February 2021: BitLocker data encryption and TPM maneuver

BitLocker is the Windows encryption technology that protects your data from unauthorized access by encrypting your drive and requiring one or more factors of authentication before it will unlock it, whether for regular Windows use or an unauthorized access attempt.

BitLocker is good because it is nicely integrated into Windows, and it is easy to operate. As it was designed to “protect the integrity of the operating system,” most who use it implemented it in TPM mode, for best results your computer must be equipped with a Trusted Platform Module (TPM) chip. This is a special microchip that enables your device to support advanced security features.

How to turn on BitLocker

Once you made sure BitLocker can be properly enabled on your computer, BitLocker Drive Encryption is available only on Windows 10 Pro and Windows 10 Enterprise. Make sure to keep your computer connected to an uninterrupted power supply throughout the entire process.

Follow these steps:

1.      Use the Windows key + X keyboard shortcut to open the Power User menu and select Control Panel.

2.      Click System and Security.

3.      Click BitLocker Drive Encryption.


4.      Under BitLocker Drive Encryption, Click Turn on BitLocker.


5.      Choose how you want to unlock your drive during startup: Insert a USB flash drive or Enter a password. For the purpose of the guide, select Enter a password to continue.



6.      Enter a password that you'll use every time you boot Windows 10 to unlock the drive, and click Next to continue. (Make sure to create a strong password mixing uppercase, lowercase, numbers, and symbols.)



7.      You will be given the choice to save a recovery key to regain access to your files in case you forget your password. Options include:

o    Save to your Microsoft account

o    Save to a USB flash drive

o    Save to a file

o    Print the recovery

Select the option that is most convenient for you, and save the recovery key in a safe place.

Quick Tip: If you trust the cloud, you can choose to save your recovery key in your Microsoft account using the Save to your Microsoft account option. In which case, you can retrieve your encryption key at this location: https://onedrive.live.com/recoverykey.

8.      Click Next to continue.



9.      Select the encryption option that best suits your scenario:

o    Encrypt used disk space only (faster and best for new PCs and drives)

o    Encrypt the entire drive (slower but best for PCs and drives already in use)



10.  Choose between the two encryption options:

o    New encryption mode (best for fixed drives on this device)

o    Compatible mode (best for drives that can be moved from this device)

On Windows 10 version 1511, Microsoft introduced support for XTS-AES encryption algorithm. This new encryption method provides additional integrity support and protection against new attacks that use manipulating ciphertext to cause predictable modifications in cleartext. BitLocker supports 128-bit and 256-bit XTS AES keys.

11.  Click Next to continue.


12.  Make sure to check the Run BitLocker system check option, and click Continue.



13.  Finally, restart your computer to begin the encryption process.

14.  On reboot, BitLocker will prompt you to enter your encryption password to unlock the drive. Type the password and press Enter.



After rebooting, you'll notice that your computer will quickly boot to the Windows 10 desktop. However, if you go to Control Panel > System and Security > BitLocker Drive Encryption, you'll see that BitLocker is still encrypting your drive. Depending on the option you selected and the size of the drive, this process can take a long time, but you'll still be able to work on your computer.


Once the encryption process completes, the drive level should read BitLocker on.


You can verify that BitLocker is turned on by the lock icon on the drive when you open This PC on File Explorer.


BitLocker Drive Encryption options

When BitLocker is enabled on your main hard drive, you'll get a few additional options, including:

·         Suspend protection: When you're suspending protection your data won't be protected. Typically, you would use this option when applying a new operating system, firmware, or hardware upgrade. If you don't resume the encryption protection, BitLocker will resume automatically during the next reboot.

·         Back up your recovery key: If you lose your recovery key, and you're still signed into your account, you can use this option to create a new backup of the key with the options mentioned in step 6.

·         Change password: You can use this option to create a new encryption password, but you'll still need to supply the current password to make the change.

·         Remove password: You can't use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.

·         Turn off BitLocker: In the case, you no longer need encryption on your computer, BitLocker provides a way to decrypt all your files. However, make sure to understand that after turning off BitLocker your sensitive data will no longer be protected. In addition, decryption may take a long time to complete its process depending on the size of the drive, but you can still use your computer.

Similar to BitLocker, device encryption is a feature designed to protect your data from unauthorized access in the unexpected case that your laptop is lost or stolen. When the feature is enabled, the entire system drive and secondary drives connected to your device, are scrambled, and only you with the correct password can access the data.

The biggest difference between the two is that device encryption is available on all the editions of Windows 10, while BitLocker is only available for Windows 10 Pro, Enterprise, or Education, and offers some additional management tools.

How to encrypt a hard drive for Windows Home edition and Windows Home pro

To see if your laptop or desktop computer meets the requirements for device encryption, use these steps.

1.      Open Start.

2.      Search for System Information, right-click the top result, and select the Run as administrator option.

3.      Click the System Summary branch from the left pane.

4.      Check the "Device Encryption Support" item, and if it reads Meets prerequisites, then your computer includes support file encryption.


After you complete the steps, you can proceed to enable encryption on the entire system.

Enabling device encryption

To enable device encryption on your Windows 10 Home laptop or desktop computer, use these steps:

1.      Open Settings.

2.      Click on Update & Security.

3.      Click on Device encryption.

A quick tip: If the The "Device encryption" page isn't available, then it's likely that your device doesn't support the encryption feature.

4.      Under the "Device encryption" section, click the Turn on button.



Once you complete the steps, Windows 10 will turn on encryption for the current and future files you store on your computer.

Configure TPM on UEFI

If you know that the device has a TPM chip, but it's disabled, you can refer to these steps to enable it:

1.      Open Settings.

2.      Click on Update & Security.

3.      Click on Recovery.

4.      Under the "Advanced startup" section, click the Restart now button.



5.      Click on Troubleshoot.


6.      Click on Advanced options.


7.      Click on UEFI Firmware Settings.


8.      Click the Restart button.


9.      Locate the security settings.

Quick note: You may need to consult your manufacturer support website for more specific details to find the TPM settings.

10.  Enable the TPM feature.

After you complete the steps, you should be able to enable device encryption on your computer running Windows 10 Home to protect your files.

Disabling device encryption

To disable device encryption on your Windows 10 Home device, use these steps:

1.      Open Settings.

2.      Click on Update & Security.

3.      Click on Device encryption.

4.      Under the "Device encryption" section, click the Turn off button.


5.      Click the Turn off button again to confirm.

After you complete the steps, the device will go through the decryption process, which depending on the amount of data, can take a very long time.

We're focusing this guide on Windows 10 Home users, but this option, as well as BitLocker, is also available for devices running Windows 10 Pro with supported hardware.

Compiled by Esther Nyapendi, Tech Support Volunteer

Read More Computer, encryption,

January 2021: 10 Personal Cyber Security Tips — #CyberAware

With these ten personal cybersecurity tips, we are aiming to help our readers become more cyber aware. We developed these security tips from our experience managing millions of security events for businesses and professionals worldwide.

1. Keep Your Software Up to Date

As we saw from the stats above, ransomware attacks were a major attack vector of 2017 for both businesses and consumers. One of the most important cybersecurity tips to mitigate ransomware is patching outdated software, both the operating systems and applications. This helps remove critical vulnerabilities that hackers use to access their devices. Here are a few quick tips to get you started:

  • Turn on automatic system updates for your device
  • Make sure your desktop web browser uses automatic security updates
  • Keep your web browser plugins like Flash, Java, etc. updated

Check out our blog on patch management best practices!

2. Use Anti-Virus Protection & Firewall

Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and compromising your data. Use anti-virus software from trusted vendors and only run one AV tool on your device.

Using a firewall is also important when defending your data against malicious attacks. A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device. Windows and Mac OS X comes with their respective firewalls, aptly named Windows Firewall and Mac Firewall. Your router should also have a firewall built in to prevent attacks on your network.

3. Use Strong Passwords & Use a Password Management Tool

You’ve probably heard that strong passwords are critical to online security. The truth is passwords are important in keeping hackers out of your data! According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider:

  • Dropping the crazy, complex mixture of upper case letters, symbols, and numbers. Instead, opt for something more user-friendly but with at least eight characters and a maximum length of 64 characters.
  • Don’t use the same password twice.
  • The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_.
  • Choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see
  • Reset your password when you forget it. But, change it once per year as a general refresh.

 

If you want to make it easier to manage your passwords, try using a password management tool or password account vault. LastPass FREE is a great tool for an individual. LastPass offers a FREE account and has a $2/month membership with some great advanced password features.

4. Use Two-Factor or Multi-Factor Authentication

Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. Without two-factor authentication, you would normally enter a username and password. But, with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password, or even fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password.

two-factor-authentication-phone.png

According to NIST, an SMS delivery should not be used during two-factor authentication because malware can be used to attack mobile phone networks and can compromise data during the process. 

5. Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers

We recently blogged that phishing scams are nastier than ever this year. In a phishing scheme attempt, the attacker poses as someone or something the sender is not to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts.

A few important cybersecurity tips to remember about phishing schemes include:

  1. Bottom line – Don’t open an email from people you don’t know
  2. Know which links are safe and which are not – hover over a link to discover where it directs to
  3. Be suspicious of the emails sent to you in general – look and see where it came from and if there are grammatical errors
  4. Malicious links can come from friends who have been infected too. So, be extra careful!

 

6. Protect Your Sensitive Personal Identifiable Information (PII)

Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. PII includes information such as name, address, phone numbers, date of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. Your credit card information should be protected by companies if they follow the PCI DSS standards.

In the new “always-on” world of social media, you should be very cautious about the information you include online. It is recommended that you only show the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts, particularly Facebook. Adding your home address, birth date, or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage!

review-facebook-privacy-settings.png

7. Use Your Mobile Devices Securely

According to McAfee Labs, your mobile device is now a target of more than 1.5 million new incidents of mobile malware. Here are some quick tips for mobile device security:

  1. Create a Difficult Mobile Passcode – Not Your Birthdate or Bank PIN
  2. Install Apps from Trusted Sources
  3. Keep Your Device Updated – Hackers Use Vulnerabilities in Unpatched Older Operating Systems
  4. Avoid sending PII or sensitive information over text message or email
  5. Leverage Find my iPhone or the Android Device Manager to prevent loss or theft
  6. Perform regular mobile backups using iCloud or Enabling Backup & Sync from Android

 

Top New Threats in Mobile Security

 

Top Mobile Security Threats.png

 

8. Backup Your Data Regularly

Backing up your data regularly is an overlooked step in personal online security. The top IT and security managers follow a simple rule called the 3-2-1 backup rule. Essentially, you will keep three copies of your data on two different types of media (local and external hard drive) and one copy in an off-site location (cloud storage).

If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore them with a recently performed backup.

9. Don’t Use Public Wi-Fi

Don’t use public Wi-Fi without using a Virtual Private Network (VPN). By using a VPN, the traffic between your device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. Use your cell network if you don’t have a VPN when security is important.

10. Review Your Online Accounts & Credit Reports Regularly for Changes

With the recent Equifax breach, it’s more important than ever for consumers to safeguard their online accounts and monitor their credit reports. A credit freeze is the most effective way for you to protect your personal credit information from cybercriminals right now. Essentially, it allows you to lock your credit and use a personal identification number (PIN) that only you will know. You can then use this PIN when you need to apply for credit.

 

Top Causes of Security Breaches

Hacking, phishing, and malware incidents are becoming the number one cause of security breaches today. But, what’s more troubling, these hacking attempts are the result of human errors in some way. Education and awareness are critically important in the fight against cybercriminal activity and preventing security breaches.

Top Causes of Security Breaches CIPHER.png


Compile and approved by the technical support department via CIPHER

Read More security,

December 2020: You can restrict accounts on Instagram to limit their activity without blocking or unfollowing them

Instagram has an option to restrict users, that is to limit what they can post and who can see what they can post on your account.

HIGHLIGHTS

  • Comments from restricted accounts only remain visible to them and can be seen by users who restrict them if they allow it.
  • Restricted accounts are also not able to see when you are online or if you have read their messages as their DMs are moved to Message requests.
  • You will also not receive any notifications for future comments from that person.

Are you tired of constant DMs or the prying nature of certain people on Instagram but do not want to block or unfollow them? There is a feature on Instagram called Restrict accounts, which as the name suggests helps users to limit someone’s activity on Instagram. Over the years, Instagram has brought features like Close Friends and Hide Story From XYZ account to disable certain people to view your activity. Restrict accounts is one such option that allows you to limit what people can post on your profile.

-- Users have control if others can see comments on their posts, their chat will move to your Message requests, so they will not see when you read it.

-- Restricted accounts are also not able to see when you are online or if you have read their messages.

-- The new comments from restricted accounts on your posts will only be visible to that person, and you can choose to see the comment by tapping See Comment. If you want others to be able to see their comment, you can tap Approve, then tap Approve to confirm, or you can delete it or ignore it.

-- You will also not receive any notifications for future comments from that person.

Restricting an account through a profile:

-- Log into your Instagram account through your Android or iPhone.

-- Go to the profile of the person you want to restrict.

-- Click on the three dots on the right-hand side.

-- Select the restrict option.

You can un-restrict the person by following the same steps.


To restrict someone through Direct:

-- Tap on the Direct message or messenger icon in the top right and tap the chat with the person you want to restrict.

-- Tap the person's name at the top right of your chat.

-- Tap Restrict at the bottom.

If you are in a group chat with someone that you have restricted, you will get a warning that you will see a restricted account’s messages. You can choose to stay on the group or leave the group.

To restrict or un-restrict someone through your settings:

-- Tap on your profile picture in the bottom right to go to your profile.

-- Tap the three lines in the top right.

-- Tap Settings and then tap Privacy.

-- Below Connections, tap Restricted Accounts.

-- Tap Continue.

-- Search for the account you’d like to restrict and tap Restrict next to their username, or tap Unrestrict to un-restrict someone.


To restrict or un-restrict someone through a comment on your post:

-- Go to your post and tap View all comments.

-- Swipe left over the comment (iPhone) or tap and hold the comment (Android).

-- Tap on the exclamation mark and then tap Restrict (username) or Unrestrict (username).

If a restricted person comments on your post, you can tap See Comment to reveal what the comment says, or you can tap Delete to delete the comment. If you tapped See Comment, you can tap Approve, then tap Approve to make the comment visible to others, or you can tap Delete to delete the comment.


Compiled and Approved by the technical support officer.

Read More social,

November 2020: How to change your background on Google Meet during a video meeting

Google is rolling out custom backgrounds for desktop users. Virtual backgrounds feature will roll out for Google Meet app users in the coming weeks.

HIGHLIGHTS

  • Google Meet is rolling out virtual backgrounds for desktop users.
  • The virtual background feature does not require an extension or any additional software and works well within the user’s browser.
  • The virtual backgrounds will work on ChromeOS and the Chrome browser on Windows and Mac desktop devices.

Google Meet is rolling out custom virtual backgrounds for desktop users. The feature does not require an extension or any additional software and works well within the user’s browser. Google notes that virtual backgrounds will ensure more productive meetings and less distraction. The virtual backgrounds feature is not new to the video conferencing apps as Zoom and Microsoft Teams have already rolled out similar features a few months back.

"Custom backgrounds can help you show more of your personality, as well as help hide your surroundings," Google noted in a blog post. The virtual backgrounds will work on ChromeOS and the Chrome browser on Windows and Mac desktop devices. The support on Meet mobile apps will be coming soon, Google will notify users when it does roll out the feature.

Users can also select their picture as a virtual background. However, as of now, the option of selecting your own picture is not available to participants of meetings organised by Google Meet for Education customers. Google noted that there will be no admin controls for the virtual background feature at the launch. However, the company will roll them out in the coming weeks. The feature is off by default.

Google Meet has rolled out features like blur background and noise cancellation in the past for more efficient virtual meetings. Users can change the background on Google Meet by following the given steps.


To change the background on Google Meet before a video call:

-- Open Google Meet

-- Select the meeting

-- Click on the three dots on the bottom right or the More option

-- Select Change background

--You can select from slightly blur or completely blur in case you want to blur your backgrounds.

--Select Turn on background blur



-- Users can also select a pre-uploaded background. Selecting a background will turn on a user’s camera in case it was off

--Users can also add their own image by clicking on the Add option.

-- Select Join now


To change the background on Google Meet during a video call:

-- Click on the three dots on the bottom right or the More option.


-- Select Change background

--You can select from slightly blur or completely blur in case you want to blur your backgrounds.

-- On the bottom right of your self-view, click Change Background. To completely blur your background, click Blur your background.

-- Users can also select a pre-uploaded background. Selecting a background will turn on a user’s camera in case it was off.

--Users can also add their own image by clicking on the Add option.

Google notes that blurring background may slow down your device and that users should turn the feature off to allow other apps to run faster on your computer.

Compiled and Approved by  the technical support department

Read More online,

October 2020: How to bulk delete emails from Gmail

Gmail users can bulk delete old, unnecessary emails from their Gmail account in a few simple steps. Clearing out the inbox can help users create space in their Google account.

HIGHLIGHTS

  • Gmail users can clear out mail based on categories, like read, unread, starred, and unstarred messages.
  • To bulk delete emails, users will require a computer. However, a small number of messages can be deleted from the Gmail app.
  • Deleted emails are moved to trash for 30 days after which they are automatically deleted permanently. Users can also clear out the trash before the end of 30 days.

It is amazing how much space clearing out old, unnecessary emails can make. If you are someone who has over 20,000 mails in your inbox, you may consider decluttering your mailbox. Especially when Google plans to put a 15GB cap on storage for your Google account for your Google photos, emails, and files from Google drive. All this while you may have taken all that free storage for granted and probably did forget to clear out your Gmail.

Deleting emails can be achieved through the Gmail app. However, when you have thousands you want to clear all at once, you will need a computer. Google on one of its support pages notes that you cannot delete all messages together from the Gmail app. To bulk delete emails from Gmail, follow the given steps:

-- Open Gmail, enter your email ID and password.

-- Go To Inbox, here you may see tabs for promotional email or emails from social media (chances are that you have never probably opened the emails and they are lying in your inbox eating your precious storage.)

-- Go on promotional or social or other tabs depending on what you want to delete.
-- Check the Select all option, it is a box on the top left.
-- You will get an option to “delete all (number of total messages) from that category”
-- Select the option.
-- Click Okay to confirm, it may take some time for the emails to clear out.

To delete messages from the inbox:


-- Click the down arrow in the top left
-- You will see categories for messages you would want to delete including all, none read, unread, starred, unstarred.
-- Select the option you want to choose.
-- Click on the Delete button.

You can also delete emails based on the date, the size of the file, or the sender by choosing the advanced search option. You have to click on the down arrow in the search bar and fill out the categories.

To delete large files:


-- Go to Gmail search bar, Press on the down arrow.
-- Fill in the size, for instance, 20MB, select the time window of the mails, for example, one month.
-- All 25MB files will show up. Select all and delete if you wish to delete all or you can back up your important files and then delete them.


You can also delete old emails in the same way by typing in the time range, based on if the email has an attachment, and if the email is unread.

All deleted messages go to Trash and remain there for 30 days. If you want to clear out your trash and permanently delete mails:
-- Select Menu or three lines from the top left.
-- Select Trash.
-- At the top, tap Empty trash now.

Compiled and approved by the technical support officer

Read More mail,