Android security basics for all device owners

Android security basics for all device owners

This is a guest post from our friends over at TechWarn

The most popular mobile operating system in the world is Android, with more than 2 billion monthly active devices. One of the reasons as to why Android is so popular is because of its flexibility, particularly on application platforms. Android users are not confined to Google Play Store when it comes to downloading apps. They are able to easily download apps that are not included in the app store by using third-party app banks.

The kind of openness demonstrated by Android enables developers to work in an environment that is more relaxed with respect to regulation. However, this flexibility results in some form of abuse that allows some bad applications in the form of malicious APKs to enter the system. For this reason, hacking and other cybersecurity threats are also prevalent in the Android ecosystem. It is important to note that Android is built with practical and powerful features that you can use to ensure that your device is secure. Below are tips to help you know how to protect your Android device.

Android VPN

A VPN (Virtual Private Network) helps you safely connect to the internet by hiding your online actions and your location thereby removing any security or privacy threats. Android VPN works to deliver an internet connection that is secure by using private servers located in remote areas. When you connect to a VPN, all the data moving between your Android device and the website is encrypted to reduce access to your online information. This means that even hackers will be unable to access this information.

For you to browse online safely, you need a VPN that operates on Android phones or gadgets. VPNs have become popular because of the increasing number of cases of data theft through malware attacks or hacking. Most of these attacks occur on Wi-Fi networks that are not secure. If you are a frequent user of public Wi-Fi, you have to undertake measures to ensure that your online activity is secure over the connection. The good thing is that all Android devices are compatible with an Android VPN.

Antivirus Software

Android devices are becoming increasingly susceptible to various forms of viruses and malware. Ensure that you install antivirus software in your Android device in order to protect yourself against malware attacks and other forms of cybersecurity threats. In the event of a malware attack, the antivirus app on your Android device will intercept malicious attachments and links before the malware is installed in your device. It is important for you to install a credible anti-malware app in your Android device for it to effectively scan and eliminate viruses and malware.

On Device Encryption

Most people have sensitive information like emails, contacts, and financial information in their Android smartphones. You should use on-device encryption to protect this information from being accessed by snoopers and hackers. Do this by going to ‘Settings’ then to ‘Security’ then to ‘Encrypt Device’ and follow the prompts to encrypt your Android device. On-Device Encryption ensures that the information in your Android device is protected when you lose your phone by scrambling the data stored in your phone so that nobody will be able to access your personal information.

Two Factor Authentication

Two-factor authentication is a Google feature that is not specific to Android. However, if you use Google services, you need to know that the overall security feature of the device is connected to your Google account. Two-factor authentication helps you to secure your phone by enabling you to lock down Google services. For you to activate it, you need to log in to your Google account and go to ‘Security’ then to ‘2-Step Verification. Every time you want to access your account, you will receive a verification code through voice calls or SMS.

The popularity of Android has made it a leading target for hackers. Due to the sensitive data stored in your Android device, you need to ensure it is secure. Protect your Android with the above tips.

 

The Power of Two

The Power of Two

A one-time password (OTP) is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid a number of shortcomings that are associated with traditional (static) password based authentication; a number of implementations also incorporate two factor authentication by ensuring that the one-time password requires access to something a person has (such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cellphone) as well as something a person knows.

The most important advantage that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to abuse it, since it will be no longer valid. A second major advantage is that a user who uses the same (or similar) password for multiple systems, is not made vulnerable on all of them, if the password for one of these is gained by an attacker. A number of OTP systems also aim to ensure that a session cannot easily be intercepted or impersonated without knowledge of unpredictable data created during the previous session, thus reducing the attack surface further.

OTPs have been discussed as a possible replacement for, as well as enhancer to, traditional passwords. On the downside, OTPs are difficult for human beings to memorize. Therefore they require additional technology to work.

An extra layer of security that is known as “multi factor authentication”

In today’s world of increasing digital crime and internet fraud many people will be highly familiar with the importance of online security, logins, usernames and passwords but if you ask them the question “What is Two Factor Authentication?” the likelihood is they will not know what it is or how it works, even though they may use it every single day.

With standard security procedures (especially online) only requiring a simple username and password it has become increasingly easy for criminals (either in organised gangs or working alone) to gain access to a user’s private data such as personal and financial details and then use that information to commit fraudulent acts, generally of a financial nature.

How does it work?

Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.

Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity.

Historically, two-factor authentication is not a new concept but its use has become far more prevalent with the digital age we now live in. As recently as February 2011 Google announced two factor authentication, online for their users, followed by MSN and Yahoo.

Many people probably do not know this type of security process is called Two-Factor Authentication and likely do not even think about it when using hardware tokens, issued by their bank to use with their card and a Personal Identification Number when looking to complete Internet Banking transactions. Simply they are utilising the benefits of this type of multi factor Authentication – i.e. “what they have” AND “what they know”.

Using a Two Factor Authentication process can help to lower the number of cases of identity theft on the Internet, as well as phishing via email, because the criminal would need more than just the users name and password details.

So if you’re in need of some help securing your system, or even just some free friendly advice, get in touch with us on 0800 878 878 or email office@techs.co.nz

Viruses are getting smarter

Viruses are getting smarter

Ransomware Example

What would your first thought be seeing the above on your computer, laptop or cellphone? Would you start to wonder “What has my family been looking at?” or “What have I come across browsing the internet by mistake?”

Within the last year we have been seeing an increasing trend in viruses called Ransomware.

‘Ransomware’ is a type of malware/virus that attempts to extort money from a computer user by infecting and taking control of the victim’s computer, cell-phone, or the files or documents stored on it. Typically, the Ransomware will either ‘lock’ the computer to prevent normal usage, or encrypt the documents and files on it to prevent access to the saved data.

The ransom demand will then be displayed, usually either via a text file or as a webpage in the web browser. This type of malware leverages the victim’s surprise, embarrassment and/or fear to push them into paying the ransom demanded. Ransomware may arrive as part of another malware’s payload, or may be delivered by an exploit kit such as Blackhole, which exploits vulnerabilities on the affected computer, device to silently install and execute the malware.

In almost all cases, payment of the ransom still does not restore the computer to normal use. As such, we strongly recommend that no payment be made and give us a call straight away. You may have never heard of this type of virus or even been affected. Prevention is simple, make sure to have up-to-date antivirus (Eset nod antivirus for example). Stay away from unsafe websites (Adult content, kids free game downloads or pirated music, movies or tv shows). Good idea if you have kids is to take interest in what they do online so they and your computers are safe.

Backups are also highly recommended; there was a case in America recently when a police station themselves was hit with another type of randomware that encrypted all computers and network drives, files. Due to this police station having no backup, the police had to pay the ransom (At least the criminals were honest enough to send the police the de-crypt code to unlock the police station pcs !).

Remember we are here to help you regarding any Information Technology issues like viruses or malware. We are but a phone call away.

So if you’re in need of some help with Viruses, or even just some free friendly advice, get in touch with us, 6-370 8093.

To discuss how Tech Solutions can help call us on 0800 878 878 or email office@techs.co.nz.

Tracking a Lost or Stolen Mobile Device

Tracking a Lost or Stolen Mobile Device

You have misplaced your mobile device; your phone or iPad or tablet is gone! Stolen! Lost! TIME TO PANIC! Yes? No, it is not time to panic (yet) as there are several ways to locate your device. If you locate the device and it has been stolen, not lost, ensure you contact the police rather than going to get it yourself.

Do the simple things first. Call your phone, can you find it that way? Someone else can possibly answer the call. Sending your phone a text, especially with a reward offer, can help too. Always apply common sense around meeting people to get your device back. If neither of these work then it’s time to get technical!

Can Android, Windows or Apple help?

Yes they can, by default, Windows, Android and Apple devices have limited capabilities to find your device. If you have not set your device up the standard way these may not work. Also unless your device has a keypad lock enabled anyone who can access your settings can turn these settings off. Apple and Android offer these services more of a way to protect your data on the device than stop/discourage theft, however see ‘Prevention is better than cure’ below. They also work only if the phone is both on and online.

Apple: Apple uses a cloud based service called “Find my iPhone/iPad/Mac”. You must have enabled iCloud and enabled “find my iPhone” on this device before this will work for you. Head over to icloud.com and log in using your Apple ID credentials. Once signed in, you should see your iCloud dashboard with different icons. Click on the “Find My iPhone” icon. From here you can see all your devices and their location. The device can be made to play a sound, in case you lost it down the back of the sofa! You can also activate “Lost Mode” which locks down the device and displays the message of your choice. As a last resort, and this will mean ‘Find my iDevice’ won’t work anymore, you can erase all data too (factory reset).

Android: The Android OS has a service called Android Device Manager (ADM). You must have enabled Location Services to locate your phone and also enabled remote wipe to wipe it. Head over to google.com/android/devicemanager and log in with your Google ID. From there you can see you devices and their locations, if enabled. Each phone will give you the option to ring, lock or (if enabled) as a last resort wipe the device.

Prevention is Better than Cure

As always it is best not to lose it in the first place, but being prepared for the possibility is second best. By default most mobile devices can be found, just ensure the settings are enabled as mentioned above and (for your security) enable some form of lock screen code. There are some apps that you can install now to really help you can recover your device in the future. These apps have anti-theft (and anti-malware in the case of Android) in mind, not just the data protection offered by default. For further help with these applications or any concerns with your mobile device contact us here at Technology Solutions

Android Anti malware and Anti-theft

Avast! Free Mobile Security http://www.avast.com/en-nz/free-mobile-security

ESET Mobile Security & Antivirus http://www.eset.com/us/home/products/mobile-security-android/

Android & Apple Anti-theft only: Lookout https://www.lookout.com/features/ios

So if you’re in need of some help tracking your device, or even just some friendly advice, get in touch with us.

To discuss how Technology Solutions can help your business call on 0800 878 878.

How to Make a Strong Password

How to Make a Strong Password

Two essential password rules:

Following two rules are the minimum that you should follow when creating a password.

Rule 1 – Password Length: Stick with passwords that are at least 8 characters in length. The more character in the passwords is better, as the time taken to crack the password by an attacker will be longer. 10 characters or longer are better.
Rule 2 – Password Complexity: Your password should contain at least one character from each of the following groups.

  1. Lower case letter
  2. Upper case letter
  3. Numbers
  4. Special Characters

This is often called the “8 4 Rule” (Eight Four Rule):

  • 8 = 8 characters minimum length
  • 4 = 1 lower case + 1 upper case + 1 number + 1 special character.

Just following the “8 4 Rule” will ensure your passwords are much stronger than before for those of you who don’t follow any guidelines or rules when creating a passwords. If your banking and any financially sensitive website passwords doesn’t follow the “8 4 Rule”, I strongly suggest that you change those passwords as soon as possible to at least follow the “8 4 Rule”.

Guidelines for creating strong passwords:

  1. Follow “8 4 Rule
  2. Unique Characters. Should contain at least 5 unique characters. You already have 4 different character if you’ve followed “8 4 Rule”.
  3. Use a Passphrase.  Use a ‘passphrase’ to easily remember the passwords. You can use initials of a song or a phrase that are very familiar to you e.g. “ At Technology Solutions, we love strong passwords!” can be converted to a strong password “@TS0l,wlsp!”

Another method of ensuring the use of strong passwords, and dealing having to remember lots of them, is to use a password manager. A password manager gives you the option of totally random and long passwords, and means you don’t have to remember them all. I will cover the pros, cons and best practice of the current best password manager, LastPass, in the next newsletter.

To discuss how Tech Solutions can help call us on 0800 878 878 or email office@techs.co.nz.