RISE Wholesale Services

Our Mission: To Accelerate Internet for the Philippines

RISE delivers fast and reliable connectivity services to a range of industries, while providing proactive customer support directly  from our engineers. Using precise tools and procedures, the RISE network is designed to accommodate international best  practices and optimal connectivity for our customers. 

Resiliency, diversity, and longevity are at the core of our design and service decisions. Reliability is what we deliver through our  network and customer support. 

Since 2015, RISE has maintained long-term relationships with local and international partners through dedication, transparency,  and pride in the quality of our work.

Fast Connectivity, Fast Support

A robust network should go hand in hand with an equally powerful support system. At RISE, network engineers provide direct  response action to every customer concern, big or small. 

We monitor the health of all our services by actively polling every Network Termination Unit (NTU) deployed at the customer site.  Potential interruptions in your connectivity are promptly diagnosed and resolved, and customers are immediately notified at the  first sign of an issue. 

In 2021, RISE’s average response time for customer tickets during business hours was 5 mins 31 secs, with 99.9% of tickets  answered within 15 minutes.

Products

Ethernet Virtual Private Line

Our EVPL data service provides dedicated private connectivity from your network to your customers via Ethernet technology up to  Gigabit speeds. This ensures seamless and secure point-to-point communication to enable you to provide services anywhere  within RISE’s reach.

GetaFIX

Created with the goal of accelerating the internet in the Philippines, GetaFIX is an internet exchange (IX) with various peering  partners and content providers like Akamai, Amazon, Facebook, Google and Cloudflare to name a few. For providers’  end-customers, the product aims to speed up access to peering and content for a much better experience. Visit getafix.ph.

IP Transit

Providers need quality internet resources to successfully provide valuable services to their customers. Our IP Transit makes use  of our reliable network and great service levels to come up with wholesale internet available in data centers. For lower-cost  requirements, IP Transit Lite is available as well for smaller, emerging providers.

DC Space Hosting

Data center colocation is available as a value-added service to our core products. RISE offers retail space (per rack-unit or  fractional rack lease) to host customer equipment in major data centers.

Teleport

RISE can bring a number of both domestic and global service providers directly to your network for your use. We Teleport these  partners—Cloud, IX and IP providers—to your doorstep for easy access and integration for both your organic needs and  equirements from your customers. 

Virtual Switch

VSwitch enables customers to take advantage of the resilient network of RISE, and use it as an extension of their own. The  product is available in any data center where we are present (domestic and international), and is priced based on capacity and  network ports used.

We tested 4 internet myths to see which ones are real.

Since the internet was born, and the very first email sent, people have been sharing wild theories across the world wide web. Spooky stories, Nigerian princes, conspiracy theories – everything is possible on the information super highway!

Between these tall tales and suspicious scams lies something more insidious: the internet myth. A whisper heard around the world, a solution to any problem provided by the wisdom of the digital masses.

From what to do if your phone gets wet, or whether or not you can leave your laptop plugged in 24/7, these myths have passed down through generations of internet users to become just something that everyone knows.

Surely no one actually believes these myths right? They’re so clearly fabricated, who could take them seriously? It’s time to put them to the test! If millions of people around the world believe in them, maybe there is a nugget of truth to be found. 

Let’s find out!

Putting a wifi device in a pot increases the signal strength

Verdict: True

Tired of waiting for websites to load? Netflix stuck on buffering? Constantly dropping out of zoom calls? You might need to upgrade to a stronger internet connection! But what if you’re already on the best plan available in your area? How can you improve the quality of your connection without having to spend more money?

Luckily, the internet has plenty of answers for you. Some are obvious: such as placing your wifi device in a more central location in your house or switching to a wired network. Others definitely fall into the “myth” category, and chief among these is the “pot” theory.

The logic behind this myth is simple: wifi moves through your house in waves, moving out from your device in 360 degrees and bouncing off walls to slowly “fill” your entire home. However, you likely don’t need your wifi to cover every corner of every room, so can you “shape” the waves to better concentrate the signal?

Turns out that yes, you can use certain surfaces like metal pots and pans to “bounce” the signal in the direction you want. While this may not improve the actual speed of your connection, it is likely to improve stability, which can make your internet experience much more reliable and enjoyable. 

If your phone gets wet, dry it out safely in a bowl of rice

Verdict: False

Smart phones and water are a terrible combination – as anyone who has gotten a little too unlucky in a bathroom can tell you. But whether you’ve dropped your phone into a toilet, splashed it while washing the dishes, or been caught out in a rain storm, the internet has a quick, simply solution to save your device: put it in rice.

The general idea behind this advice is that the rice will absorb the water, drawing it out of your phone before it can damage the circuitry. Rice is very absorbent after all, so it’s easy to see why this myth would gain popularity in a “just common sense” kind of thinking. 

Sadly putting your phone in rice doesn’t help, and in some cases may even make the situation worse. Rice is dusty, and leaving your phone in rice can introduce small particles that can further damage the electronics. It’s also not any better or faster at drying your phone than a warm room.

The real danger to a drenched phone is not the water, but electricity. While no phone is fully waterproof, most are water resistant – so if you turn your phone off immediately you might be able to salvage it by getting it dried professionally. 

Leaving your laptop plugged in all the time will lower your battery life

Verdict: It’s complicated

There’s no worse way to start a work day than sitting down at your desk and opening up your laptop only to find the battery is flat! It’s this fear that drives many of us to leave our laptops plugged in whenever it’s on our desk, and this action has led to a very common myth: leaving your laptop plugged in all the time will lower the battery life.

No one wants to ruin their expensive devices, and surely it’s better safe than sorry, so following this myth feels a bit of a no-brainer. Leaving your laptop on charge might be more convenient, but is it really worth the risk?

Well actually, it’s a bit more complicated that the myth would have you believe. Firstly – the capacity of a battery goes down over time, no matter what you do. This means that after a while, your laptop battery will “die” and you’ll need to get a new one. Certain things will make your battery capacity degrade faster, and leaving you laptop on charge all the time might be one of those things.

This is because each battery has a limited number of charge cycles before it will start to fail: the more cycles you put the battery through, the more wore-down it will become. There’s no way to never charge your laptop battery, so there is no way to prevent this type of damage over time. 

However, leaving your laptop plugged in may make it worse. If you use you laptop when it is on charge, the battery will drop below 100% and immediately start charging again – essentially running multiple charge cycles while you work.

This is why many vendors such as Apple, HP and Asus recommend keeping your battery at 50-80% of charge, and have tools which will let you set your laptop to only charge to 80/90% full. Alternatively, if you are constantly using your laptop, taking it off charge at 100% and placing it back on charge when you are done is completely safe.

If you leave your laptop open, people can access your webcam to spy into your room

Verdict: True

With video conferencing becoming such a huge part of the modern workday, many people have begun using the webcams in their laptops for the first time ever. Even if you’re new to webcams though, you may have already heard the myth of people hacking into your webcam and being able to “spy” into your room.

It sounds like science fiction, something you’d expect to see in the new Matrix sequel. Unfortunately, it is very possible for hackers to access your webcam without you even knowing. This attack is known as camfecting, which involves taking control of the webcam remotely and disabling the “on” light so that the user cannot tell that the camera is on.

Luckily there is a quick and easy way to stop this hack in its tracks: turn off your laptop. The webcam cannot be activated while the laptop is off, so rather than leaving your laptop is rest or sleep mode, close the lid and power down!

For extra security while using your laptop, another method is to simply cover the webcam. You can find specific hardware for this task (some laptops even have built in covers), but a small piece of tape or cloth will achieve the same result and still be easily removed when you need to jump on a conference call. 

What internet myths have you heard?

That’s 4 common internet myths put to the test, but it’s far from an exhaustive list. Have you heard these myths before? Were you surprised at our results? What other internet myths have you heard? Share your thoughts with us and join the conversation over at facebook.com/upgradetorise.

Will 2021 be the last year your office has a virtual Christmas party?

‘Tis the season and once again office workers around the world are wondering how to host their Christmas parties virtually. WIth vaccines now widely available and many offices making plans to reopen, the “new normal” from the last 2 years is coming to an end. 

At the same time, many people are still working from home or working remotely, and some companies are looking to make WFH a part of their work culture long-term. This means it’s time for us to answer two important questions:

  1. Will 2021 be the last year for virtual christmas parties?

And

  1. How will companies maintain their office culture with a mix of in-person and remote workers?

As we get closer to Christmas, let’s explore where we’ve been, where we are and where we’re going when it comes to hosting the all important office Christmas party.

Looking back at 2020 – the all-virtual office party

Earlier this year, we looked at how companies around the world celebrated their office Christmas parties virtually, and what lessons we could learn from these celebrations. From this we discovered that the biggest barrier to a successful party was the feeling of “forced fun” – meaning the parties were often mandatory work events, and the organisers made no effort to entice employees to attend. 

Another key component was structuring the event so that there was always something for attendees to be doing – after all, you can’t just have everyone in your office trying to talk over each other in the one zoom call! 

Segmenting the event into smaller groups that people could move between, or organizing activities and games to keep people interacting, were great ways to keep spirits high and everyone having fun.

Lastly, just because the event itself is held virtually, doesn’t mean that everything needs to be online-only. Sending out small gift bags to attendees is a great way to add a little extra to your event, and adds a nice physical touch to an otherwise wholly digital event.

Our tips for virtual Christmas parties:

  1. Sending party packs to people working remotely
  2. Holding the event during work hours / at a suitable time for people working from different time zones
  3. Segment your event into multiple parts, so that people can pick and choose which ones they attend

2021 – mixing it up with online and in-person office parties

This year brings a new wrinkle. After settling into the “new normal” of all-virtual events, we have the opportunity to actually hold in-person events! The widespread rollout of vaccines and the easing of restrictions means that many offices are open once more. 

However, not everyone is racing back to the office, and rather than a return to the “old normal” of pre-covid life, we find ourselves in a mix of old and new – in person and virtual working environments.

In such a situation, maintaining strong office culture is paramount in keeping both employee morale and productivity high. So how do you make your in-office and remote workers feel like part of the same team? At this time of year, there’s no better opportunity than the office Christmas party.

The first option is to simply hold a traditional, in-person event and invite your remote employees as well as in-office workers. Unlike the usual office party though, it would be best to hold this event outside the office. Remote workers might feel out of place if you have the party at the office, and in-office workers who are more comfortable with the environment might stay together in their own clique rather than mingling.

Holding the event outside the office in a neutral space promotes inter-team mingling, and helps ensure everyone is comfortable. It’s also a great way to make sure you have enough space for everyone if your office still faces restrictions on the number of people you can have in the building!

The second option is to have a mixed in-office and virtual event. This is a bit trickier to coordinate, and relies on many of the concepts we looked at previously to be successful. However, it may also lead to a higher turnout amongst remote employees compared to a fully in-person event.

A good idea for mixed events is to bring in a guest speaker or party host to run the event. This person can help keep the party running smoothly, and better interact with both in-office and remote attendees throughout the event so no-one feels left out.

Our tips for mixed Christmas parties:

  1. Hold the event in a neutral space if going all in-person
  2. Use a party host to keep everyone interacting throughout the event
  3. Keep your in-person attendees gathered in one area so that remote attendees can feel involved and part of the team

2022 – the end of virtual events?

With all this said and done, what will the future hold for office Christmas parties? Will we still be having virtual events and connecting with our co-workers via a zoom call at the end of 2022? Or will we be back to in-person partying only?

It’s hard to know what the future holds, especially in these (still) unprecedented times. All we know is that it’s always a good idea to be prepared for anything that might happen. Maybe the world will return to the old ways or maybe it won’t, but you need to be prepared to adapt and seize the opportunities that the new year brings.

Whether it’s running your office, your own business or a virtual Christmas party, the best way to ensure success is a strong internet connection. With no data caps, no slow downs and 24/7 technical support, RISE enterprise internet plans keep your in-office and remote teams connected 100%. Find out more at rise.ph/enterprise and make the connection today.

Introduction to Data Privacy – the three principles of privacy

In the modern world, almost everything there is to know about you is available online. Your medical records, your education and work history, your family connections, maybe even a few shameful secrets, are very likely to be digitally stored somewhere. 

In previous articles, we’ve looked at data security as a way that you (and your business) can help protect your data from would-be criminals. But what about when there is a legitimate need to share data – for example, asking your school to send you your graduation records so that you can include them in a job application? Or your doctor sending your medical records to a pharmacist?

The pandemic has also impacted the idea of data privacy for regular citizens. In Australia, people must use an app on their phones to “check in” to any business they visit, and this data has then been used by police to solve crimes, which has prompted some groups to decry the check-in app as a violation of data privacy.

Today we will explore Data Privacy starting with the three core principles, and examine how you should think about your privacy with an increasingly online society.

What is Data Privacy?

Data Privacy is a broad term that can cover and cross into many different areas of internet security, but for the purposes of this article we are mainly concerned with data privacy as the relationship between the collection, storage, and dissemination of data.

Essentially everything that you do on the internet requires sending and receiving data. For example, when you make a search on Google you send your data (the search terms, as well as your location, device) and receive Google’s data (the list of search results).

Data Privacy looks at this action and asks “who should be able to view this data?” Obviously, both you and Google need to see it, but what about the owners of the websites who showed up in the search? What about researchers studying online patterns of behaviour? Or advertisers? Or the police, should your search be for something illegal?

Answering the question of “who should be able to view this data” is (unfortunately) never as obvious as it may seem. To make it easier, both for users as well as for companies and public officials, it helps to look at the 3 core principles of Data Privacy: Transparency, Legitimate Purpose, and Proportionality.

Transparency

The first core principle of Data Privacy is Transparency – if a service is going to share data, it should do so openly and with the full knowledge of all users. For websites, this is usually a very straight-forward process: when a user accesses a website, the site can display a message with a link to their privacy policy explaining how they will use the users data. 

You may have even seen this in action with “accept all cookies” type messages in recent years, thanks in large part to the General Data Protection Regulation (GDPR) act in the UK. If you have, then you undoubtedly also know how infrequently these policies are actually read and understood in full by the user.

This is the fundamental flaw with being simply “transparent” about how you share data. If you know your users won’t take the time to understand what you are doing, it doesn’t really matter how open you are about it. That’s why it’s important for digital services to also follow the next two principles:

Legitimate Purpose

Sometimes also referred to as Purpose Limitation, the principle of Legitimate Purpose refers to the idea that any data collected or shared by an online service should only be done for a clear and specific purpose that is beneficial to the user.

Basically, organisations should only collect user data for a specific purpose, clearly state what that purpose is, and only retain data for as long as necessary to complete that purpose.

This may sound like a limiting factor, but many online services are set up to extract as much data as possible under the guise of providing the “best-possible” service to users. Take our Google search example from above – is it necessary to share your location, what device you are using in order to complete a simple search?

Obviously not, however by using this information Google can provide a search result that is more specific to you: whether that’s using your location to show businesses near you, your previous search history to show you a more specific result to a generic question, or to make sure the sites shown will all display correctly on your device.

Proportionality

The third principle of Data Privacy is Proportionality – the idea that any data collected should be limited to the smallest amount of data required to complete the service. Also known as Data Minimisation, this principle is mainly concerned with reducing the amount of data lost in a potential breach, and limiting the chance that incorrect data is collected.

Proportional data collection covers the amount of personal data collected, including the extent of processing involved, the period of their storage, and their accessibility. Keeping data collected restricted to only what is proportional to the service helps to limit what data is shared to only what is expected by the user. 

While a Google search may provide better results when your previous search history data is present, can the same be said about sending an email? Imagine receiving an email from your coworker that included all the websites they had visited that day! 

Should I be worried about my data?

The expectation of privacy from regular internet users, and the legal and political issues that arise from that expectation, are why Data Privacy is such an important topic. Many countries around the world have created their own Data Privacy laws, including the Data Privacy Act in the Philippines. These laws help to codify the principles of Data Privacy, and ensure safe and secure internet services for all.

With that said, you should always be careful about what you share about yourself online. When asked to provide information by a web service, make sure that the data requested is actually required to complete the service you want. Even when using email or social media sites, think about what information you post – if the worst should happen, would you want to share this with a complete stranger?

In the coming weeks we will be examining Data Privacy and the steps you can take to better protect yourself and your data online. 

Why networks need to constantly upgrade their infrastructure

In 1965, with some of the first computers ever built only a decade old, Intel co-founder Gordon Moore posited that the number of transistors on a microchip would double every 2 years. Colloquially known as Moore’s Law, this was an observation that the speed of technological advancement was about to rapidly accelerate.

While this sounds ridiculous, Moore’s Law ended up being too conservative. Prior to the turn of the millennium, the number of transistors in modern computer chips often doubled faster than every 2 years! In the last 20 years, technology has advanced beyond what anyone could have ever anticipated, and now you have billions of transistors inside every device you own.

This exponential advancement is not just limited to computer chips either – all technology is constantly evolving and adapting to provide new and better services, along with more connections and more access to these services.

As an Internet Service Provider, RISE matches this constant technological advancement by regularly updating (and upgrading) our network infrastructure. 

Improve network performance

Possibly the most obvious reason to upgrade your network infrastructure is to improve the performance of the network. As new technology is generally faster and more reliable, it’s a good idea to keep an eye on new products entering the market and how they can be deployed within our existing network. This kind of upgrade can enable higher service speeds for our customers, and reduce failover and recovery times when there is an incident like a fiber break.

These performance improvements in both speed and reliability allow RISE to remain competitive and provide world-class internet services to all our customers. We strive to always provide the best internet experience to businesses in the Philippines, and keeping our infrastructure upgraded regularly is a key factor in achieving that goal.

Reduce the chance of failure

If you want to limit the amount of maintenance you need to perform on your network, you need to keep it up-to-date. Regular upgrades to both the software and hardware of a network is a great way to minimise the time spent on maintenance.

Like most things in the physical world, it is common for network infrastructure to fail in a pattern that reliability engineers describe as a “bathtub curve” – referring to a high failure rate early in the lifespan of the product, low in the middle, and high again at the end of their life. 

You may have noticed this yourself when purchasing electronics – they will tend to fail either soon after you purchase them, or late in their life. We make sure to “soak test” all devices (running them without production traffic) before deployment to help reduce the risk of these early failures, and then towards the end of life, we upgrade and replace.

With software on core network devices, the conversation is more complex. The newest versions of software often introduce bugs that were not present in older releases, and our engineers must balance “latest and greatest” with “old and faithful.” 

It is crucial in these cases to ensure firstly that there are no known security vulnerabilities in your software, and then secondarily to balance new features and the benefits they provide vs. the potential for new bugs. 

Once the decision is made to deploy new software, we test, test, test and then deploy slowly (maybe only one, low impact device at first) to make sure we maintain a high level of reliability for our customers.

Improve network security

In the movies, cyber criminals like hackers are often portrayed as geniuses who can learn to compromise any system within seconds. In the real world, it takes time for these criminals to get their hands on the tech and find the weaknesses. 

This means that the longer a piece of technology has been on the market, the more likely it is that hackers have found a way to exploit that tech. Using outdated applications and equipment creates network vulnerabilities that could bring down your network or even your entire organization.

Upgrading network infrastructure cuts this problem off before it can even become an issue. Updates are constantly made to tighten the security on the components that comprise a network, adding in new security features and keeping hackers from becoming too familiar with the systems in place.

Connect to new locations 

An often overlooked but critical benefit of upgrading your infrastructure is being able to connect with other providers and expand the network into new areas. In the past, it was often the case for individual ISP’s to be using different technology that had difficulties connecting with other networks.

In the modern age, most networks have upgraded their technology to be similar enough that they can easily interconnect with other providers, improving the scalability of all networks (how fast and how far you can expand) and creating a more stable, capable and reliable network for all users.

How RISE are upgrading our networks

In our mission to accelerate the internet in the Philippines, RISE are constantly looking to upgrade and expand our network infrastructure. In the last year, we’ve focused on upgrading the capacity of our network to improve the business internet experience of Filipinos, as well as connecting with more uplink providers to increase network stability and reliability.

These activities have been matched by our greater fiber infrastructure rollout, expanding our network into a greater coverage area and connecting more buildings. On top of this, we’ve also upgraded all our core service offerings to provide higher speeds for our enterprise plans. 

Find out more about how a RISE enterprise plan can help accelerate your business today.

How the internet is helping the world reach sustainable development goals

Living in the age of COVID has been difficult for everyone, but it has been a lot harder on those who can’t access the internet. When many of us switched to working from home, Zoom coffee dates and online schooling, people without reliable internet access were left in the dark.

The internet allows us to connect, to engage, and to grow as people and as communities. This is why the RISE mission is to “Accelerate internet in the Philippines” and why we sponsor GetaFIX – an internet exchange that was created to improve the reliability and performance of all internet providers in the Philippines. 

As a carrier and data-centre neutral service, GetaFIX creates equal opportunities for networks to connect with the same pricing for the same bandwidth. By helping networks to connect to each other more easily, GetaFIX is able to improve the speed and reliability of the internet. This is not only a core part of the RISE mission, but also a fundamental goal of sustainable development. 

What are the Goals for Sustainable Development?

In 2015 the Member States of the United Nations adopted the Agenda for Sustainable Development – a shared blueprint for peace and prosperity for people and the planet, both now and into the future.

At the centre of this agenda are the 17 Sustainable Development Goals (SDGs), which form an urgent call to action for all countries in a global partnership towards ending poverty, improving health and education, reducing inequality, and growing economies while successfully managing climate change and working to preserve our natural environments.

What role does the internet have in these goals?

The three pillars of the SDGs are social, economic, and environmental, and the internet plays a vital role in the success of all these goals. Along with being it’s own goal, reliable internet access provides the platform on which local governments can engage with their communities to grow grass roots support, develop programs, and take action. 

While the SDGs were negotiated back in 2015, they were still written with a clear understanding of the importance of internet access to their success. The recent pandemic has underscored how fundamental the internet has become to people’s lives and livelihoods.

Health, education, economic growth, gender equality, food production – all can be improved with universal internet access. The SDGs can combine the efforts of citizens, companies and governments to push for universal internet access as a central pillar of efforts to build back better.

Social Goals and Connecting Communities

The first of the three pillars for Sustainable Development is Social – combining several goals that focus on improving the quality of life for individuals and their local communities. This includes reducing poverty rates, improving access to health and medical services, eliminating hunger, and building sustainable and resilient cities.

The internet meets these goals head on, directly providing and expanding access to education and resources on a global level. It was also able to connect previously isolated healthcare professionals to their counterparts globally.

Reliable internet access allows for key success in these goals by connecting individuals to their communities both locally and globally. Strong internet also betters the planning and logistics of community development, giving people a voice in how their cities are built and what services can be provided to the area.

Education and Economic Opportunities

The pandemic has forced a rapid adoption of online life, in particular for our work lives. Work from home has become the standard for millions of people, and the ability to maintain a consistent connection from your home has become a necessity for working, studying, and shopping.

Along with adapting to the changing conditions of the pandemic, the internet is also a major driver in technological innovation and entrepreneurship. Businesses are able to create more sustainable operations through automation, and new businesses that take advantage of emerging technology are starting up everyday.

Environmental Goals

Whether it’s a natural wonder of the world like the Amazon rainforest or simply the nature strip on your home street, protecting the environment is a core pillar of sustainable development. When it comes to advocating for sustainable environmental policy and action, no tool has been more important to empowering the people than the internet.

The internet is a fantastic resource both for environmental education and activism, as developers can quickly find relevant information and standards for sustainable development early in the planning process. Likewise, the internet can be used to monitor, provide updates, and regulate this development.

Beyond preserving nature, the environmental goals of the SDGs are concerned with sustainable agriculture – providing a framework for safe, eco-friendly farming practices. Farming technology has received a particular benefit here, as high-speed internet services have unlocked automation for a broad range of food production, while web-based apps allow everyone to run their own market garden operation.

Ending the digital divide

Unfortunately, the advantages of the internet are not shared equally. Nearly half of the world’s population lacks internet access. A lack of critical infrastructure and affordable services combined with low digital literacy makes it hard for many people to access these opportunities.

Reliable internet access is just as important as any internet access. Everyday internet tasks like online learning, working or shopping become very difficult (if not impossible) when your connection isn’t strong enough, or you can’t afford enough data, or your family shares a single device.

The internet plays a crucial role in achieving the goals of sustainable development. By working hard to improve the reliability and performance of all internet providers in the Philippines, and by improving access to internet services with equal opportunities for networks and users, RISE are doing our part in helping to meet the targets of the 2030 Sustainable Development.

Why You Need to Update Your Password

For many of us, our digital devices are our life. Or at least our lifeline to participating in broader society. Our computers are offices, our phones are wallets, and our smartwatches can even open the doors to our homes. Controlling who has regular access to these devices is more important than ever!

This is why maintaining strong password security is so important to everyday life in the digital age: it allows us to safely use modern technology to improve our lives while protecting us from those who would cause us harm.

But what makes a good password? How do you maintain strong password security, or remember a dozen different passwords for each device and service you use? Do you really need to update your passwords every 3 months? Let’s dig in.

Your data may already be exposed

First things first – it’s very likely that you have already been exposed to a data breach. Hundreds of companies are targeted every year by hackers trying to discover vulnerabilities in their systems, and large public facing sites like Facebook, LinkedIn and even Target have all had data breaches.

Access to the private data of businesses is very valuable, even a basic email account can be worth a lot to hackers. With access to someone’s email account you can take control of their bank details or steal business information, or simply use the “legitimate” address to send out spam and other phishing attacks. 

Hackers are always coming up with new ways to gain access to your data, and so you need to stay in front of them. By updating your password regularly, you can reduce the risk that other people have consistent use of your accounts, and can remove access from anyone who shouldn’t be there.

Use multiple passwords to protect against breaches

It is always better to be proactive than reactive when it comes to changing your password, as you don’t always know when one of your accounts has been breached. In many cases, it can be quite difficult to figure out if someone else is using your account!

If you use the same password on multiple accounts across multiple sites, then if any one of those accounts is exposed, all of your accounts are exposed. The easiest way to better protect yourself from this risk is to use a different password for each account.

This way if one of your accounts is breached, you don’t give the hacker access to everything. You may need to close or sanitize your twitter account, but you don’t have to completely purge your entire digital life.

How to make a strong password

Now that you are updating your password regularly and using a unique password for each service, you need to make sure that you are creating strong passwords. A strong password is one that is easy to remember and difficult for hackers (and hacking software) to guess. 

Quantity is often more important than quality when it comes to making a strong password – a long password of all lowercase letters is far stronger than a short password with special characters! Shorter passwords are typically easier to guess, especially ones that include common phrases like 12345, qwerty or the always popular “password”.

Combining 4 to 5 words to form a memorable pass-phrase is a good start, especially if you use numbers, symbols or misspelled words to make it more unique. Make sure it’s not identifiable to you specifically, that means no personal information such as names or birthdays (or birth years). 

Combining all these concepts we can make a strong password that looks like this:

Rescue!Distort!Catch!Eternal!

These words have no relation to each other, and the use of capital letters and exclamation marks makes it difficult for hacking software to simply guess combinations of words.

Password apps can make staying safe easy

The biggest problem with using multiple strong passwords is remembering them all. If you need a different password for every account you use, and all of them have to be updated regularly, and all of them have to be unique, it can be quite difficult to remember which password goes with which service. 

The worst thing a person can do is write down all their passwords, either on a note next to their computer or in an unsecured text file. Having all your passwords collected in one place (especially if you do this on a work computer) makes it much easier for hackers to steal, and all your hard work creating strong passwords goes out the window.

Password manager apps can be a great help in this regard – storing all your passwords in a secured location that makes it easy for you to access your services and hard for hackers to breach. 

Most modern devices and web browsers even have built-in password management tools that you can access fairly seamlessly. However, for extra peace of mind or for advanced management tools, you can look at specific apps like Dashlane, Bitwarden or LastPass. The advantage of using a specific service or app like this is that they are normally available across both your web browser and your phone.

7 steps to protect yourself from malware

We would all like to believe the internet is safe – that everyone browsing the world wide web has good intentions and acts in our best interest. Unfortunately there is no denying that criminals are also online – trying to make money (and trouble) with little regard for the welfare of others.

In the previous articles of this series, we looked at how information security has become more important than ever, and how malware attacks can cost your business. Today we examine the main ways you can keep yourself safe and protect your business from malware.

What is Malware?

Before we look into how to protect yourself, let’s quickly recap on what malware is and how it spreads. Malware or malicious software is any kind of software that is designed to harm a computer. While there are many different forms of malware, all of it can be identified by its malicious intent.

Hackers use malware in order to gain access to systems, expose private data and hold businesses to ransom. While some attacks are targeted at specific persons or companies, many types of malware are sent out as spam to as many people as possible – hoping that even one might be successful.

How does malware spread?

There is no definitive list of how malware can spread as new attacks are being thought up every day. However, there are common methods that many types of malware will use and these all involve common internet activities like:

  • Downloading software
  • Visiting websites
  • Clicking on pop-up windows
  • Opening attachments or clicking links in emails

So how do you use the internet safely when malware can spread via almost everything you are likely to do online? While you can never be 100% safe, there are some practical steps you can take to improve your security and limit your exposure to threats.

Keep your computer and software updated

Cybersecurity is a constant battle, where hackers try to find new exploits and vulnerabilities in software and security professionals try to patch them up. 

Known exploits for old software are often shared by hacking groups, making people still using this software more likely to be targeted. 

By keeping your computer and software updated, you can stay ahead of the hackers and limit the vulnerabilities in your system.

Use a non-administrator account where possible

Many systems, including your computer’s operating system, allow you to create multiple accounts. An administrator account has access to everything, including installing new software, whereas non-administrator accounts have more limited access.

Sometimes your computer needs additional powers to complete a task like installing software. In these cases, it will prompt you for the details of an administrator account. 

Before entering these details, be certain that the computer is performing a task at your request – are you installing software from a known-good source? If so, then it is likely OK to proceed. If you didn’t do anything to trigger this prompt for administrator details, you may wish to deny the request – malware can also ask for permission to install itself! 

Using a non-administrator account for your day-to-day computer use can make it more difficult for malware to be installed onto your computer and if you do get attacked, the hackers will also only have limited access to your system.

Think twice before clicking on links or downloading anything

As we saw above, clicking on unknown links and downloading unknown files is a common way for malware to spread. By being cautious about what things you click on, you can reduce your exposure to malware. 

However, you have to click on things at some point in order to use the internet – so how do you know what’s safe to click on and what’s not? Many browsers have built-in measures to stop you from visiting known-bad links. They will provide you with warnings, but as this environment changes so rapidly they cannot stop everything. Other signifiers of “less than reliable” sites can be things like poor grammar and overly intrusive advertising (like pop-up windows.)

Links (both on webpages and in emails) can be particularly sneaky by using domain names that look a lot like a reputable site. Instead of “mybank.com.ph” they might use “mybankph.co” or even “mybаnk.com.ph” which looks almost indistinguishable from the original “mybank.com.ph” but uses a Cyrillic “а” instead of the standard Latin “a.” You could be forgiven for finding this confusing – the characters are identical (or very close) in most fonts, but to a computer they are different. 

The important takeaway from this, is for important links like your banking and financial requirements, never click a link in an email – type it yourself into the address bar of your browser.

Be careful about opening attachments from emails

Just like clicking on links, opening attachments from unknown email addresses is an easy way to expose yourself to malware. Always check the “from” field in your email browser, and if you don’t know the address, don’t open any attachments or click on any links.

That said, email is an inherently insecure medium of communication, so even checking the “from” field can’t protect you in all cases – it’s possible for malicious parties to “spoof” this address and impersonate another user you know. 

In a sophisticated attack, these emails may even address you by name (it’s particularly easy to gather your name from most corporate email addresses which are of the format [email protected]) so you need to be wary. 

Before opening an attachment, ask yourself:

  • Were you expecting an attachment from this person? 
  • Did the email use the same kind of language you would expect from the sender? 
  • Did they explain what they were sending and why? 

All of these questions can help you determine how risky the file is.

This type of attack is also common on social media, where they can create a fake account and make it look like a real business. So be careful opening attachments or clicking links on these sites too.

Don’t trust pop-up windows that ask you to download software

While using the internet, some sites may show pop-up windows that ask you to download software. If you did not take a specific action to initiate such a pop-up (such as clicking to download software from a legitimate business), it is likely that this pop-up is malware.

This is especially the case if the popup is trying to scare you into taking an action, such as telling you your computer is infected or that you are in trouble. Don’t fall for this trick – simply close the popup (or browser if you have to) and avoid clicking inside anywhere within the popup window.

These scare tactics are also common in email and social media attacks like the ones mentioned above – keep your eyes open and don’t be caught off guard!

Limit file sharing

Some sites allow you to quickly and easily share files with other users. Often, these sites offer no or little protection from malware, and malicious software can be disguised as or bundled in with legitimate files for songs, games, movies or programs. Always download your software from reputable websites.

Use strong passwords and don’t reuse passwords

Passwords are how we limit access to our private accounts across the internet. If you use the same password on multiple accounts across multiple sites, then if any one of those accounts is exposed, all of your accounts are exposed.

The easiest way to better protect yourself from this risk is to use a different password for each account, and to use strong passwords. It may seem impossible to remember all these long, unique passwords, but that is why many experts now recommend the use of a password manager. 

A password manager stores all these complex passwords for you, and can even generate long unique passwords automatically, to ensure maximum security. You just need to remember one good password – the one to unlock your password manager. 

What makes a good password though? Contrary to popular belief, just adding some special characters like “%” to a password does not inherently make it strong. The key aspect of modern password security is making them long – 12 characters or more.

A strong password:

  • Is long, often using 4 or 5 words to form a memorable pass-phrase
  • Uses numbers, symbols or misspellings to make it more unique
  • Doesn’t contain any personal information such names or birthdays / birth years
  • Avoids common phrases such as 12345, qwerty or a single word

How Malware Attacks Can Cost Your Business Big

The internet is everywhere, and as our digital lives become ever more important, so too has our need to stay safe and secure online. Cybersecurity has become a major cornerstone of the digital landscape, and malware has become big business.

In this second article on information security, we will take a closer look at what malware is, and how hacking groups use malware attacks to cost your business big.

What is Malware?

Malware is malicious software designed specifically to cause damage or disrupt a computer, server, client or network. There are many types of malware, some of which you may already be aware of like viruses, trojans, ransomware or spyware. 

The how and why can vary between each type of malware – some can be used to crack weak passwords, bore into systems, and spread through networks. Other types of malware can lock up important files, or redirect you to malicious websites. 

These attacks can result in anything from data theft to the destruction of entire systems or devices, and can be very profitable. Malware attacks have become a million dollar industry, with hacker groups pulling in hundreds of thousands to millions of dollars per attack.

Why should you care about malware?

In the early days of the internet, sending out malicious software was more like a prank – a minor annoyance that might spam popup windows and could be easily defeated by simply turning off your computer. 

But as more and more of our lives shift online, the cost of malware attacks has risen astronomically. Security experts say ransomware attacks surged by over 150% in 2020, and the criminals running these attacks are making bigger and bigger demands.

Worst still, it is very possible that your data is already exposed – hundreds of companies are targeted every year by hackers trying to discover vulnerabilities in their systems. Large social network sites such as Facebook and LinkedIn have had leaks* totalling over 580 million accounts, while in 2013 Target had a POS compromise, exposing 40 million credit card numbers.

*A data “leak” is what happens after someone exploits a vulnerability and posts the data. A hacker searches for a vulnerability so they can exfiltrate the data, then either hold it to ransom or leak it.

How much could a malware attack cost me?

There is a lot of value in any hack, depending on the scale of the attack. Even gaining access to a single email address can be valuable to a hacker, as this can allow them to utilise the account to send spam or phishing emails from a more “legitimate” address, as well as gain access to any private information that requires that email address to perform a password reset. 

In recent times, ransomware has become the most common type of attack, accounting for over 50% of all hacks. Rather than leak data, this type of malware is designed to shutdown operations and hold your company hostage unless you pay the hackers. 

A recent ransomware hack on a major US fuel pipeline saw the affected company pay out nearly $5 million USD. In 2020 the average ransom demand was $170,000, but hacker groups like Maze, DoppelPaymer, and RagnarLocker averaged between $1 million and $2 million.

Even when companies can avoid paying the ransom, the direct price of being hacked can be much larger. Lawsuits following major breaches can add up into the hundreds of millions. Uber was fined $148 million for ignoring a breach of their user data, while Equifax settled for $700 million following their breach.

Malware attacks can have other costs to your business, including:

Lost Productivity

The most common type of ransomware attacks are designed to lock up your business operations and prevent you from running normally. The cost in lost productivity is closely tied with how quickly the attack is discovered – faster detection limits the spread of the infection as well as the time spent in remediation with the hacker.

Downtime Costs

Along with this lost productivity, an attack that stops your business from operating also incurs downtime costs – how long does it take you to return to normal operations? Businesses can limit their downtime costs by having secure and up-to-date backups of their data, allowing them to quickly get back up and running following an attack.

Impact on Clients

Malware attacks don’t just impact your business, they also impact other companies and people who you do business with. At best, having your own operations compromised adversely affects the relationship between your business and your clients, at worst the infection can spread from your company to theirs.

Damage to Your Brand or Reputation

The cost of damage to your businesses reputation can be hard to quantify, but its effects can definitely be felt. Customers and clients have become far more sensitive to cybersecurity threats, and a business that has been exposed to ransomware is not one that many will trust in the modern age.

Conclusion

Ransomware can have a huge impact on your business, from direct cost to flow on effects upon your customers and clients. That is why it is so important to maintain strong cybersecurity and information security practices. 

In the third article in this series, we will look further into how you can keep yourself, your data and your business safe from malware attacks.

Getting Started with Information Security – Digital Threats to Your Business

The internet has brought the whole world to our fingertips, and businesses that can best leverage the competitive advantages of the internet have quickly risen to the top.

Businesses aren’t the only ones adapting however – crime has also gone digital, and your information is a prime target. Access to the private data of businesses is very valuable, as is the ability to disrupt regular operations and hold a company to ransom.

When it comes to keeping your business safe from digital crime, information security is your first line of defense. Information security, or infosec, is the practice of protecting your business by preventing unauthorised or illegal access to your data.

The first step to strong information security is awareness. By being aware of the threats your business may face online, and by following a few simple infosec steps, you can drastically reduce the probability of your business being compromised.

Why Information Security is Important

Information security is vitally important to keep your business and your data secure from threats in the digital world. If you use the internet for banking, payroll, sharing company documents, operations or planning, good information security practices allows you to safely operate your business without risking unauthorized access to those activities.

This is the crux of information security – maintaining a balanced protection of the confidentiality, integrity and availability of data without hampering organization productivity. 

Weak (or absent) information security practices is the easiest way for your business to get hacked, and this can be extremely costly. Recently in the US a major fuel pipeline paid out $5 million dollars to a hacker group after being the target of a ransomware attack that shut down their operations. 

Even if the hack does not affect normal operations, a simple breach can still be very costly if the private data of your customers is exposed. Fines or lawsuits can add up to hundreds of millions of dollars under data privacy laws for not taking steps to adequately protect your customers.

Phishing and Social Engineering

When we think of crime on the internet we always start with Hacking. Hacking is the generic term for gaining unauthorised access to a digital system, but it’s not at all like the movies! 

Rather than using highly advanced technology to run sophisticated code, most hacking is simply tricking your target into giving you their information willingly.

This type of hacking is known as Phishing (or more broadly as social engineering), the use of deception to manipulate individuals into divulging confidential information that will be used for fraudulent purposes. 

Source: Saturday Morning Breakfast Cereal

Phishing relies on tapping into the routine operations of your business and how employees respond to specific situations. By being aware of how hackers can exploit these operations and situations, you can better defend against their attacks. 

Phishing

Phishing is by far the most common approach, and is where the hacker pretends to be someone else via email or phone in order to get you to divulge sensitive information or allow the hacker access to a system.

Hackers are always changing their specific tactics, but there are some common warning signs of phishing attacks to watch out for. For phishing emails, these include:

  • The from email addresses in email is misspelt / incorrect
  • HTML attachments / unclear or suspicious links
  • No personalised information about you (emails that address you as “Dear Customer…”)

Fear is also a very common tactic for hackers, and they will often try to scare you into following their requests by mimicking account deactivation emails, warnings from officials like police or tax officers, or even threaten firing by pretending to be your boss.

While phishing attacks over email are very common, any channel can be used by hackers. You can avoid phishing over email, phone, social media – even macros in word and excel documents – by following a few simple steps:

  • Don’t click on links or open attachments unless you are expecting them (and only from known contacts)
  • If there’s a link in the email (for example to your bank), instead of clicking on the link, open a new browser and go to the website directly as you normally would (ie: by searching for your bank in google)

While phishing happens primarily in the digital space, there are a few other common social engineering attacks to keep watch for that happen in the real world. Keep watch for the following around your place of business:

Tailgating

Tailgating is trying to gain physical access to an area by following someone else – literally walking through the door they opened. 

This can also be achieved by pretending to be a delivery man carrying in heavy boxes, or by wearing a fake uniform like a janitor, so that an employee of the business will open the door for you.

Waterholding

Waterholding is where a hacker will attend the same physical places as other workers, such as restaurants or bars that the team frequent, in order to overhear important information or learn specific details about the business (such as work patterns, names of employees, or even what uniforms they wear).

This information then lets them better pose as another employee or business partner in order to run their other hacking attempts.

Waterholding is not limited to the real world, and it can be quite common for hackers to join public groups, forums or social media pages of their target businesses as well.

Baiting

Baiting is the modern form of bribery – giving people gifts or rewards in order to gain information or have the person make a particular action.

The main difference between baiting and bribery is that the person being bribed knows a trade is happening, whereas a person being baited may have no knowledge that they have been victim of an attack.

An example of this may be receiving an email from a fancy restaurant or nightclub offering free meals – just click the link below to claim now! However, when you click the link, you also download malware onto your computer, giving a hacker remote access to your machine and potentially exposing the entire network!

Malware

Once a hacker has access, they can install and run malware – malicious software designed specifically to cause damage or disrupt a computer, server, client or network. 

Malware can take on many forms, and you may be aware of some of these types of already:

  • Viruses
  • Trojans
  • Ransomware
  • Spyware
  • Worms
  • Bots / zombies

Protecting your computer and your network from malware is fairly straightforward, and there are several steps you can take to improve your security.

  • Install antivirus software and keep it up to date
  • Don’t open attachments from unknown sources
  • Keep applications and OS up to date
  • Turn off office macros and don’t bypass security warnings

While these measures are a strong start to keeping your computer safe from malware, the best protection is to avoid malware altogether. By utilising safe browsing techniques, you can greatly reduce your chances of being exposed to malware.

Learn to use incognito and private tabs

If you are using a modern browser to access the internet, you are probably familiar with incognito and private tabs. These are tabs that are more “secure” than normal tabs and windows, because they do not share data and credentials with non-private tabs.

This makes incognito and private tabs a great option for secure activities like banking. Make sure you exit out of your incognito tabs though – as while they can’t share data with non-private tabs they can share data and credentials between other private tabs.

Check for HTTP vs HTTPS

HTTP (or hypertext transfer protocol) is how the internet transmits web pages. Over the last couple years, a more secure version of this protocol has been developed, called HTTPS. 

A site using HTTPS typically has a padlock icon in the top left corner of your browser, and indicates the site is encrypted so that no one else can see your data.

However, hackers can also use HTTPS on their own sites, so having the padlock is no longer a guarantee of safety. You should definitely still check though, and when in doubt – back out!

Remember that this padlock icon is only used on websites – it has no meaning at all in emails or on social media. If you see a padlock icon in an email or social media post, it could be a phishing attempt.

Be careful on social media

Social media can also be used to run phishing attacks or launch malware. Be careful in what you share online (especially as it relates to your business), as hackers can use this information to pose as employees or find email addresses to target.

Online identities on social media are easy to fabricate, so don’t trust messages or posts from people who you don’t know, and don’t communicate business matters over non-corporate channels.

Conclusion – Protecting Your Information

Information security practices are a great first step in protecting yourself and your business online. It can be daunting to learn about phishing and malware attacks, but being aware of these threats is the best way to avoid falling victim to them.

Be proactive about your information security and don’t be afraid to ask for assistance! Report suspicious activity to your IT team or reach out to cyber security experts and keep your business – and yourself – safe online.