2iC Global

You are here: Home / Archives for security

security

10-WAYS you can look after your Smartphone

by

Your Smartphone is valuable… but are you doing anything to make sure you are protecting it as much as possible?

We have become a smartphone society. In both the UK and the US, around two-thirds of people own smartphones, and many of those people consider their phones an essential device for getting online.

Smartphones aren’t cheap, either. While the average price of an Android phone is around £200, the average price of an iPhone is around £570 and there are many phones that cost even more. Believe it or not, if you have the funds, you can pay thousands or even millions of pounds for a smartphone.

Most people take a deep breath when it’s time to replace their phone, because they know it’s going to hurt their wallet. But you can put off that painful experience by keeping your phone in good health. Here’s a checklist of ways to protect your smartphone. Let’s start with external threats.

 

1. Get a Case

There’s nothing worse than dropping your phone and shattering the screen. It happens a lot, and there’s no guarantee you’ll be able to get it fixed. The answer is to protect your phone with a case.

There are dozens to choose from for every model. If you know you often drop your phone, get a case that will protect your phone against anything (even driving a car over it!). It will make it heavier, but it’s worth it. Otherwise, a slimmer case or simple sleeve will do.

One tip: if you’re using a clip on case, make sure it’s got a decent-sized lip all around so if the phone does drop, it doesn’t land directly on the screen.

 

2. Protect Your Screen

Speaking of screens, consider a screen protector. Some screens are made of a tough material and may not need them. However, a protector may keep your screen together if you drop the phone. It also means it’s harder to scratch your screen, which can affect its responsiveness. Get a protector that’s easy to apply and is right for your phone.

 

3. Be Careful How You Put It Away

Unless you’re using a super-effective case or screen protector, ladies, avoid putting keys in the same section of your handbag as your phone. Gents – keys and phones don’t belong in the same pocket.

If you’ve ever had a scratch that is right in the middle of the area you need to swipe, you’ll know that key scratches (and other scratches) can seriously ruin the touchscreen experience.

While you’re at it, don’t put the phone in dangerous places, like on a balcony railing, for example. That’s just asking for the phone to fall and get smashed to pieces. When you put your phone down, keep it away from hazards so it will survive till you’re ready to upgrade.

 

4. Avoid Water and Extreme Temperatures

Most people don’t put their phones in water deliberately, but lots of people forget they have a phone in their pocket when heading to the beach or pool. One dip later, and the phone is toast (unless you manage to dry it out with rice).

 

5. Keep it Clean

You might not be able to see dust particles, but they get into your smartphone, even if you’re using a case or screen protector. Too much dust will result in your phone’s performance taking a hit. Use a soft screen-cleaning cloth with an appropriate screen cleaner to wipe your screen gently. Open the case every now and then to give the phone a wipe and get rid of the dust.

The five tips above help you provide external smartphone maintenance and protection, but safeguarding your phone is also about keeping it running smoothly. Here are some tips for doing that.

 

6. Streamline and Update Your Apps

Most smartphones include a bunch of apps that the manufacturer has installed. Chances are, you don’t need all of them. Since the more apps you run, the shorter your battery life, disable or uninstall any apps you don’t need.

For the apps you DO use, make sure you’re always running the latest version. App developers update apps regularly, to add new functionality, cut down on resource usage and guard against malware and security threats.

Tip: Either set your apps to update automatically, or update them manually at least once a week.

 

7. Clear the Cache

When you install apps or when they run, they may leave junk files behind in the cache. Those take up valuable memory which could be put to better uses. Clear these files out from time to time. Both Android and iOS allow you to do this.

 

8. Use Trusted Sources

Sometimes you want to download and install a new app, but where should you get it from? With the rise of malware on phones, the best advice is to use the app store for your device or another trusted app store, such as Amazon’s.

 

9. Expand Your Storage

If your phone allows it, install an external SD card to increase the available storage, then run any apps you can from this storage. You can also use it to store media files. This frees up the phone’s internal memory, resulting in better performance.

 

10. Look after the Battery

Follow the manufacturer’s guidelines for looking after your battery. Depending on the age of your phone and the battery it’s using, this might include:

  • charging your phone before it runs down completely
  • letting it run down fully once in awhile
  • restarting your phone from time to time
  • turning off services you don’t need (like mobile data when you can use Wi-Fi and live wallpaper)
  • keeping the battery cool (and turning off the phone to let it cool down if it overheats)

There’s plenty of advice online about the best practices for your particular smartphone model. Finally, you also need to ensure you can find your phone if someone steals it. Use the security features built into your device to help with this:

  • Lock your phone with a pin, password or pattern.
  • Don’t share your password.
  • Install a security app to help you track your phone if it gets into the wrong hands.

 

Even if you do apply all of these factors to taking care of your smartphone, things may still go wrong on them from time to time. If you are interested in Mobile Phone Repairs and Maintenance, check out our latest job vacancy by following this link!

– Sharon Hurley Hall

4 Must-Know Methods for protecting against Ransomware

by

Ransomware is a multi-million-pound crime operation that strikes everyone from hospitals to police departments to online casinos.

It’s such a profitable scheme that experts say traditional cyberthieves are abandoning their old ways of making money—stealing credit card numbers and bank account credentials—in favor of ransomware.

Due to the consistent development in Ransomware, you’re still largely on your own when it comes to fighting ransomware attacks, which hackers use to encrypt your computer or critical files until you pay a ransom to unlock them. You could choose to cave and pay, as many victims do. Last year, for example, the FBI says victims who reported attacks to the Bureau enriched cyber extortionists’ coffers by $24 million. But even if you’ve backed up your data in a safe place and choose not to pay the ransom, this doesn’t mean an attack won’t cost you. Victims of the CryptoWall ransomware, for example, have suffered an estimated $325 million in damages since that strain of ransomware was discovered in January 2015, according to the Cyber Threat Alliance. The damages include the cost of disinfecting machines and restoring backup data—which can take days or weeks depending on the organisation.

But don’t fear—you aren’t totally at the mercy of hackers. If you’re at risk for a ransomware attack, there are simple steps you can take to protect yourself and your business. Here’s what you should do.

 

First of All, Who Are Ransomware’s Prime Targets?

Any company or organisation that depends on daily access to critical data—and can’t afford to lose access to it during the time it would take to respond to an attack—should be most worried about ransomware. That means banks, hospitals, Congress, police departments, and airlines and airports should all be on guard. But any large corporation or government agency is also at risk, including critical infrastructure, to a degree. Ransomware, for example, could affect the Windows systems that power and water plants use to monitor and configure operations, says Robert M. Lee, CEO at critical infrastructure security firm Dragos Security. The slightly relieving news is that ransomware, or at least the variants we know about to date, wouldn’t be able to infect the industrial control systems that actually run critical operations.

“Just because the Windows systems are gone, doesn’t mean the power just goes down,” he stated. “[But] it could lock out operators from viewing or controlling the process.” In some industries that are heavily regulated, such as the nuclear power industry, this is enough to send a plant into automated shutdown, as regulations require when workers lose sight of operations.

Individual users are also at risk of ransomware attacks against home computers, and some of the suggestions below will apply to you as well, if you’re in that category.

 

1. Create Data Backups

The best defense against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily, so that even if your computers and servers get locked, you won’t be forced to pay to see your data again.

“More than 5,000 customers have called us for help with ransomware attacks in the last 12 months,” says Chris Doggett, senior vice president at Carbonite, which provides cloud backup services for individuals and small businesses. One health care customer lost access to 14 years of files, he says, and a community organisation lost access to 170,000 files in an attack, but both had backed up their data to the cloud so they didn’t have to pay a ransom.

Some ransomware attackers search out backup systems to encrypt and lock, too, by first gaining entry to desktop systems and then manually working their way through a network to get to servers. So if you don’t back up to the cloud and instead backup to a local storage device or server, these should be offline and not directly connected to desktop systems where the ransomware or attacker can reach them.

“A lot of people store their documents in network shares,” says Anup Ghosh, CEO of security firm Invincea. “But network shares are as at risk as your desktop system in a ransomware infection. If the backups are done offline, and the backup is not reachable from the machine that is infected, then you’re fine.”

The same is true if you do your own machine backups with an external hard drive. Those drives should only be connected to a machine when doing backups, then disconnected. “If your backup drive is connected to the device at the time the ransomware runs, then it would also get encrypted,” he notes.

Backups won’t necessarily make a ransomware attack painless, however, since it can take a week or more to restore data, during which business operations may be impaired or halted.

“We’ve seen hospitals elect to pay the ransom because lives are on the line and presumably the downtime that was associated, even if they had the ability to recover, was not considered acceptable,” says Doggett.

 

2. Just Say No—To Suspicious Emails and Links

The primary method of infecting victims with ransomware involves every hacker’s favorite bait—the “spray-‘n’-pray”phishing attack, which involves spamming you with emails that carry a malicious attachment or instruct you to click on a URL where malware surreptitiously crawls into your machine. The recent ransomware attacks targeting Congressional members prompted the House IT staff to temporarily block access to Yahoo email accounts, which apparently were the accounts the attackers were phishing.

But ransomware hackers have also adopted another highly successful method—malvertising—which involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you know and trust, such as the malvertising attacks that recently struck the BBC. Ad blockers are one way to block malicious ads, patching known browser security holes will also thwart some malvertising.

When it comes to phishing attacks, experts are divided about the effectiveness of user training to educate workers on how to spot such attacks and right-click on email attachments to scan them for malware before opening. But with good training, “you can actually truly get a dramatic decrease in click-happy employees,” says Stu Sjouwerman, CEO of KnowBe4, which does security awareness training for companies. “You send them frequent simulated phishing attacks, and it starts to become a game. You make it part of your culture and if you, once a month, send a simulated attack, that will get people on their toes.” He says with awareness training he’s seen the number of workers clicking on phishing attacks drop from 15.9 percent to just 1.2 percentin some companies.

Doggett agrees that user training has a role to play in stopping ransomware.

“I see far too many people who don’t know the security 101 basics or simply don’t choose to follow them,” says Doggett. “So the IT department or security folks have a very significant role to play [to educate users].”

 

3. Patch and Block

But users should never be considered the stop-gap for infections, Ghosh says. “Users will open attachments, they will visit sites that are infected, and when that happens, you just need to make sure that your security technology protects you,” he says.

His stance isn’t surprising, since his company sells an end-point security product designed to protect desktop systems from infection. The product, called X, uses deep learning to detect ransomware and other malware, and Ghosh says a recent test of his product blocked 100 percent of attacks from 64 malicious web sites.

But no security product is infallible—otherwise individuals and businesses wouldn’t be getting hit with so much ransomware and other malware these days. That’s why companies should take other standard security measures to protect themselves, such as patching software security holes to prevent malicious software from exploiting them to infect systems.

“In web attacks, they’re exploiting vulnerabilities in your third-party plug-ins—Java and Flash—so obviously keeping those up to date is helpful,” Ghosh says.

Whitelisting software applications running on machines is another way Sjouwerman says you can resist attacks, since the lists won’t let your computer install anything that’s not already approved. Administrators first scan a machine to note the legitimate applications running on it, then configure it to prevent any other executable files from running or installing.

Other methods network administrators can use include limiting systems’ permissions to prevent malware from installing on systems without an administrator’s password. Administrators can also segment access to critical data using redundant servers. Rather than letting thousands of employees access files on a single server, they can break employees into smaller groups, so that if one server gets locked by ransomware, it won’t affect everyone. This tactic also forces attackers to locate and lock down more servers to make their assault effective.

 

4. Got an Infection? Disconnect.

When MedStar Health got hit with ransomware earlier this year, administrators immediately shut down most of the organisation’s network operations to prevent the infection from spreading. Sjouwerman, whose firm distributes a 20-page “hostage manual” on how to prevent and respond to ransomware, says that not only should administrators disconnect infected systems from the corporate network, they should also disable Wi-Fi and Bluetooth on machines to prevent the malware from spreading to other machines via those methods.

After that, victims should determine what strain of ransomware infected them. If it’s a known variant, anti-virus companies like Kaspersky Lab may have decryptors to help unlock files or bypass the lock without paying a ransom, depending on the quality of encryption method the attackers used.

But if you haven’t backed up your data and can’t find a method to get around the encryption, your only option to get access to your data is to pay the ransom. Although the FBI recommends not paying, Ghosh says he understands the impulse.

“In traditional hacks, there is no pain for the user, and people move on,” he says. But ransomware can immediately bring business operations to a halt. And in the case of individual victims who can’t access family photos and other personal files when home systems get hit, “the pain involved with that is so off the charts…. As security people, it’s easy to say no. Why would you feed the engine that’s going to drive more ransomware attacks? But … it’s kind of hard to tell someone don’t pay the money, because you’re not in their shoes.”

 

For more news on Information Technology, visit our ‘latest industry news’ page by following this link!

If you are looking for a new career within the IT Industry, check out our latest jobs by visiting our Jobs Page!

 

– Kim Zetter

10 IT Infrastructure Skills every IT Master should know

by

Infrastructure is no longer static, immovable, or inflexible — and neither should be an IT pro’s skill set.

Take a look at 10 of the hottest Infrastructure skills that IT pros should be considering today.

 

1. Cloud Security

The sad reality about new IT technologies is that security is often an afterthought. Cloud computing came along and people jumped onboard before a robust and well-planned security roadmap could be established. Because of this, many early cloud adopters are scrambling to re-architect their cloud services with advanced security. While cloud security essentially uses the same tools found in traditional infrastructure security, there are more things to consider. Security considerations ranging from third-party data storage, data access, and even multi-tenancy issues are new skills you can acquire.

 

2. Software-Defined WANs

As a whole, it’s going to take some time for end-to-end software defined networking (SDN) to take hold. But one specific aspect of SDN, namely software-defined WANs, can and should be implemented today. For many companies, SD-WAN will be their first foray into SDN — and it’s a skill that will be the tip of the “software-defined” iceberg.

 

3. Cloud Service Broker

As server and network infrastructures continue to be outsourced into the cloud, some in-house infrastructure administrators are left wondering what role they may play in the not-too-distant future. One skill set that will be useful is that of a cloud service broker. In this role, the broker will evaluate various cloud services and form/maintain relationships with them on behalf of the organisation. And, while negotiating contracts may be a major skills change for many administrators, this role still requires a deep understanding of the underlying infrastructure technologies that cloud providers offer. So if you’re looking to still use the technical skills you have, while also seeking to move toward more of a non-technical role, then this might be the right fit for you.

 

4. Next-Generation Firewalls (NGFWs)

Next-generation firewall skills are currently in very high demand. Today’s NGFWs not only incorporate traditional layer 3/4 access controls and stateful inspection, they also perform layer 7 packet inspection to identify and apply policy traffic based on application type. In many ways, the NGFW is the linchpin for other modern security tools — and thus a skillset that every enterprise will soon require.

 

5. Cloud-Managed Networking

Cloud-managed networking is still in its infancy. Wireless LANs were the first part of the network to move to the cloud. But because of the popularity of cloud-managed WLANs, routing, switching, and network security is also becoming more popular. While networking is networking, regardless of where it’s managed, most vendors are using completely new interfaces that administrators must master.

 

6. Collaboration

It used to be that enterprise collaboration tools consisted of desk phones, videoconference rooms, and perhaps a chat client. But these days, collaboration is far more wide reaching. We’re talking about personal meeting rooms with full HD video capabilities, smartphone apps that fully mimic your office phone and chat applications, and shared project-management tools that tightly integrate with other enterprise tools such as mail and calendaring. Collaboration tools are becoming hugely popular in the new “work from anywhere” world in which we live.

 

7. Mobile Device Management (MDM)

The use of employee-owned mobile devices and laptops in the enterprise continues to explode. Most enterprise applications these days have smartphone or Web-based apps that employees can — and do — use. Companies that were early BYOD adopters are finding that their infrastructure is left vulnerable because there is little to no security protecting potentially insecure devices from accessing company resources — or from preventing the loss of intellectual property on personal devices. Mobile device management is a popular way to alleviate many of these problems — and thus it is a great skill to know.

 

8. Malware Sandboxing

Advanced malware is becoming an increasingly difficult problem for enterprises to tackle. Even with the use of tools like next-generation firewalls, intrusion prevention, advanced security gateways, and desktop malware prevention, advanced malware often squeaks through. Malware sandboxes are one of the newest and most popular tools used to catch malware that other tools can’t. Data flagged as potentially suspicious is placed in a simulated and segregated environment called a sandbox. The data then is allowed onto the simulated network, where it’s run through a gauntlet of tests to determine if the code starts doing something malicious. For security administrators, malware sandboxing is a great tool to have in the tool belt — and one that’s likely to grow in popularity.

 

9. Application Containers

Many people think application containers are the next evolutionary step in data center virtualization. Instead of virtualizing entire servers to host a single application, application containers allow for essentially the same thing, except they’re running on a single OS. An application container does this by creating virtual containers that enable OS settings unique to one particular application and hiding them from other applications. Data centers can run the same number of applications with far lower memory and storage requirements. Those who are heavily involved in server virtualization absolutely must look into containers.

 

10. Data Center Switching

Switching in the data center is far more advanced — and far more specialized — than it used to be. Today’s data centers often use a combination of switching, virtualized routing, and various application load-balancing and high-availability techniques that are growing in complexity. Add to this SDN’s creep into data center switching architectures and you have an area of networking that is highly complex, cutting edge, and in high demand.

 

Conclusion

Not only does this list encompass a wide range of infrastructure responsibilities, the skills also vary in technical complexity. In the end, there is almost certainly a skill or two that any infrastructure administrator has (or soon will have) on their “to learn” lists. The world of IT Infrastructure is growing rapidly, therefore this skill list will continue to expand over the course of time.

 

For more news on Information Technology, visit our ‘latest industry news’ page by following this link!

If you are looking for a new career within the IT Industry, check out our latest jobs by visiting our Jobs Page!

 

– Andrew Froehlich

© 2025 2iC Global. All rights reserved. Sitemap

Website Design by Yellow Marshmallow.