gifts to your children
Sexual predators may send letters, photos or gifts to kids to seduce them. Ask your kids about any new toys or electronics they suddenly bring home.

11-Check your children’s browsing history
Open your children’s web browsers and look for “History.” This will show a list of websites they’ve visited. Also check their “Trash” or “Recycle” bins to see what files have been deleted.

12-Set rules, and enforce them
Don’t wait until something bad happens to start creating guidelines for your kids. Rules may include limiting their screen time and limiting what sites they can visit.

13-Keep an open conversation
Your kids could accidentally stumble upon a bad site, even if they’re doing everything right. Get your kids in the habit of talking to you about what they’re doing online, and they will be more likely to come to you if there’s a problem.

14-Protect your computer
Hackers can compromise your computer system and steal your family’s financial security and other private information. Regularly updating software on your phone or home computer can protect your family against scammers and other cyber threats.

15-Teach positive Internet behavior
Just like you don’t want other kids or people behaving inappropriately online to your kids, teach your children good habits. Talk to them about cyberbullying, and why it’s wrong. Discuss why certain posts can be hurtful. Also, if your children are aware of the signs of cyberbullying, they will be more likely to identify it and come to you if it happens to them, or to a friend. 

16-Download a general smartphone security checklist (PDF).
Most kids will interact with the Internet through a Smartphone than a computer. This helpful guide from the FCC has several smart smartphone security tips.

17-Start now
Don’t delay. Kids start using the Internet at very young ages. Discuss the rules, dangers and proper Internet behavior as soon as they start using the Internet, or their friends do. Says David Emm, senior security researcher at Kaspersky Lab, “I think one of the key things is to start the process of discussing online safety with your children at an early age, when they start to do anything that involves the Internet. They might still be using the computer with you, rather than independently and this offers an opportunity to highlight the fact that the online world parallels the real world and that there are both safe and unsafe things out there.”

We’re Here to Help

Any questions about these Internet safety tips for children? If you’re unsure, ask us. At Single Path, we’re happy to discuss cyber security and threats, no matter how basic a question, or how advanced. As experts on cyber security, including implementing, creating and assessing many security offerings for businesses and schools, we’d be delighted to review any of these Internet safety tips for children with you.

Contact us to get your school or business secure! 

The Why and How Behind Protecting Student Data and Teacher Data

In May of 2017, The Economist declared that data has replaced oil as the most valuable resource in the world. This means organizations that keep a lot of data, such as schools, are at significant risk from those trying to steal it. Districts and individuals who follow best practices for protecting student data and teacher data, however, can help stave off many threats.

The Numbers Behind the Why

In 2018 alone, K-12 schools reported 122 cyber attacks, resulting in “the theft of millions of taxpayer dollars, stolen identifies, tax fraud and altered school records,” per an article in Campus Safety magazine. Just one of those attacks affected 500,000 students and staff in the San Diego Unified School District, where names, dates of birth, Social Security numbers, mailing and home addresses, phone numbers, health information and legal notices were stolen.

Those 122 cyber attacks were just the successful ones. In May 2018, the K-12 Chief Information Officer at the Kentucky Office of Education Technology testified to Congress that four billion attempted attacks had been launched against Kentucky’s education data infrastructure over the last academic year. It was also reported that phishing attacks had increased 85 percent from the previous year (see our previous blog posts on phishing techniques, Part 1 and Part 2). 

Why Teachers are at Risk

Teachers are targets because of the vast amount of demographic and administrative data that the school or district collects including teachers’ names, addresses, dates of birth, photos, Social Security numbers, banking information, performance data, health conditions, education credit information, and work records. Stealing this information can lead to identity theft and financial fraud. For example, recently hackers infiltrated the Cleveland school district’s payroll system, and were able to steal a large number of employee paychecks. Hackers did the same to teachers in the Atlanta Public School district.

Why Students are at Risk

Like teacher data, student data is also vulnerable as schools collect an ever-growing amount of information to meet state and federal requirements. Protecting student data is important as it can be particularly attractive to hackers due to clean credit histories and the availability of hard-to-collect information such as students’ mothers’ maiden names. How profitable can hacking be? According to a report from the Parent Coalition for Student Privacy, a child’s Social Security number can be sold for $25 to $35 on the dark web. Multiply this by hundreds or even thousands of students, and one school’s data base can be worth six figures.

How To Start Protecting Student Data, and Teacher Data

Protecting student data, and teacher data, is an ongoing job that involves a lot of time and resources. At the very least, you should incorporate the following seven best practices for protecting student data, and teacher data, as soon as you can.

1.    Secure Devices

While network protection may seem like your first priority, protecting your physical assets is just as important. A stolen computer can include a goldmine of data. As we wrote in a previous blog post, “The mere presence of physical safeguards will strongly discourage malicious acts and provide peace of mind for those in the school.” Keep unused computers locked safely, and track all the hardware you have. You can’t protect what you don’t know you have.

2.    Encrypt Everything

Encryption scrambles text to make it unreadable by anyone other than those with the keys to decode it. By keeping back-up files as well as emails and shared files encrypted, hackers will be unable to read them, should they gain access to them.

3.    Make Strong Passwords

As we’ve reported previously, 60% of people use the same passwords for everything and 81% of data breaches are due to weak, default or stolen passwords. Too many people repeat the same password over and over, so if one password is stolen, many sites are compromised. Other users choose passwords that are easy to remember, but also easy to guess. A password manager can be a critical tool in creating impossible-to-replicate passwords.

4.    Back-Up Data

The easiest way to thwart a ransomware scheme is to have a back-up of your data. Back-ups also protect you from any sort of disaster, whether natural or hacker-originated. Cloud computing can make backing up data, and restoring it later, much easier. Complete cloud migration now can eliminate a lot of headaches later.

5.    Educate Staff

Most data breaches stem from human error. For example, the 2017 Equifax data breach, one of the biggest in recent memory, was blamed on a single employee failing to follow security warnings. Even the most senior IT professional can make a mistake, but the more someone knows about threats, the less of a chance they will fall victim to one. That’s why training your staff on best practices, such as how to spot a phishing email, or what not to divulge on social media, can make a big difference.

6.    Educate Students

Not all students may fully understand the criminality of cybercrime, whether they are attempting to hack a school’s network or conducting a DDoS attack as a prank (which is exactly what happened to the school district in St. Charles, Illinois). Per an article on educational tech news provider EdSurge, “Students could potentially piggyback onto unsecured WiFi networks without ever leaving school property, making them susceptible to cybercrime. Providing lessons in ‘digital citizenship’… can go a long way to help protect school assets and the student’s identity.”

7.    Call Single Path

Most districts have limited expertise or resources to plan, implement and share the processes needed to protect their teachers and students. Often, a third-party provider will best be able to monitor, manage and protect the school or district. At Single Path, that’s exactly what we have done for many school districts, such as Great Lakes Academy in Chicago. Our comprehensive suite of services, including managed cloud services and security offerings are designed for businesses and schools to assess, prepare and protect against risk. Let us help you start protecting student data and more.

Ask us how to get started! 

Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked.

Many of us are constantly worrying: why did I click that link? Why did I go to that site? Why did I respond to that email? While there are many things we can do to keep ourselves and our organizations from being hacked, everyone makes a mistake every now and again. But being aware of the telltale signs you’ve been hacked can change the up-all-night question from, “Have I Been Hacked?” to “What Should I Do Now?” And asking that question can make all the difference.

  1. My Gadget is Too Slow!

Your computer is working fine, zipping along, and then … you wait. And wait. Your software gets sluggish, or constantly freezes or crashes. The commands you type take a few extra moments to respond, and your apps take forever to open. If you start noticing some of these symptoms, your gadget may be infected with viruses, trojans or worms. “Have I been hacked?” Quite possibly. Malicious software usually runs in the background, eating up your gadget’s resources while it’s active, often slowing down your system to a crawl.

  1. Why Am I Getting So Many Pop-up Ads?

Did you know malware can add bookmarks to your web browser, website shortcuts to your home screen, and modify the pop-up ads that you get while browsing? And when you click on that pop-up you could download another virus or be taken to a corrupt website selling bogus products or services to get your credit card information. “Have I been hacked?” If you start noticing browser pop-up ads from websites that don’t normally generate them, then the answer is probably, “yes.”

  1. I Got a Ransom Message!

Ransomware is malware that makes your data inaccessible unless you pay a ransom, often in online currency. “Have I been hacked?” If you get a ransomware demand, it could be fake, but there’s also a significant chance your data is gone unless you pay up. If you have a good, recent backup, you can simply recover the data without paying the ransom. If you haven’t backed up your data, you are at the mercy of the hackers holding your ransom. They might send you an encryption code to unlock your data if you pay the ransom. Then again, maybe they won’t.

  1. My Online Password Doesn’t Work!

You’ve typed your password five times. It’s the same password you always use. You’re getting annoyed it’s not working, and so you ask yourself, “Have I been hacked?” Someone might have logged in to your account and changed the password. But how? Per a current article by CSO online, this is most likely to happen after you’ve responded to a phishing email that looked legit, but wasn’t. You get an email you think is from a coworker or a vendor, and you share personal information, and next thing you know a site, with your credit card information conveniently stored, is in someone else’s hands. This is also why using the same passwords on multiple sites is a bad idea. Contacting one website to report fraudulent use is a challenge;  trying to remember all the dozens of sites with your password may be impossible.

  1. I Got An Antivirus Message!

This scam was a bit more prominent a few years ago, but it still comes up every now and again. Typically, you will get an antivirus warning after your computer has been infected. Get protection now! Your system may be compromised! Danger, Will Robinson! “Have I been hacked?” You bet. Clicking on the link takes you to a professional-looking website where they ask for your credit card number and billing information. The hacker now has control of your system and your credit card. It’s win-win for them (and lose-lose for you).

  1. “Where Did This Program Come From?”

Sometimes malicious programs are disguised as legitimate software. But if you don’t recognize the program it may be malicious. Unwanted software is sometimes installed at the same time you install another program; free programs you download from the web are often to blame. “Have I been hacked?” It’s a strong possibility. Always read your license agreements–some free programs actually admit they will be installing spyware or malware onto your computer to avoid legal action against them. They assume you’ll never read the agreement. Most people don’t.

“Have I Been Hacked?” If the Answer is Yes, Here’s What You Need to Do Now

If you have been hacked, you’re not alone. Research company Vanson Bourn found that 44% of organizations they surveyed had suffered multiple hacks in the last year, with an average loss of more than $1 million per company. Have I been hacked?” If so, you need to act quickly and:

  • Change all your passwords. Do this from another machine, as hackers can capture your keystrokes (commonly called keystroke logging). Don’t repeat any password on more than one page.
  • Use a password manager. Coming up with memorable and hard-to-uncover password for every site is nearly impossible. A password manager will create secure passwords and store them for you.
  • Enable two-factor authentication. If you’re not already doing this, use two-factor authentication for all your passwords. A hacker will need both your password and access to a physical device, like your phone, to access a site.
  • Report fraud. Always report fraud right away. Contact your bank and put a freeze on all your vulnerable credit cards immediately.
  • Update your antivirus software. While not 100% effective, these do work. Use a well-known provider. Some antivirus software is created by hackers, and the software will infect your machine, not protect it.
  • Check for new accounts. Open your Inbox, Spam, Trash, and Sent email folders to see if your email was used to set up new accounts—such as emails with subject lines that say, “Your account was successfully created.”
  • Reinstall your operating system and back up files. Reinstall your operating system, wipe your hard drive clean, and retrieve your backup files.

Or, call Single Path

Ideally, before you say,Have I been hacked?” you’ll take action to avoid that problem, such as calling Single Path. We can help restore your system after a hack, or even better, help prevent one from happening. Our Security Offerings give you a line of defense that leave hackers frustrated and seeking easier prey. And our Managed Cloud Services give you access to leading technology with the most recent security patches, without the need for ongoing investments. So, instead of asking “Have I been hacked?” you’ll be saying, “I’m glad I called Single Path.”

Ask us how to get started! 

7 Pain Points That Cloud Migration Can Solve

The use of the cloud for data storage, sharing and communication continues to grow for both businesses and schools. In fact, virtually all North American organizations (97 percent) use the cloud one way or another, and it’s predicted that 80% of small businesses will solely rely on cloud computing by 2020. For many organizations, this is a positive development due to the many advantages that cloud migration provides. If you’re late on switching to the cloud, or only doing so for a small portion of your business, consider these seven pain points addressed by migrating your data to the cloud.

  1. Hidden expenses

Nearly two-thirds of small businesses and organizations are expected to buy new IT equipment this year, but the costs go beyond the hardware. For example, some organizations have rooms solely dedicated to servers, which not only takes up needed floorspace, but can demand costly cooling and electric bills. The organization may also face potentially high maintenance and repair bills, and will need to keep a larger IT team on staff to maintain the equipment. In fact, it’s estimated that 80% of an organization’s IT costs aren’t spent purchasing computers, but on aftermarket tech and labor costs. With cloud migration, however, many of these costs go away.

  1. Data security

One of the biggest concerns of every organization is data security, especially with data breaches and other cybercrimes continuing to grow, both at schools and businesses. These breaches can be devastating to an organizations’ bottom line, and its reputation.

Cloud providers have stringent cloud security requirements they must adhere to, and offer many advanced features that can ensure data is securely stored and handled. For example, some cloud security features can wipe a device’s data, and its access to data, in case the device goes missing. (We wrote about data security and other cloud advantages in our previous blog post: 12 Reasons to Move Your Business to the Cloud.)

  1. Lack of accessibility and mobility

The days of working on-site, and only on-site, are long gone. In fact, globally, 70% of employees work remotely at least once a week. After migrating your data to the cloud, resources can be easily stored, retrieved and recovered with just a few clicks from anywhere. Not only is data available even if your team members are at home or travelling, many applications can be run on Internet browsers. This means employees, teachers or even students don’t need access to expensive computers to run many routine, mission-critical apps.

  1. Work-life balance

Since the cloud is always on, employees can collaborate from anywhere, at any time. Cloud migration provides workplace flexibility in both hours and location; employees can work from a doctor’s waiting room, for example, rather than being forced to take an entire half day off. More and more employees expect a great deal of flexibility in their work lives; the ability to offer that flexibility can mean the difference between hiring and keeping a key employee.

  1. Scalability

Different companies have different IT needs, and those needs change as companies expand or shrink. With cloud migration, businesses can add or remove resources easily without the cost and risk of investing in physical infrastructure. This level of agility can give businesses a real advantage over their competitors. Global Dot, a leading web and cloud performance reseller, says: “Scalability is probably the greatest advantage of the cloud.”

  1. The carbon footprint

A 2014 study by New York City revealed that, on average, each student, teacher and staff member in their school districts uses 28 pounds of paper a year. The costs can be surprisingly high­–a school with 100 teachers can spend $25,000 on paper a year alone according to Edutopia. That doesn’t include toner costs and energy use: maintaining equipment, including cooling that equipment, can be even more costly. With cloud storage, that money can go right back into the budget.

But the green benefits may be even greater. According the Global e-Sustainability Initiative (GeSI), cloud computing can reduce global greenhouse gas emissions by 16.5%. While moving to the cloud is good for the environment, it may also prove to be good for business­–more than 66% of responders to a recent Nielsen study would be willing to pay more for products made by environmentally-responsible companies

  1. Disaster recovery

Data loss is a major concern for any organization. What happens to your data in the case of equipment failure, theft or even human error? Storing your data in the cloud guarantees that data is always available, and available anywhere. Cloud-based services also provide quick data recovery after emergencies such as natural disasters and power outages. Yet, despite the potential dangers and risks involved in the case of a disaster, 75% of small businesses have no disaster recovery plan in place according to IT service provider phoenixNAP.

Let’s Get Cloud Migration Started

Incorporating and committing to the cloud can save money, increase productivity and guard against disaster. But navigating your options, training staff on proper protocols, transferring data and more can take a lot of time and effort. That’s where Single Path comes in. Our Managed Cloud Services give you access to our seasoned expertise without high initial costs or ongoing investments in upgrades. We can provide lower costs, access to the latest technology, reduced risk, adaptability to changing business conditions and superior support. We work with many organizations, including businesses and schools, and are always eager to discuss your unique situation. Cloud migration can improve security, performance and communication. Ask us how to get started! 

The Importance of Email and IM Encryption for Cyber Security

IM encryptionThe average office worker receives about 90 emails a day, and sends 40 emails. Also, 97% of all Americans text at least once a day and 80% text for business purposes. Yet, while more and more team members are cautious about file sharing and data protection, many are still unaware how easily an email can be intercepted by a hacker, or how easily SMS texts can be monitored by outside parties. The solution is data encryption.

What is Encryption and how does it work?

Encryption is the process of encoding information to prevent anyone other than its intended recipient from reading it. Data encryption uses an algorithm (known as a cipher or ciphertext) to convert information into random characters or symbols. These are unreadable to anyone who does not have access to a special encryption key used to decrypt the information (we described this in more detail in the first of an earlier two-part blog post about data encryption).

Email Encryption

A single, intercepted email can provide a password, a confidential file or other private information to a hacker. But a hacker can also hijack your entire email account to read emails, send emails, gather confidential information and more. As reported in a recent PC World article, “If you leave the connection from your email provider to your computer or other device unencrypted while you check or send email messages, other users on your network can easily capture your email login credentials.” To keep your emails and email accounts safe, these three things should be encrypted:

  • The connection from your email provider. Encrypting the connection prevents unauthorized users from intercepting and capturing login credentials, and any email messages travelling server-to-server.
  • Your actual email message. Encrypting email messages means any emails intercepted will be unreadable.
  • Your stored, cached or archived email messages. Encrypting your stored messages will prevent a hacker from reading the saved files on your hard drive or network.

Instant Messaging Encryption

For many people on your team, the productivity advantages of Instant Messaging are enormous. The speed of delivery and response can far surpass other electronic communication options. But since standard SMS texting is unencrypted, conversations can be monitored by hackers or even law enforcement personnel.

Fortunately, many IM providers already implement a level of encryption. For example, the Messages app on an iPhone or macOS device incorporates end-to-end encryption. The WhatsApp messaging feature on many Android and Windows devices also uses end-to-end encryption

Other providers may not be as secure. Recently, popular collaboration hub Slack received some unwanted attention for just this reason. Slack markets itself as a place “where you and your team can work together to get things done … From project kickoffs to budget discussions, and to everything in between.” Slack has more than 10 million users every day. But according to a report by CNBC, executives are concerned about the commonplace sharing of sensitive data on Slack. “I love my people, but they never shut up on Slack,” said the CEO of a security company. “It’s very good for productivity, but the problem is we’re working on security, so we have to be careful about what we say.” About a quarter of corporate breaches are related to insiders, (per a report from Verizon) and they can easily use information gathered from collaboration tools like Slack and Dropbox.

Encryption Made Easy

Encryption applications for emails and SMS messaging are easy to find, but not all are equally effective or easy to use. In addition to security, a successful encryption program should be:

  • Encryption should take as few steps as possible, and be easily accomplished by the most non-technical user. For the most part, this means the email encryption application should be automatic.
  • Encryption should enable the safe delivery of messages to anyone, regardless of their email server or own security protocols (or lack of them). It should look and act just like regular email.
  • Content Agnostic. Your email encryption should also encrypt documents, sound files, spreadsheet, video or any other attachment.
  • Only you and your recipient(s) should be able to read the message, not even your encryption provider.

The Importance of Staff Training

With so many people in your organization dependent on email and IM, it is critically important that they are aware of the risks involved, and are open to incorporating best practices into their daily routines. Security Awareness Training should be a mandatory part of every team member’s basic training. Security Awareness Training conditions staff not to click or open anything that looks suspicious, and focuses on changing human behavior to make security part of workplace culture.

How To Implement Encryption For Your Cyber Security Program

If your organization is not currently encrypting instant messages, and insisting on the use of encrypted email applications, you are putting your organization at pointless risk. Single Path works with many different businesses and schools on their cyber security. We can train your staff, help you analyze, procure and implement the best security software and protocols, and work with you to put the processes in place to help you navigate safely through the dangerous online world. Our security offerings are as vast as they are effective. Safer and effective messaging through encryption is a great place to begin.

Ask us how to get started!

The Top 9 Cyber Security Myths and the Top 9 Cyber Security Truths

You might think your business is too small for a cyberattack, your security is too strong or your data is too insignificant. Unfortunately, we have some bad news: no organization is safe from the continually growing threat of a cyberattack regardless of size, industry or best efforts. Here are the top nine cyber security myths, and the harsh realities behind them.

  1. Cyber Security Myth: Only big organizations are at risk of a cyberattack.
    Reality: Half of all data breach victims are SMBs.

According to the 2018 Verizon Data Breach Investigations Report, 58% of data breach victims are small businesses. That’s because SMBs are often seen as more vulnerable than bigger businesses and as having fewer security protocols in place. A recent study by the Poneman Institute, The 2018 State of Cyber Security in Small and Medium Size Businesses, revealed that 70% of small businesses have experienced a cyberattack in the last 12 months. According to the report, only 28% of small businesses rate their ability to mitigate threats, vulnerabilities and attacks as “highly effective.”

  1. Cyber Security Myth: Hackers aren’t interested in my industry.
    Reality: Any organization with sensitive information is vulnerable.

Malware and viruses don’t discriminate; any machine or network can pick up a Trojan Horse or face a ransomware scheme. While financial services and healthcare are among those industries hit by the most cyberattacks, wide nets are cast and can land anywhere. Across the world, ransomware attacks are up 350% and IoT attacks are up 600%. If your business has a network or a computer, it’s at risk.

  1. Cyber Security Myth: I’m only at risk from outside cyberthreats.
    Realty: Insider threats are frequent and often harder to detect.

From rogue employees to careless ones, from third-party contractors to business partners, research suggests insider threats account for up to 75% of all security breaches. According to a recent article from Security Magazine, 32% of companies can’t even determine the root source of a data breach after 12 months–so that 75% could be even higher.

  1. Cyber Security Myth: Cyber security is the IT department’s responsibility.
    Reality: Cyber security is the responsibility of every member of your team.

According to some reports, more than 90% of malware is installed over email. If your employees aren’t trained on cyber security best practices, such as how to identify phishing emails and the risk of clicking on unsafe links, they could be leaving your organization in peril. Some email hacking ploys are quite sophisticated, and employees are not always on guard. Regular cyber security awareness training is critical.

  1. Cyber Security Myth: You’ll know immediately if your network is infected.
    Reality: Modern malware is stealthy and hard to detect.

It takes an average of 191 days for a business to detect a data breach, and then another 66 days to fully contain it. The longer a breach occurs, the more files may be compromised, the more data can be stolen (and perhaps sold on the black market) and the more likely your organization is to suffer irreparable harm.

  1. Cyber Security Myth: My anti-virus and anti-malware software keeps me safe.
    Reality: Software can’t protect against everything.

In 2016, the cybersecurity company McAfee says it found four new strains of malware every second. Who knows how many they never detect? There is no way updates can keep up with the evolution of cyberthreats. Making matters worse, many businesses don’t immediately install security patches, either due to ignorance of difficulty. As reported by online security site CSO, “People aren’t too dumb or lazy to install patches. They want to do the right thing. But patching can be difficult for a multitude of reasons, and those roadblocks explain why patching is performed so poorly in most organizations.”

  1. Cyber Security Myth: My passwords are strong enough.
    Reality: You need two-factor authentication.

When multiple employees have access to the same system, that system is only as strong as the weakest password. But even a strong password isn’t without risk: an employee can be duped into sharing a password via a phishing scheme, or re-use a password that is compromised somewhere else. Two-factor authentication can reduce much of this risk.

  1. Cyber Security Myth: Our organization has never faced a cyberthreat, so we’re safe.
    Reality: That’s what everyone says right before they go out of business.

Are you familiar with the Identity Theft Resource Center (ITRC) breach list? Every month this list is updated with newly reported business data breaches, most of which never make the front page. You won’t have to look long to find an organization like yours, whether it’s a business your size, in your industry, in your state, or all of those. This list also details how the breach occurred and what was affected. It can be eye opening for many small businesses, especially with 60% of small businesses folding within six months of a cyberattack.

  1. Cyber Security Myth: Complete cyber security is achievable.
    Reality: No, never. Which is why you need a partner like Single Path.

In 2017, a cyberattack cost small-to-medium sized businesses an average of $2,235,000 per attack. Keeping your business safe from cyberthreats is a critical job; it can also be a full-time one. That’s why you need a partner like Single Path. We have helped thousands of organizations like yours protect themselves. From employee training to managed cloud services, from hardware procurement to our full slate of security solutions, we can implement the protocols you need to have a safer, more cybersecure organization. Because the biggest cyber security myth of them all is that your organization is safe.

Ask us how to get started now.