Password for your wifi

A password is one of the simplest and strongest ways to deliver high-strength IT security, but it’s also one which has the potential to cause great damage.

We use passwords on such a regular basis that their presence has become the norm. Logging onto your PC in the morning requires a password, unlocking your PC screen is only possible with a password and signing into your webmail needs, you guessed it, a password. In fact, such is their ubiquity, one study has estimated, on average, we use 100 passwords. And remembering all of these is difficult! Therefore, it comes as no surprise that many of us use the same password across multiple platforms. But this is one of the biggest mistakes you can make in IT.

The Dangers of Recycling Passwords

It may be quick and easy to recycle your passwords, but there are some major reasons why IT professionals advise against it:

  • Passwords need to be complex: rather than recycling passwords, some people favor site specific passwords e.g. using ‘password123gmail’ for Gmail and then ‘password123facebook’ for Facebook. While this may be enough to outwit an automated bot, a sentient threat actor will be able to easily put 2 + 2 together and uncover your strategy. As such, you need passwords which are both unique and complex.

Creating Different Passwords

As we’ve already said, creating different passwords doesn’t have to be difficult, and you don’t even have to remember them. All you have to do is:

  • Use a password generator: from Google Chrome to LastPass and on to security providers such as Norton, there is plenty of choice when it comes to using technology to generate a password. These applications take your passwords to the next level and will never suggest something as simple as Qwerty123. Instead, they will generate complex passwords which include numbers, mixed case letters and symbols.
  • Store your passwords securely: as well as acting as a password generator, many password apps also contain or link up to password managers. These secure devices store your complex passwords and take the pain out of remembering those 16-character passwords you struggle to remember. All you have to do is authorize them to fill in your login credentials each time you go to log in.

Final Thoughts

In 2023, there’s no excuse for using the same password across multiple logins. It’s a sure fire way to maximize the impact of a security breach, so you need to take the necessary steps to prevent this. Thankfully, the presence of password generators and managers mean that your passwords can instantly be upgraded and secured.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


It’s impossible for a PC to be 100% secure, but there’s nothing to stop you strengthening the defenses of your PC.

With cyberattacks on small businesses at an all-time high, there’s never been a more important time to strengthen your PC’s security. However, as ever, budgets are a crucial factor in achieving this. Thankfully, investing thousands upon thousands of dollars isn’t your only option (although it certainly helps) as simpler solutions are available. Many of these are processes which are either overlooked or simply unknown to most PC users. But the enhanced security they offer is unarguable. Therefore, it’s time integrate these 7 quick tips to improve the security of your PC:

  1. Automatic updates: software vulnerabilities are a sure-fire way to open your IT infrastructure to the world, so it’s vital you install updates as soon as possible. Installing updates, though, is far from glamorous and this is why many PC users fail to install them when available. Luckily, it’s possible to implement automatic updates in Windows to take the pain out of this process.
  • Never write down your passwords: it may be one of the biggest sins when it comes to PC security, but PC passwords are routinely written down in every single business in the world. And it’s a practice which needs to stop. The only place passwords should ever be stored is in either your memory or a password manager.
  • Shut your PC down: when you’ve finished on your PC for the day, you should always shut it down. It may be tempting to leave it running, so that you can start straight away again the next day, but all this does is label your PC as a sitting duck for hackers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Almost all cyber-attacks are due a common denominator: a mistake. We aren’t perfect, of course, but we can limit number of IT security mistakes we make.

Working on a PC is far from straightforward and, as a result, the sheer number of complex routines you must work through leaves plenty of room for mistakes. At the same time, all a hacker needs to take control of your system is a few milliseconds. Accordingly, even the smallest security mistake can leave your PC at the mercy of a hacker. However, by understanding what the most common, and usually simplest, IT security mistakes are, you can strengthen your IT defenses almost immediately.

Start Eliminating These Mistakes Today

If you want to make sure your IT infrastructure is safe from hackers, then you need to avoid these five IT security mistakes:

  1. Not locking your screen: you may trust your work colleagues, but the fact remains that numerous people will enter your organization’s premises throughout the day. Some may be familiar, some may not. And that’s why it’s crucial you lock your screen. All you have to do is hit the Windows button and the L key; your screen will be locked with a password and the contents of your PC immediately protected.
  • Underestimating your value as a target: threat actors are malicious and, although they are certainly interested in big targets, they’re equally likely to target smaller organizations too. Additionally, many cyber-attacks are automated and don’t discriminate against who they attack. Therefore, never assume that your small business is of no concern to hackers. Remain vigilant and practice good IT security.
  • Passwords on Post-it notes: we all know that remembering passwords is difficult, but the biggest mistake you can make is by writing your password on a Post-it note. And then sticking it to your monitor. Sure, it’s convenient for you, but it’s also highly convenient for anyone looking to compromise your PC. Instead, create passwords you can easily remember, but are difficult for anyone else to crack.
  • Assuming email attachments are safe: ever since email became a mainstay of modern communications, it has carried a huge risk of delivering malware through email attachments. Most concerning of all, these infected attachments may be sent by email contacts you consider safe, it could even be your colleague sitting next to you. Threat actors can easily take control of a victim’s email address book and email malware under the guise of the victim’s email address. And that’s why you should evaluate every email you receive.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Forgetting a password is frustrating, so the promise of a password recovery tool is tempting. Until, that is, you find out it’s packed full of malware.

If something online sounds too good to be true, then it usually is – see the numerous adverts on YouTube which promise to make you $50k a month with minimal effort. And this is exactly the case with the Sality malware. Naturally, Sality doesn’t advertise itself as malware. Instead, it bundles itself stealthily, as a hidden extra, alongside a password recovery tool for Programmable Logic Controllers (PLC) and Industrial Control Systems (ICS). Whilst the tool does indeed help you to extract passwords, the presence of Sality opens a whole world of digital pain.

The Lowdown on Sality

Sality, in its earliest form, is believed to have been online for nearly 20 years, so it’s certainly not a new threat. However, over the years, its evolution has led to its modern variant becoming a nasty piece of malware. At present, it’s making its way into people’s PCs thanks to relatively crude, yet tempting adverts on social media sites. Advertising itself as a free download, the tool will retrieve passwords for PLC and ICS – through a vulnerability in the system’s firmware – but it also activates the Sality malware.

To understand how Sality operates, you first need to know what a peer-to-peer (P2P) botnet is. Used to generate huge amounts of processing power – usually for cracking passwords or mining cryptocurrency – a P2P botnet obtains this power by hijacking large numbers of PCs. These hijacked PCs are then forced to work together on the same task – after all, 1,000 PCs mining cryptocurrency are going to achieve their objective a lot quicker than a single PC. It appears that Sality is currently focused on cryptocurrency, but there is nothing to stop threat actors unleashing more powerful attacks e.g. taking entire IT systems down.

How Do You Handle a Sality Infection?

While Sality may have been around for some time, it hasn’t learned every trick in the book. For example, not only will it throttle an infected PCs performance by using 100% of its CPU, it also triggers numerous Windows Defender alerts. However, it does have enough sense to scan any PC it lands on for anti-virus software before shutting down any identified tools. Therefore, it’s crucial that you follow preventative approaches to avoid Sality:

  • Do Not Trust Online Adverts: legitimate password recovery tools are unlikely to be advertised on social media sites. If you have forgotten your password, then you should contact the software developers for advice. Alternatively, you can create secure backups of your passwords with an app such as Google’s Password Manager.
  • Remove Download Privileges: almost every malware threat involves a malicious download and, as such, it makes sense for your organization to limit the number of downloads taking place. By limiting download privileges to, for example, line managers, you will minimize the chances of malware being downloaded by mistake.
  • Block Social Media: if you want to make sure that you are specifically limiting the risk of Sality, you can simply block access to social media sites from within your organization’s network. However, be aware that Sality is likely to be lurking elsewhere on the internet.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Web hosting is an integral part of how the modern internet works, but what happens when a provider finds themselves the victim of a hack?

GoDaddy is one of the most popular web hosting providers in the world with an estimated customer base of over 20 million users. Through GoDaddy it’s possible to use their Managed WordPress service to build and host WordPress websites. And, with around 64 million websites currently being powered by WordPress, it’s clear to see why GoDaddy has focused on this platform. Online popularity, however, will always put you in the targets of hackers. A recent breach of GoDaddy’s Managed WordPress service has demonstrated this by hitting 1.2 million of their customers.

How Did GoDaddy Get Hacked?

GoDaddy’s Managed WordPress environment contains huge amounts of data. Not only is there access to the source code for hosted websites, but customer’s personal data is also stored there e.g. email addresses, login credentials and site security certificates. These are data sources which have the potential to cause widespread digital devastation. Email addresses can be used to power phishing campaigns, login credentials give hackers the ability to hijack websites and manipulating security certificates can result in malware being downloaded to unsuspecting victims. But how exactly did one of the world’s most powerful web hosting providers get hacked?

The attack appears to have started in early September 2021 and stemmed from a password becoming compromised. The password in question allowed a third party to gain unauthorized access to GoDaddy’s Managed WordPress system. From here, the hackers were able to harvest the previously mentioned data. Unfortunately, for GoDaddy’s customers, it appears that the passwords being stored for Secure File Transfer Protocol were not encrypted and were available in plaintext. Naturally, this made it much easier for hackers to harvest even more data more quickly. And, worst of all, the attack was not picked up for over two months.

Preventing Similar Breaches in the Future

After discovering the hack, due to suspicious activity being detected on their servers, GoDaddy have moved swiftly to limit the damage. All affected login credentials have been reset and GoDaddy are currently issuing new site security certificates. However, the nature of this breach is a damning indictment of GoDaddy’s security measures. Passwords should be secure. The best ways to prevent such breaches taking place are:

  • Strong Passwords: A strong password is one that is judged difficult to guess. The best way to achieve this is by using a mixture of uppercase characters, lowercase characters, numerical characters and symbols. Mixing these different elements together minimizes the odds of a hacker guessing lucky. Additionally, don’t go for obvious password choices such as your name or your date of birth.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More