vpn

Changing Password over VPN

Even with so many working remote in these tumultuous times, security practices such as regular password expiration dates keep looming before us. While we at designDATA are always here to walk you through how to handle this process, here are some tips on how you can do so yourself!

While you are working in the office, you have the convenience of being on the same network as your domain, meaning that if your password needs to be changed, all you need to do is the simple CTRL+ALT+DEL to pull up the ‘Change a Password’ menu.
While the process is largely the same when remote, you also need to make sure that you are connected to your VPN, which simulates being connected to your office network. For most of our customers using the Sophos VPN, that will be the little traffic light icon you should find in the lower right-hand corner of your screen.

Once connected to the Sophos VPN, you can enter the ‘Change a Password’ screen as normal by pressing CTRL+ALT+DEL, and choosing your password. Remember that you will need to enter your new password twice, just as a confirmation!

Once you’ve changed your password, make sure you’re still connected to the VPN by checking to see that the icon is still showing the “green light” and then LOCK your computer twice. This is to ensure the new password is confirmed both on the network as well as on your local computer, as it doesn’t always do so the first time around. If you want to be absolutely sure that it has worked after locking and logging back in twice, you can also sign out and back into the VPN. If you can sign back in, it’s been changed at the domain level as well!
If you’re working from a Mac, or you aren’t a VPN user, your instructions will be different and are specific to your organization. Please contact the designDATA service desk for assistance.
Remember, if you have any issues with any of this, our technicians are standing by to help assist you with your password update or any other needs. We can be reached at service-request@designdata.com, or by calling your client-specific service desk numbers, 24/7.

A primer on watering hole attacks

Cyberattacks come in many different forms, with new methods being developed all the time. What’s bad is that personal information is now often stored online, be it through social media or through government and healthcare services — and these are juicy targets for criminals. Learn more about one way these criminals steal data — through watering hole attacks.

What are watering hole attacks?

Watering hole attacks are used to distribute malware onto victims’ computers in a similar way phishing activities are conducted. Cybercriminals infect popular websites with malware, and anyone who has had the misfortune to visit have their computers automatically loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

With such highly skilled hackers these days, virtually any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips:

Update your software
Watering hole attacks often exploit holes and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely
Regularly conduct security checks using your network security tools to try and detect watering hole attacks. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature. Also, block social media sites from your office network, as these are often used as share points of links to infected sites.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

Published with permission from TechAdvisory.org. Source.

Benefits of using a VPN

While using a virtual private network or VPN isn’t a silver bullet to online privacy threats, it still offers crucial security benefits, especially if any part of your day involves using unsecured channels such as public Wi-Fi. Given its importance, how do you pick the right one and what factors do you need to consider?

What is a VPN?

The best way to describe a VPN is as a secure tunnel between your device and destinations you visit on the internet. Once you’ve established your PC’s connection to a VPN server, your computer acts as if it’s on the same local connection as the VPN making it seem you moved to a different location. As far as websites are concerned, you’re browsing from that server’s geographical location, not your computer’s actual location.

When you surf the web through a VPN, all the data transmitted and received is also encrypted, preventing anyone — from hackers to government agencies — from monitoring your online activities.

Why should you have one?

Of course, security and privacy are major reasons why you would want a VPN. For example, if you’re connected to a public Wi-Fi network — like the ones you typically encounter at local cafes and airports — using a VPN encrypts the information you’re sending or accessing online. This means your credit card details, login credentials, private conversations, or other sensitive documents can’t be intercepted by a third party.

VPNs are also useful for accessing geo-restricted websites. If you’re traveling abroad and certain US websites are blocked in that region, you can connect to a VPN located in the US to access the sites you need.

Which VPN should you choose?

Given the increasing demand for secure online privacy, VPNs are surging in popularity. The following considerations can help you find the right one.

1. Cost
While free VPNs are available, we strongly suggest you avoid them as they could keep logs of your internet activity, and in some cases sell them to data brokers or worse, cybercriminals.

Maintaining a VPN service is also expensive, which means the free ones will likely plaster ads on your browser to make a quick buck.

Paid VPNs like SurfEasy and StrongVPN often come with more robust features and configurations that keep you secure. Prices differ depending on a VPN’s features and subscription length, and remember that how you pay is also important. Some VPNs offer anonymous payment systems like bitcoin while others allow you to use gift cards to avoid giving out your personal information.

2. Location
The physical location of VPN servers is important if you want to access region-blocked websites. So if you’re planning on accessing a UK-based service, your VPN provider must at least have servers installed in London.

3. Capacity
Read through a VPN provider’s terms of service to determine how much data you’re allowed to use. If possible, find out how many servers a VPN provider has. If they have plenty of servers online, you can rest assured that they have the capacity to support your internet browsing.

4. Device compatibility
Another important factor to consider is whether the VPN can be used across multiple devices. Nowadays, employees work on laptops, tablets, and smartphones, so you’ll want a VPN that’s compatible with all these.

5. IP leaking
Beyond the fundamental nuts and bolts of the VPN protocol, there are other challenges like dealing with leaky tunnels, which means your IP address could be tracked. A great way to evaluate a VPN service is to sign up for their free trial service and visit https://ipleak.net. This will allow you to check whether your real IP address is actually being leaked. If it tracks your physical location, you should opt for a more reliable VPN service.

VPNs are now a vital component of cybersecurity, and if you need help selecting the right one for your business, consult with our security experts today. We also offer comprehensive cybersecurity services so no hacker or third party can get their hands on your data.