How to encrypt your data for free!

Last month, the Talk Talk cyber-attack resulted in the theft of a substantial amount of sensitive customer data, in the region of:

28,000 credit card/debit card details

15,656 bank account details and sort codes

15,000 dates of birth

1.2 million Email addresses, names and phone numbers

This was Talk Talk’s third attack of this kind in the last 12 months, putting the company firmly on the ever-growing list of multinationals to have suffered a major cyber-attack. The question is, if large corporates such as, Sony, EBay, Carphone Warehouse and Talk Talk (with their expert IT departments and security specialists), can’t prevent hackers from infiltrating their networks, what chance do smaller companies and home users have?

Talk Talk’s CEO, Dido Harding couldn’t confirm whether the data of around 4 million customers had been encrypted or not and when asked why, she didn’t know and responded stating that it wasn’t a ‘legal’ requirement to do so. Ok, so it isn’t required by law but surely any company, regardless of size has a duty of care over their customers’ private data?

The fact is, encryption isn’t a hard thing to implement. It won’t guarantee total prevention of a data leak but together with other security tools, like firewalls, email filtering, intrusion prevention systems, patching and anti-virus, it adds another important layer of protection.

Together with our partner Kaspersky, we’ve outlined the top 5 benefits of encryption:

  1. Full protection of data – Securely encrypted data is completely protected, even if it is stolen. Why? If, for example, a file is encrypted with 256-bit AES, it would take a hacker more than a lifetime to crack the code using the brute-force method.
  2. Security across your devices – Many companies are currently struggling with the boom in smartphones and tablets. Whether administrators like it or not, data is pouring out of companies and being distributed among the most diverse of devices. Encryption removes the stress from this situation, as it ensures that data remains secure, regardless of the device on which it is stored.
  3. Safe transmission of data – Users sending files via email or distributing them via a cloud server can use encryption to ensure that no unauthorised user can view them.
  4. Retain data integrity – Targeted data theft is one thing, but another way to misuse data is through manipulation. Even though a hacker may have absolutely no interest in the information in question, he or she can manipulate specific data to disrupt corporate communications. If encrypted data is used, the recipient will definitely notice that it has been tampered with.
  5. Ensure compliance – IT departments often have to comply with legal or contractual regulations on data protection. These may involve archiving banking data or providing special protection for customer information. In many cases, encrypting the data involved is the easiest way to comply with these rules.

If you are a home user or a small company looking to encrypt your data, lifehacker.com recently published their poll to establish the most popular ways of using encryption for free, with these desktop tools:

  • Veracrypt (Windows/ OS X/Linux) – MOST POPULAR – 40% of the vote
  • 7- Zip (Windows/OS x/Linux) – RUNNER UP – 20 % of the vote

Netshield’s IT security specialists have a wealth of experience and can offer expert advice. If you are a company and not sure where to go next with your IT security, we can arrange a full security health check across your network starting at just £295 (+VAT). Your data is your business – let us help you keep it secure.

Call us on 0333 200 1636 or email info@netshield.net for more details.

CryptoLocker – The New Kid on the Block for Trojan Ransomware

Cryptolocker Trojan Ransomware

Watchout for Cryptolocker! It claimed over 10,000 victims within a week.

CryptoLockerA new variant of Trojan Ransomware has recently appeared in the world of cybercrime; but, it is not just a typical piece of RansomWare

When it infects a system it would encrypt your data using a strong cryptography and the cybercriminals will hold the users’ data hostage until a ransom is paid. The users are usually infected by an email with an attach .exe file and when opened, it will execute scripts to encrypt all the users’ data. It has been reported the ransom demands are for either $300 US dollars or Bitcoins. However,  there is no guarantee the decryption of the data will occur after the ransom is paid.

CryptoLocker is spreading fast in phishing campaigns and it has been reported it can be sent as a fake delivery notification or an email from a financial institution.

According to Kaspersky’s Costin Raiu the primary target for this Trojan Ransomware is ‘US and UK, with India, Canada, Australia and France being second-tier targets’ and the National Crime Agency (NCA) in a recent BBC article said ‘Small to medium businesses seem to be the target’ and there are ‘significant risks’.

Protect yourself

It is important to have anti-virus protection in general but with over 10,000 people falling victim to CryptoLocker within a week, it further highlights the need to have a good level of IT security in place. But this is usually not the case, as anti-virus is often considered after one becomes a victim.

From a B2B perspective it is always suggested to have a layered approach to IT security i.e. having a firewall, anti-virus, endpoint security, email security products to limit inbound email threats. From personal use perspective having anti-virus in place is essential.

Email Security products such as NetMail will help protect users’ from this type of trojan by blocking .exe files as a rule. However, CryptoLocker can also infect systems via physical media, websites etc so, anti-virus and malware detectors are essential, to help create a strong defence to keep those criminals off your devices and networks.

So be extra careful and do not open those .exe files unless you know exactly who it is from.

Contact us today to find out more about IT Security and how we can help protect your business.