One of these ?things? in the news at the moment is a BB-8 droid toy built by Sphero. This toy, consisting of a typical Sphero, is a commercially available, app-controlled, robotic ball, that has been painted up like BB-8, the mischievous Droid from Star Wars Episode VII: The Force Awakens and marketed to people who want their very own droid. How can a seemingly irrelevant toy be at risk? In a recent report, security experts were able to exploit a bug and ?hack? into a BB-8 toy through its integrated wireless communication systems. This allowed them to inject code into the phone, which couples as the device?s remote. In the report, hackers were able to take full of control over the device in what is called a man-in-the-middle attack. While this particular case doesn?t reveal anything perilous, a man-in-the-middle attack can potentially be very dangerous if targeting something of substance. Man-In-the-MiddleIt?s not hard to understand what a man-in-the-middle attack is. For an analogy, you can go back to the first grade. Remember the game ?telephone? that you used to play when you were a child? A man-in-the-middle hack produces similar results. Essentially, a person sends a message and the recipient receives it, but in the process of being relayed the message, someone adds or omits some crucial element of the message. Just imagine that instead of the sentence, ?Jane runs through the forest,? the message that was interrupted and manipulated is a customer?s credit card number. To completely understand the man-in-the-middle attack, you need to realize that, with the advent and use of wireless systems, more entities are at risk for this type of hack than ever before. This is why it?s important to implement safeguards to ensure that the information you send, regardless of whether you?re sending instructions for a toy from your smartphone, or an essential file from a PC to your server. You need to make sure that your commands are sent securely and get to the recipient in the way the sender had intended. Precautions such as remote monitoring and management, that include intrusion detection, and other protocols that work toward cyber security, are good solutions to combat potential network security. Potential for Attacks Require SolutionsWireless technology has altered a great many things. Cumbersome, wired systems that people have had to fumble with, are largely a thing of the past. Now people have to determine whether or not wireless systems are secure to use, and if they aren?t, they have to do what they can to secure them. There are literally hundreds of solutions to help users secure their devices, whether it be from a mobile device or a PC/Mac running off a wireless network. In some cases, however, an inconsequential and seemingly irrelevant piece of the puzzle (like in this case, a toy with buggy software), could potentially leave you exposed.

The first thing that you need to know about GIFs is that they can be downloaded, uploaded, and shared in the same way as most other digital image formats, like JPEG and PNG files. GIFs are easy enough to use, but to really take advantage of them you?re going to want to know how to search for and make them. Searching the Web for a GIFDo you have a specific GIF in mind that you?d like to use? Perhaps a clip from your favorite movie, or of a silly reaction? If so, you can easily search the web for it using Google Search. To do this, simply type into Google?s search bar what you?re looking for and hit Enter. Next, select Images > Search Tools > Type > Animated. From here, you?ll see a page full of with relevant images. Note: in order to see what the GIF?s animation looks like, you actually have to click once on the image, otherwise it will appear as a static image. Although, be careful not to double click the image or you?ll be taken to the website where the GIF originates from. To download the GIF, simply right click it, and select Save image as… Making Your Own GIF From YouTubeIf you can?t find the perfect GIF, then you can use any of the millions upon millions of YouTube videos to make your own! To do this, first go to YouTube and find the perfect video (or upload one). Next, copy the URL of the video, located in either the form at the top of your browser, or below the video after selecting Share. From here, go to gifs.com and paste the video?s URL in the provided form. Next, select Create GIF. You will now be taken to a new page showing your YouTube video alongside video editing tools. As prompted by the text boxes, give your GIF a title in the top form. Next, move the slider to where in the video you want your GIF to begin and end. Or, you can manually enter the GIF?s start time in the Start time form. Next, determine the duration of your GIF. By default, it?s set to five seconds. Be sure to adjust the clip?s time span as needed. Additionally, you can fine tune the timing of your GIF by hovering over the Duration form and selecting the up and down arrows. Lastly, you can add captions to the GIF by selecting Add Caption to the left of the video and following the directions. As you make edits to your GIF, a preview of your work will be displayed. Once you?ve got everything exactly how you want it, select Create GIF. Gifs.com will now generate your file and take you to a new page displaying your GIF. To the right of the GIF is the GIF?s URL, file path (for downloading purposes), and the embed code. If you wish to share your GIF creation over social media, then take advantage of the various social media icons provided by the website. After going through these steps, you can now call yourself a GIF master and populate the Internet with even more great GIFs.

What is social engineering?With social engineering, someone attempts to gain access to passwords and other sensitive information not through technical savvy, but by using various psychological tricks to gain your confidence and fool you into granting unwarranted privileges or access to protected data.For example, an individual may pose as a customer service representative for a software company or as IT personnel; they then talk their way into obtaining your data and exposing you to further attacks. Other tactics include impersonating a colleague or potential associate via email or social media. In other situations, they may start out as strangers and then befriend you, gaining enough of your trust to get you to click on a malicious link in an email and download malware to your system. They may also try to find out enough about you to guess your password or your responses to password recovery questions in order to gain access to your accounts. How can you prevent social engineering scams?These types of scams often come as a surprise. They exploit people’s ready tendency to extend trust and accept explanations at face value. However, there are ways to reduce your chances of getting taken in by social engineering. The following are five tips: ?    Raise awareness among your employees. If employees are aware of the risks and get introduced to the tactics commonly used in social engineering, they’re more likely to remain cautious even when approached by charismatic, confident, and seemingly trustworthy individuals. It’s less likely that they’ll accept information at face value. Offer training programs, and demonstrate to employees how sensible preventive measures can better protect them from scams in their personal lives, not only at work. Stress how important it is to pause and think instead of automatically clicking on links or disclosing sensitive information. ?    Devise and enforce a comprehensive security policy. For example, you can institute rules about the kinds of files employees are allowed to download on company devices, and the kinds of information they’re allowed to disclose on social media or in-person (or even just leave out in the open on their desks). Be sure to check up on whether or not they’re taking these policies seriously. Turn lapses into opportunities to once again discuss the consequences of poor security and the importance of caution. ?    Adopt layers of protection. You should have in place a series of checks for confirming identity and detecting impostors. For example, if someone shows up at your office claiming to be a computer technician, your employees would check for appropriate identification and call up the company the technician allegedly works for. Another strategy is to share information or suspicions about hacked accounts; for instance, if one of your employees thinks their email account has been compromised, they should notify everyone else. ?    Pay especially close attention to new employees. Because new employees are less familiar with your company and the people you employ on the outside, they’re more susceptible to getting tricked. ?    Model secure behavior. As a leader within your company, your employees will look to you for examples of safe practices and cautious behavior. If you pick security questions that are easily guessed or get lax about access to your network and servers, your employees won’t take your cyber security initiatives seriously. Remember that there’s […]

What is social engineering?With social engineering, someone attempts to gain access to passwords and other sensitive information not through technical savvy, but by using various psychological tricks to gain your confidence and fool you into granting unwarranted privileges or access to protected data.For example, an individual may pose as a customer service representative for a software company or as IT personnel; they then talk their way into obtaining your data and exposing you to further attacks. Other tactics include impersonating a colleague or potential associate via email or social media. In other situations, they may start out as strangers and then befriend you, gaining enough of your trust to get you to click on a malicious link in an email and download malware to your system. They may also try to find out enough about you to guess your password or your responses to password recovery questions in order to gain access to your accounts. How can you prevent social engineering scams?These types of scams often come as a surprise. They exploit people’s ready tendency to extend trust and accept explanations at face value. However, there are ways to reduce your chances of getting taken in by social engineering. The following are five tips: ?    Raise awareness among your employees. If employees are aware of the risks and get introduced to the tactics commonly used in social engineering, they’re more likely to remain cautious even when approached by charismatic, confident, and seemingly trustworthy individuals. It’s less likely that they’ll accept information at face value. Offer training programs, and demonstrate to employees how sensible preventive measures can better protect them from scams in their personal lives, not only at work. Stress how important it is to pause and think instead of automatically clicking on links or disclosing sensitive information. ?    Devise and enforce a comprehensive security policy. For example, you can institute rules about the kinds of files employees are allowed to download on company devices, and the kinds of information they’re allowed to disclose on social media or in-person (or even just leave out in the open on their desks). Be sure to check up on whether or not they’re taking these policies seriously. Turn lapses into opportunities to once again discuss the consequences of poor security and the importance of caution. ?    Adopt layers of protection. You should have in place a series of checks for confirming identity and detecting impostors. For example, if someone shows up at your office claiming to be a computer technician, your employees would check for appropriate identification and call up the company the technician allegedly works for. Another strategy is to share information or suspicions about hacked accounts; for instance, if one of your employees thinks their email account has been compromised, they should notify everyone else. ?    Pay especially close attention to new employees. Because new employees are less familiar with your company and the people you employ on the outside, they’re more susceptible to getting tricked. ?    Model secure behavior. As a leader within your company, your employees will look to you for examples of safe practices and cautious behavior. If you pick security questions that are easily guessed or get lax about access to your network and servers, your employees won’t take your cyber security initiatives seriously. Remember that there’s […]

One way to do this is by using Windows 10?s built-in PIN system. Here?s how you can set up a PIN number, including how you can change or reset it if need be. Why Use a PIN?Using a PIN offers a few unique benefits over the traditional password. For example, Windows 10 uses the same password as your Microsoft account, which means that if this password is stolen or compromised by a hacker, they can access other services tied to your Microsoft account. If you?re using a PIN to access your PC, the PIN is unique to your Windows 10 device, meaning that a hacker would have to locally enter the PIN, making it a much less risky gambit than using a password. Add a PINFirst, you need to click on the search bar at the bottom of the screen and type Settings. Then, select Sign-in options in the left column. Scroll down to the PIN section in the right column, and click Add. You?ll then be prompted to verify your password. Once you?ve done so, click OK. Next, you?ll be taken to the Set up a PIN page. All you need to do is type your desired PIN in the provided forms. The only criteria required for a PIN is that it needs to be between four and nine characters long, but you need to make sure that it?s not something that can easily be guessed. Be sure to keep these pointers in mind: The longer the PIN, the better the security: You?ve heard all about how using a complex password is a best practice, and the same can be said for your PIN. Make it as long as possible– this makes it more difficult for hackers to guess. Refrain from using PINs from other accounts: Everyone has credit cards that they use a PIN for, but these numbers shouldn?t be used for every single account you have. You should have individual PINs for each of your different accounts. Otherwise, one compromisation could lead to multiple breaches. Use as many different numbers as possible: In much the same way that a password should contain variable letters, you want to stay away from short PINs with largely the same number. Change or Reset Your PINWindows 10 makes it easy to change your PIN. You need to navigate back through Settings > Accounts > Sign-in options, and tap Change underneath PIN. You?ll then be taken to the Change your PIN screen. If you need to reset your PIN, click I forgot my PIN next to the Change button. This will let you reset your PIN. Keep in mind that you?ll need to use your current account password to do so. For more great tips, be sure to subscribe to White Mountain IT Services?s blog.