Why do I need an IT Task Calendar?

If you were a larger enterprise, with an IT person/department or an IT Managed Service Provider (IT MSP), part of their responsibility should be carrying out regular maintenance tasks that would keep your IT working well and everything kept up-to-date.

I was inspired to write this post from a SANS Internet Storm Centre Diary that was published last year.

I have my own such calendar embedded in my head and I tend to do these things automatically without thinking. This is likely because it is the habit of nearly 40 years of fiddling with and subsequently working on computers. On my laptop, I close all applications and shut the laptop down every night. This simple act absolves me of having to do the daily and one of the weekly tasks below.

Too Long; Didn’t Read (TL;DR)

Daily:

• Restart your browser.

Weekly:

• Restart your Laptop/Desktop, Smartphone and Tablet (apply updates if available)
• Run an Anti Virus scan (schedule if possible)

Monthly:

• Apply Microsoft updates
• Apply updates to other software applications
• Check your backups

Quarterly:

• Printer, Router, Firewall, Switch, IoT device update check
• Do a failover check (if applicable)

Daily tasks:

Restart your browser at least once a day

The first item for our IT Task Calendar.

A lot of us spend quite a lot of our time in our internet browser. They are incredible applications that give us such a rich experience using the internet. They are also extremely complicated and prone to there being vulnerabilities present due to such complexity. Because of their ubiquitous nature, they are very much what the criminals like to target. So it is imperative that the vulnerabilities are removed.

The browser makers have gotten very proactive about keeping their browser up-to-date, in a very inconspicuous way. It happens in the background while the browser is open. However, for the updates to properly take effect, the browser needs to be restarted. If you do this once a day, you will be well protected.

If you are the type of person that has multiple browser tabs open all of the time, this might cause you to be reluctant to do so however. There are solutions for you though.

Use the normal update mechanism:

In your browser:

1. go to the “Help->About Chrome/Firefox/Edge”
2. this will trigger the update mechanism to get all updates installed
3. when you see the button to “Restart” the browser, click on it
4. the browser will close and re-open, including all of the tabs that were previously open on it

Make sure the browser remembers where you were previously:

A word of warning here … this option has been known to fail occasionally and people have lost track of their many, many open tabs. If you don’t want to risk that, do the above instead.

Go into your browser settings and:

Chrome:

• On the menu on the left, click “On start-up”
• Click “Continue where you left off”

Firefox:

• At the top, under Startup should be the option “Open previous windows and tabs” – check that to turn it on

Edge:

• On the menu on the left, click “Start, home and new tabs”
• Click “Open tabs from the previous session”

Use a browser extension to remember your open tabs:

I’m certain there are browser extensions that can help you to manage and remember your open tabs. I won’t recommend any particular one, as I have no experience of them and I am not keen on the over reliance on browser extensions, other than the two or three I use for ad/cookie blocking and tracking prevention.

Weekly tasks:

Restart your Laptop/Desktop, Smartphone and Tablet once a week

For the same reason that we restart our browser, our devices also need to be restarted to apply any updates that may have been downloaded for the operating system. In Windows this might show as “Update and Restart” or “Update and Shut down”. Be sure to click on the appropriate one if they appear.

But it’s not just about updates in this case. If you keep Windows active and only put it to Sleep by closing the lid every evening, then after a few weeks it may exhibit unusual behaviour. Things like the mouse cursor might jump around the place or applications freeze or crash for no reason. This is because Windows is going a bit crazy (in simple terms).

You know the old IT trope?

“Have you tried switching it off and back on again?”

There’s a very good reason that this is usually the first thing we ask.

It’s because it fixes most problems that people have.

So just restart your device once a week, please. Include your Smartphones and Tablets on this.

♣ Add this to your IT Task Calendar on a Thursday or Friday.

Run an Anti Virus scan

Your anti-virus application should be able to do this on a schedule, so you can set this up to run automatically.

♣ Schedule this in your Anti Virus application to occur at a time you wont be using your device for maybe up to an hour, perhaps over a lunch break.

Monthly tasks:

Microsoft Patch Tuesday

On the second Tuesday of every month, Microsoft release updates to their products. It has become known as Patch Tuesday. We usually get them on a Wednesday in Ireland. The restart your device weekly item above, should take care of this task for you if you do it on a Thursday or Friday.

♣ Add this to your IT Task Calendar on the second Thursday or Friday.

Check for other software updates

A lot of other applications are good at checking for updates when they start up. Try to apply them when they ask for it and don’t just click “Defer” or “Later”, unless you are genuinely stuck for time.

If you do defer the updates, make sure that you have a list of applications that you use frequently. Once a month go through that list, checking their update status and applying any updates that are available.

♣ Add this to your IT Task Calendar on the third Tuesday.

Backup Checks

I have a convoluted backup strategy for my laptop, which utilises cloud storage for my critical data, local network storage and external hard drives for my backups of that data and less important items.

If you don’t have a backup strategy, start with the 3-2-1 methodology:

• Three copies of your data – one of which is your live data.
• Two backup copies held on separate media (cloud, local storage, external hard drives, magnetic tape, etc.)
• One copy offline and another offsite.

The thing about backups is, that they are badly needed, usually at a time of crisis. That is not the time to find out that an external hard drive that you are now depending on for recovering data, was dropped on the ground 6 months ago and hasn’t been properly backing up your data since.

So for each type of backup you take, restore a small, random selection of files from the backup media, to check that you can access them and that they are not corrupted in anyway.

If you want to be very thorough, you should do a complete recovery test once a year.

♣ Add this to your IT Task Calendar on the Friday before the second Tuesday.

Quarterly tasks – IT support may be needed:

Printer, Router, Firewall, Switch, IoT device update check

Virtually all hardware we use runs a type of software that is usually called firmware. Many hardware and other network devices have no robust way to notify you of updates to its firmware. Often, you need to manually check the current firmware version and compare it to the latest firmware available from the manufacturer. Care needs to be taken when updating firmware as a simple disconnection at the wrong time could cause the hardware device to fail completely (also known as being “bricked” – i.e. turning the device into something with all the functionality of a brick).

♣ Add this to your IT Task Calendar on the fourth Tuesday of the second month in the quarter.

Failover checks

This will depend on your set-up – particularly if you have any kind of high-availability requirement for things like internet or power. Carry out these checks at a time that will cause the least disruption to your business if something were to go wrong.

Connectivity:

• If you have a secondary internet connection available at all times, then fail your primary connection by disconnecting the router’s WAN port. See if all of your main applications continue to work appropriately and that your staff are able to continue doing their work. Reconnect the router’s WAN port again to restore normal operations.
• After completing the previous test, wait for 15-20 minutes. Now fail the secondary connection by disconnecting its router’s WAN port. This will prove that there is no weird configuration whereby a failure of your backup connection can cause you problems.
• If you don’t have a secondary internet connection, but plan to rely on a hotspot from a mobile phone, then fail your primary connection by disconnecting the router’s WAN port. Then set up the hotspot/tether on your mobile phone and see what connectivity you are able to achieve on that from your various devices.
• Do the above as well if you plan to relocate to another location in the event of power and internet disconnection at your main office.

Power:

• If you have generator backup for power, then you should follow the guidance provided by your registered electrician for carrying out power failure testing on the generator.
• If you are depending on an Uninterruptible Power Supply (UPS), then test it by removing power to it’s mains connection (e.g.- turning off the switch on the wall socket or tripping it’s circuit breaker on your fuse board). Do not unplug the UPS.

♣ Add this to your IT Task Calendar on the third Friday of the first month in the quarter.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a Business Resiliency service which would help you to create a proper plan for all of the above.

Contact us for more information at info@L2CyberSecurity.com.

#SecuritySimplified

The post IT Task Calendar for Small and Medium Businesses appeared first on L2 Cyber Security Solutions Ltd..

They store passwords. Surely they must be secure?

The password managers that are built into Chrome, Edge and Firefox are very simplistic and while they do stores things encrypted, the encryption can be easily broken.

A person’s Google Chrome password manager was breached not so long ago.

The thing is, these password managers are very easy to use and browsers are great at pushing them on people. Putting up nice friendly notices going “Do you want me to remember this password?” “Do you want me to remember this credit card number?” Then later on when you come back to sign into the site it will pop the username and password into the page for you. It’s all very convenient. But convenience comes at the cost of security in this case.

How is a browser password manager insecure?

If you think about it, these password managers have no real security in place. So if somebody has access to the browser, when the device is unlocked, they also now have access to your password vault.

If you were using a proper password manager they would need to know your master password and also have access to your multi-factor authentication (MFA) method. That’s because password managers have proper security on their password vaults.

What do you recommend?

The world will be a much better place when passkeys are more widely used.

Until then, I always recommend using a full-featured password manager such as Bitwarden or 1Password. These are designed to be fully secure and keep your passwords, payment card information and secure notes all nice and securely saved. There are other password managers available. Some of these might be classified as being more secure or private than the two I have mentioned. However there are some trade-offs with them in that they may need someone more technical to set them up and use them. This might be off-putting to normal people as it can be inconvenient.

I’ve got a password manager in another application. How good are they?

Some people come to me and say that their anti-virus package or their VPN has a password manager as an add-on feature. I am cautious about using such features because they may not have been developed with the same level of security as a proper password manager. They are likely only being offered as a way to lock somebody into continuing to subscribe to the anti-virus or VPN.

This is because it is easy to switch anti-virus or VPN providers. But when you are are using a password manager it is much more difficult to move and switch provider.

OK! OK! We’ll use a proper password manager. Any tips?

Some quick tips for setting up your password manager as securely as possible:

1. Choose a master password that is at least 20 characters long. Perhaps choose three or four completely random words to make up this master password. Maybe include some spaces between the words and an occasional number and special character.
2. You should also secure the password manager with a multi-factor authentication method. Ideally it should be an authentication app that generates codes or a hardware security key that you need to trigger the authentication.
3. Set the password manager to generate passwords of at least 40 characters, with all the cases, numbers and special characters turned on so that the passwords are nicely complicated. Watch out though for some websites that have limited the number of characters you can use … some as low as 10 or 12 characters, which is ridiculous.

Anything else I need to think about with a proper password manager?

Some security people think that using the browser add-on or plugin for the proper password manager is NOT very good security practice. Yes, there are risks associated with the add-on/plugin, but I think their convenience for the normal person makes password manager use more likely. But it all really depends on your threat model. If you think you’re low risk then using the add-on/plugin is probably also low risk.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

#SecuritySimplified

The post Browser Password Manager is not as secure as you think appeared first on L2 Cyber Security Solutions Ltd..

The email itself ended up in my spam/junk folder. However, not everybody uses the same email platform that I do. Chances are, because it is in Irish, it might bypass such protective systems.

What did the An post scam email look like?

Here is the email that I received:

For those of you who haven’t got the cúpla focail, it translates as:

An error occurred in the delivery process

Dear customer,
You have a package that needs to be delivered, but it has been put on hold due to an incorrect delivery address.
Edit your personal information and add a valid shipping address to complete the delivery process.

• Tracking number: DA053884562IE
• Re-delivery fee: €1.99.
• Date: 25/03/2023

Redelivery

This is an automated message, please do not reply.

Attention : If you do not update your details and enter a valid shipping address within 3 days of receiving this message, we will return this package.
The job.

I had to laugh at the last line there – An post translates to “The job”. 🤣

What happens if I made a mistake and clicked the button?

You would be brought to a website, that looks remarkably like an An Post website. In keeping with the theme of the email, it will all be in Irish. On this page you would be asked to enter lots of personal data, including payment card information. I’ve translated the various input fields in red in the image below:

One interesting thing here is that the links at the bottom of the page are all genuine An post website links and will take you to the genuine site and social media channels.

I can’t read Irish. Sure how would I know what I’m being asked for?

You mightn’t be able to translate that website. Your browser probably can and so it can be easy to potentially fall victim, particularly where you are waiting for a package to be delivered.

Is there anything that gives this away as a scam?

If this was for a genuine shipment, with some missing address data, they should show you what address information they do have and allow you to correct it. So that is the main giveaway to me.

People like me (a security nerd) will examine the address bar of a website. I know some trainers tell people they need to examine this themselves. However, that’s terrible advice, as most normal people will never do that on a consistent basis. Not only that, how can I be completely sure that this address is not correct? “anpost” is mentioned a couple of times, as well as the .com portion. Website addresses are hard sometimes:

Another big giveaway here is the “Not secure” warning. If you EVER come across that on a website, DO NOT enter any data on that website, no matter whether you think it’s a genuine site or not. Anything you type will not be transmitted in a secure manner.

HOWEVER, the scammers could easily set the website up so that the “Not secure” is not shown, so don’t be completely dependent on that as a way to avoid being scammed.

Well what would you do so mister smarty pants?

If I had something on order, I would refer back to the original shipping email and click the tracking link from that.

If that wasn’t available, then I would copy the tracking number from the An post scam email, go to the An post website and paste it into the tracking facility. It should spit out a message saying that the package can’t be found.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

#SecuritySimplified

The post An Post Scam Email Gaeilge Edition appeared first on L2 Cyber Security Solutions Ltd..

The ESB text message

The message appears to have come from “ESB” and it cannot be replied to, which gives it a certain degree of legitimacy. If you have taken my training you will know that you simply cannot trust what number is calling you or texting you, as spoofing is so common.

The message says:

You are eligible for a discounted electricity bill under the Energy support scheme.

You can apply here: https[:]//register-electric-refund[.]com

I have “defanged” that link so you cannot go to the site accidentally.

If you go ahead and click the link, you will be taken to the following web site:

The “Government” information page

That looks remarkably like the ACTUAL Irish Government Website which is here:

https://www.gov.ie/en/publication/4ae14-electricity-costs-emergency-benefit-scheme/

That is, all except for the “Verify now” button at the bottom. The criminals have effectively cloned the majority of the government’s page on this scheme. None of the links work on the page that I tested … EXCEPT for that “Verify Now” button. 🤔

The “Registration” pages

Well, if you click that, the “government” now seems to want you to register for the scheme (which is automatically dealt with by the power supply companies), so you are first asked for some personal details:

When you hit “Continue, you will then be asked to provide some billing details.

Billing details?!??!!? I thought they were giving us money, not billing us?

Well, they are probably hoping that you are used to divulging your payment card details onto website.

They do validation on the card number and the page crashed on me as I was attempting to enter a potentially valid number, so I wasn’t able to find out what happened next, but presumably they will start buying stuff on your account!

So there it is … an ESB text message scam, that could just as easily be for any of the other providers, but it’s likely only going to be the ESB as they have the most customers in the country.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

The post ESB text message scam. appeared first on L2 Cyber Security Solutions Ltd..

The eFlow Text Message

The text message she received from “eFlow” was about an unpaid toll. eFlow is an Irish motorway toll operator. (narrator’s voice: It was not from eFlow 🙄).

The message reads:

eFlow: You have an outstanding fee of 6.32 EUR due from a journey made in 2022. Please pay now to avoid incurring any penalty charges via eflow-online-services[.]com

That link has been defanged, so you cannot click on it accidentally.

If you click on the link, you will get taken to a very realistic and similar looking website, to the real eFlow one. This though, seems to have nothing to do with the unpaid toll. 🤔

What do they want you to do?

They want you to update your details with them, including payment card. This is the type of thing that you can look out for. A site asking you for lots of personal data when you’ve clicked a link. eFlow already has your data, if you are a customer. They do not need you to go and type it all in again. No matter what excuse they make up. If this was really eFlow, they would have provided the details they already held on you!

What should I do?

I hope I say this enough. We really need to stop clicking on any link that might be included in text messages. There is just no decent reason to have links sent by text message. The criminals use them, because they tend to get passed a lot of spam filters. If this was sent by email or WhatsApp it would probably get thrown into the junk folder.

I think most of you that have seen previous posts from me, won’t fall victim to such a scam, but please do share this, so others will be aware of it.

If anybody has gone through with this update, please contact your bank’s fraud number immediately.

So there it is. An eFlow text message scam. Please don’t fall for it.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

#SecuritySimplified

The post eFlow text message scam. appeared first on L2 Cyber Security Solutions Ltd..

What’s so dodgy about “My bank account has changed”?

You see Irish people don’t change bank accounts at all. If it does occur, it is a rare event, which is why there is a greater chance that it’s a scam.

Do you remember when Ulster Bank had massive IT failures in 2012 and 2015? People were unable to receive wages/salaries, pay bills, mortgages, etc. FOR WEEKS! Yet, when the dust had eventually settled, only a tiny percentage of people switched bank accounts away from them.

So even after a bank has performed terribly at customer service, people still are reluctant to change from them. So it is a very rare event here. Apparently it is quite frequent in Europe, but their banks are likely more focussed on customers than our lot.

So if somebody, who appears to be a client or supplier, contacts your business and says that they have changed bank account, then you need to be on alert and go through some steps to verify the new account (below).

By the way, this can also happen with salaries and wages. A scammer might impersonate an employee and give new bank account details to the payroll people.

Wait a minute, aren’t there some bank closures happening?

Indeed yes. For the next six months or so, there is going to be a MASSIVE number of bank accounts being changed in this country, with over 1 million accounts affected by the Ulster Bank and KBC bank closures. So there are a lot of legitimate accounts being changed.

This doesn’t mean you should drop your guard. You need to vigilant. My normal advice still stands on this. It is more important now though, as you can be sure that the criminals are going to take advantage of the confusion caused by this huge volume of change.

How do I protect myself from being scammed?

So, if someone contacts you and says the magic words “Our bank account has changed.”, do the following:

• Get them to send you a scan of the top part of bank statement with bank address, account name, customer address and IBAN.
• Make an outgoing phone call to the finance or admin person at that company, using a trusted telephone number (perhaps from their website).
• Ask them to tell you their IBAN – don’t provide it to them.
• Only then change your payment system.

Let’s be careful out there.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.

#SecuritySimplified

The post Bank account has changed – Scam alert! appeared first on L2 Cyber Security Solutions Ltd..

How is this something completely different?

For this auspicious edition of #WeekendWisdom, I thought I would introduce you to the team behind the series.

This is Scamp, who is a little camera shy. He is my eldest boy.

And this is Paddy, who is my smallest boy. But he has got the biggest personality of them both.

So what is going on?

We’ve been having meetings on our daily walks, discussing how we could possibly improve the content that we provide to you, our audience. We have some ideas which I think you might find interesting and I hope you enjoy them, but we just need a few weeks to get ourselves together. Set out a decent plan for what we are going to do and we will be back sometime in November. It might be called something different, so this will actually be the last #WeekendWisdom, I’m afraid.

But it will be something similar. It will be a weekly video post with some hopefully interesting content that you will enjoy.

TTFN

So that’s it for this week. Lets be careful out there and we’ll talk to you again ………….

The post #WeekendWisdom 100 Something Completely Different appeared first on L2 Cyber Security Solutions Ltd..

Why is this a thing

If criminals break into a company’s systems and steal their data, its called a data breach, taking lots and lots of data belonging to a company. They may then try to sell this data on some underground forums, where they might try and sell it to other criminal gangs, for their use.

But there are also, usually, good guy security researchers in those forums too, keeping an eye on things. If they come across some company’s data being trying to be sold, they may try to notify the company that there has been a breach as they may not be aware of it. Sometimes the security researchers find it difficult to get through to these companies to make contact with somebody that they can discuss this data breach.

How can using the security.txt file help

That’s where the security.txt file comes in. This is just a simple text file that contains some contact information for somebody in the security area or in IT. Somebody that would be reachable by email and maybe if you want to do it securely they may also include the public encryption key for the email to make sure that all communications are kept secured so that the security researchers can reach out and contact the company. They can use the contact address and get in touch there to report the data breach and maybe other vulnerabilities that they may have discovered.

Where can I find out more

So it’s always good to have this and it’s usually placed on your website in a well-known location. Here is the security.txt proposed standard.

So if you have a website, set-up this security.txt file for it.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 099 Using the security.txt file appeared first on L2 Cyber Security Solutions Ltd..

No. There is no Facebook bashing here. Just the fax mam. 😎

Where were you on the late afternoon, early evening when Facebook and Instagram and WhatsApp were all down for nearly 6 hours?

What had happened to them was that they were making a routine change to their network configuration. But there was a bug somewhere in it, that caused them to basically disconnect completely from the internet. So nobody on the internet could see Facebook, Instagram, WhatsApp or any of their services. But not only that, this bug also cut off their internal access to their systems. So they could not even see their own email or messaging systems internally and this also prevented the engineers who had made the change from being able to get access to the equipment that they put the change onto and to try and reverse it.

Lessons from the Facebook Outage

So what can we learn about this? Well, I suppose the thing is, the way Facebook are set-up, they seem to have everything is in one big giant bubble that they all use internally. So all their eggs are in one basket. But if you were in an environment where a change like that could take out your entire environment, you might want to consider having some other alternatives that are not based on your internal network.

What could you use

So instead of using WhatsApp you might consider using something like Signal for messaging or even come back to good old fashioned text messages. Have some other kind of, what they call, out-of-band way of being able to communicate internally and be able to get around any kind of outage like this that might occur.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 098 Lessons from the Facebook Outage appeared first on L2 Cyber Security Solutions Ltd..

More on Zero Days?

In last week’s #WeekendWisdom number 96, I explained what a zero day was. The reason I brought up this topic in the first place was because, as at that date, 2021 had already become a year where there was a record number of zero days being detected.

How is it a record number of zero days?

The number that was reported then was like 66 zero days:

• 20 were associated with Microsoft products
• 15 zero days were associated with Apple products, which people think Apple is the most secure platform … maybe not
• Google had 11 zero days

So previous years there might have been 40 or 50 zero days detected in the whole year. But here we are still in September and we’ve already blown through those records.

Even in just the last week since I recorded the last #WeekendWisdom, there have been four more zero days detected. Three of them associated with Apple products and one with Google Chrome.

So this really is turning out to be a year of the zero days. They really are happening a lot.

How do you protect yourself

So please folks be sure that you put in place good robust patching process to make sure you keep all your software up to date as early as possible. Also do things like keep your backups, do good backups, test the backups to make sure that you can recover from those backups and also make sure you train your staff. But keep your software patched.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 097 Record Number of Zero Days appeared first on L2 Cyber Security Solutions Ltd..