Archive for the ‘Internet Security’ Category

The best offense is a good defense: Disaster preparedness essentials

January 12, 2012

[tweetmeme source=LANSystems only_single=false]Guest blog by Cindy Bates, Vice President of Microsoft’s US SMB Organization

Planning for “the worst” isn’t quite as fun as refining a business plan or coming up with new ways to market your products or services, but doing so just might make the difference between the success or failure of your company. In fact, the U.S. Department of Labor estimates that more than 40 percent of businesses never reopen following a disaster; and, of the remaining companies, at least 25 percent will close in two years.

Yet, small businesses that take time to develop a disaster preparedness plan that includes preventive measures as well as actions to be taken in the event of disaster greatly increase their odds of withstanding catastrophe. To get started with creating a disaster preparedness plan, I recommend small- business decision makers consider the following:

  • Insurance plans and policies – Understanding the intricacies of an insurance plan or policy requires a good bit of time, but it’s a step well worth taking now since it’s unlikely there will be much time to do so when disaster strikes. Also, you might notice gaps in your plan that can be addressed before it’s too late.
  • Money management – It’s always wise to keep your finances in order, but all the more so when it comes to disaster preparedness. Have all financial obligations, including bill payments, payroll details and account information, in a safe place, since these responsibilities will still require attention even in the midst of dealing with a disaster.
  • Cloud-based software for storage and more – Cloud-based software services designed for small businesses store data in secure, offsite locations and provide access to data from anywhere employees have an Internet connection. If your physical office is hit by a natural disaster, you’d still be able to access your information for business continuity. Furthermore, many small businesses have found cloud-based software to provide a host of other benefits, including access to enterprise-class capabilities at an affordable price.
  • Microsoft Security Essentials provides real-time protection for your home or small- business PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free download from Microsoft that is simple to install and easy to use and that is automatically updated to protect your PC with the latest technology. The greater the security of your PCs, the less the chance that a virtual disaster like cybercrime could impact your business.
  • Technology      updates – By maintaining updated technology, small businesses can      prevent many virtual disasters from happening in the first place. Install updates      whenever prompted to do so, or set company PCs to install updates      automatically.
  • Virtualization –      Virtualization consolidates physical server hardware onto virtual machines      that live in the cloud. This not only helps small businesses recover more      swiftly from disaster but also can lead to cost savings and more efficient      operations.

Small businesses that need to implement new technology systems to better prepare for disaster should engage the help of a qualified IT services provider and can find a list of Atlanta-based providers here.

Also, for more advice on preventing and preparing for disaster, check out this free eGuide on disaster preparedness. Finally, I encourage you to keep tabs on my blog, where I regularly address a range of business and technology issues relevant to small businesses.

Cynthia (“Cindy”) Bates is the Vice President of Microsoft’s US SMB Organization where she is responsible for the company’s end-to-end SMB sales and marketing efforts, including SMB strategy, business development, regional field sales and national distribution sales, channel marketing, and customer marketing. 

Cindy and her team align Microsoft’s resources across customer and partner engagement to drive success in serving the millions of Small and Medium Sized Businesses in the US, helping them start, grow and thrive by leveraging today’s powerful and affordable technologies. At the pillar of these technologies lies cloud computing, in which Microsoft has more than 15 years of experience and understands how to meet the demands of SMBs for simplicity and impact, with enterprise-grade capabilities, flexibility and affordability in a familiar environment. 

Advertisements

Safe computing for the holidays

December 21, 2011

[tweetmeme source=LANSystems only_single=false]Taking time off to spend with family and friends is such a treat, but alas for many it is hard to stay away from the computer.  If you are going to do some online shopping, play a new game or check your work email, be sure to practice safe computing.  Your home computer may not have the same protection as work, so before you download that file or visit a new site make sure you are protected.

Protecting your computer

1)  Make sure your operating system is updated and all security patches are installed.  If you are using Windows, go to Control Panel Home, then Windows Update. This page will show you if you are up to date or if you need an update.  If you are out of date, follow the instructions and consider turning on automatic updates.  If you have a Mac, the update is similar to Windows so just follow the instructions.  If you have Unix or Linux, you are probably an expert and know how to patch your system.

2)  Browse safely.  Be sure your browser is current and that you are protecting against malware.  Malware are those nasty intruders that we often call viruses, trojans, worms or spyware.  For Windows, you can use Microsoft Security Essentials.  It is a free Microsoft tool that runs in the background and will alert you when a threat is identified.  Remember no protection is 100%, so you have to think before you click and be prepared to remove infections.

3)  Use a firewall. Firewalls can be hardware or software and screen Internet traffic as a first line of defense.

4)  Use spam filters. Most email programs include a spam and junk filter.  Not only can you trash unwanted junk mail, but you can disable email links (recommended) and be warned of malicious content.  There are many malicious emails that look legitimate so be careful when opening emails and never click on attachments or links unless you are certain of the source.

5)  Download safely. Only download from sites that you know are legitimate and reputable. When you download, save the file and be sure that your antivirus software is set up to scan when you open files.  A good rule to follow when opening anything is when in doubt – don’t!

6)  Have a computer expert you can count on.  If you are unfamiliar with computer protection, be sure to have someone who you can consult for advice and help.  It seems complicated, but there are many tools that are easy to configure that run automatically to keep you safe.  Be sure you are protected so that you can enjoy the holiday season with your family and friends rather than fixing your computer.

7)  Be sure you have a current backup.  Just in case the worst happens, you can restore to your latest backup.

Online information and help is abundant, but be cautious that you don’t get fooled by malware that pretends to offer help.  If you get a pop-up that claims it will remove an infection from your computer for a price, stop and call your expert!

If you need help or have comments/suggestions, please feel free to contact me at: mary@lansystems.com.

All of us at LAN Systems wish you a safe and joyous holiday season.

Requiem for the Blackberry

October 17, 2011

[tweetmeme source=LANSystems only_single=false]Last week’s Blackberry outage has caused lots of withdrawal pains.  The blogs and message boards are filled with comments defending and vilifying Research in Motion (RIM) Blackberry’s creator.  Network interruptions are inevitable as we have seen with Sony, Google, Microsoft and Netflix. Someday we may have uninterruptible networks, but the departure or threatened departure from Blackberry seems to be more about the availability of multimedia, cooler mobile devices than a network disruption.

For years Blackberry has been the choice in mobile devices for corporations. You can argue that this is because they are more secure because of how RIM handles encryption or the limitation of online features. Certainly iPhone and Android users can be more social online because their devices support many more apps.  They can access Facebook, Tweet, Farmville and Angry Birds from anywhere that they have a signal.  The available apps make it easy to stay connected.  But with the convenience of being online all the time, some sacrifices are made in being secure.  If you want a real scare, google “mobile device hacking” and read some of the recent hacking successes and access your vulnerability.

It really comes down to which device you are most comfortable with and how easily you can change.  Corporations like Blackberry for many reasons including solid systems and the ability to regulate users. Often corporations don’t change their infrastructure because of the expense of installing new equipment and training employees to use and support the new system.  Rationale always states the benefits of one technology over the other to support the choice, but equal arguments can be made for practically any technology choice.

As interesting and amusing as it is to read the comments from the technology aficionados, it is as important to balance the arguments with facts.  Facts may not change the product choices we make – that’s a subject for another blog – some products will win and others will lose based completely on preference and little on the superior technology.  Blackberry once led the pack but is now struggling for market share in a sea of products that offer more. The loyal followers of Apple and Google are happy to share their opinions on why their choice is the best and the features that make mobility fun and efficient.

It’s a jungle out there – be smart online

June 29, 2011

[tweetmeme source=LANSystems only_single=false]Recently, I posted a job on craigslist for a senior systems and network engineer.  Although craigslist is a popular site, I have never used it and had some concerns about posting on a site that has received so much bad press. After researching, I decided to post our job and have been very happy with the response. But it’s a jungle out there and I knew to expect some scam artists to use the ad to try an attack.

Then today, I received an email from updates-craigslist: Updates!New Terms – Accept: June 29, 2011 with the following message:

———————————————————————-

craigslist

———————————————————————-
Dear Customer,

We need your help resolving an issue with your account. To give us time to work together on this, we’ve temporarily limited what you can do with your account until the issue is resolved.

We noticed some unusual activity . 

How you can help?

You must reverify your account and take the time to accept and read our terms: log in here  

It’s usually pretty easy to take care of things like this.

Ad: # 318-277-551-175

We understand it may be frustrating not to have full access to your account. We want to work with you to get your account back to normal as quickly as possible.

Thanks,

———————————————————————-

Copyright ©2011  Inc. All rights reserved. CL #73445897433\

It’s a scam and has all the characteristics (without typos) of a phishing attempt.  It tries to get you to login with their fake link and get you to input your account information.  Once your username/password was obtained, the phishers would take over your account and get as much information as they could about you.  They can’t do much on craigslist except make some inappropriate postings under your name, but they could use the username/password to break into other accounts like Twitter, Facebook or bank accounts.

So as a reminder, don’t fall for email scams.  When in doubt – don’t click, reply or forward.  Use strong passwords and make sure you have a good spam filter and malware protection.

Why does China want your gmail account?

June 2, 2011

[tweetmeme source=LANSystems only_single=false]Google is certain that the latest hacking attempt comes from Jinan, China as a phishing scam to obtain gmail passwords. This type of attack happens all the time, but since senior level US government officials, military personnel and political activists were targeted the intent seems much more sinister. The attacks were common phishing schemes that are not very sophisticated opening speculation that this was testing the water and that the information may be used for broader attacks.

If someone has your username and password, they can hijack your account.  Not only will they have access to your email, but they can change account settings, forward email and send email as you.  If you are unaware that your account has been compromised, the hacker can play havoc with your information and identity.

Certainly, you have heard these warnings: create a strong password, don’t divulge username and password information especially from email requests, use a good anti-virus, have malware protection and keep a good backup. This cannot be stressed enough – create a strong password for your important accounts.  Next, use a two-step verification or authentication whenever possible.  This is another way to prove it is you.  Google uses a strategy where they will send a unique code to your phone that is required to sign in. The problem with this security measure is that it is not convenient as it takes another step and more time. Often users choose convenience over security.

When you use more than one email address and if you send to a mobile device, be sure that you use security measures that adequately protect your information.  The more valuable the information, the more protection is needed. and just like physical security, use barriers as deterrents.  In the digital and virtual world, barriers are passwords, tokens, PINs and other information that only you will know.

To learn more about the Google 2-step verification, go to http://www.google.com/support/a/bin/answer.py?answer=175197

How to Protect Your Computer Against Malware

February 21, 2011

[tweetmeme source=LANSystems only_single=false]Each year the damages from computer malware cost US businesses billions of dollars. These costs are not only in lost productivity, but permanent loss of critical business data. Arguably, most if not all infections are preventable with the proper understanding, training and protection. Don’t be the next victim, take the steps now to ensure protection and recovery if the worst should happen.

First, let’s understand computer malware. Often the term virus is used to describe all malware. Technically speaking, there are viruses, rootkits, Trojan horses, worms and spyware. The attack method may differ but they are all malicious.

A virus is a program that runs itself and replicates itself. It can affect files or the boot sector and can delete all your data. The “Melissa” and “I Love You” viruses gained global attention.

A rootkit or Trojan horse allows access to your system without your knowledge. Often they look like a useful piece of software but in fact they are back or trap doors.

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes. Once on the system, worms do not need to attach to another program and can run themselves. Worms cause a denial of service attack making the network unusable. In general, worms target the network and viruses attack files.

Spyware is computer software that is installed on a personal computer to intercept or take control of the PC. Spyware can hijack a computer and cause serious problems by gathering and transmitting personal data, loading undesirable software or redirecting browsers to malicious sites.

Protecting yourself –

  1. Have a good backup, just in case you need to restore
  2. Use a firewall
  3. Keep your system updated with the latest security patches
  4. Install and update anti-virus and anti-spyware software (see below for choices)
  5. Do not open email from anonymous, unknown or suspicious sources
  6. Do not download files or software from anonymous, unknown or suspicious sources
  7. Do not navigate to suspicious or promiscuous websites
  8. Regularly scan your system for malware (see below for choices)
  9. Worth repeating – be sure that you have a good backup so that you can restore your full system if needed
  10. If you think you have been attacked, act quickly to isolate the infected computer and remove the malware.

You can purchase anti-virus and malware protection or there are many free versions for home users. For anti-virus, AVG, Avast and others have free versions. For corporate anti-virus, we use Symantec Endpoint. For malware, we like Malwarebytes (personal or corporate edition) and Advanced System Care. With so many choices if you like one better, use it. The important point is that you have to have malware/virus protection.

Use a three prong approach to keep your system safe: educate, protect, monitor. Try to understand the types of threats to your computer. The more educated and informed, the better you can protect your system. Monitor for threats and scan your system often. If it looks suspicious, don’t open the email, go to the site or download the file or software.

Please be watchful of the sites you visit, the software you download and the email you open as the threats to your system change daily.

One-Third of World Spam

December 28, 2010

[tweetmeme source=LANSystems only_single=false]With the arrest of Oleg Nikolaenko, the young Russian responsible for billions of spam messages each day, the world is wondering what it would be like with one-third less spam.

There are over 250 billion email messages sent each day. With 86,400 seconds in a day, that’s about 3 million email messages a second.  Conservatively, 80% is spam.  That means that 2.5 million emails each second are spam.  Many of those emails are caught by spam filters, but the spam that makes it to inboxes still cause major problems.  Spam is profitable and despite the repeated warnings, people still click on spam.

Ordering pharmaceuticals or fake Rolex watches from spam hurts you in two ways. First, they take your money for the item and you get an empty box if you get anything at all.  And second, you can be highjacked and become part of the botnet.  A botnet is like the Borg for computers. Your computer is taken over and does what it is commanded to do – send more spam!

Botnets sound like science-fiction, but they do exist and have attacked millions of computers.  Most infections occur on home or small business computers and start with a computer that does not have an adequate firewall or anti-malware protection. At one time, Oleg’s Mega-D botnet had over a hundred thousand infected computers sending billions of spam messages each day.

So will the world see a reduction in spam?  Probably not, but it does give pleasure to all the haters-of-spam that at least one culprit is behind bars. For now, he’s being held without bail.  I don’t know if Federal prisons still serve Spam, but he could develop a newfound love for fried Spam, Spam sandwiches and Spam with eggs.

If you have suggestions or comments, please contact me at: mary@lansystems.com.

For more technical notes and information go to: www.lansystems.com/technotes.html

What hackers want

November 5, 2010

[tweetmeme source=LANSystems only_single=false]Especially after someone has been the victim of a hacking attack, they want to know why. Hackers have many motives and trying to decipher their behavior is complicated. The classification of white hats, black hats, grey hats and such is an interesting attempt to legitimatize electronic spying and sabotage.  Perhaps there are “good hackers” that perform a valuable service, but most attacks are malicious in nature.  Generally, hackers want to take something from you, teach you a lesson or show their programming skills.

Taking something from you.  This can be financial information, social media login and password, your time or your peace of mind.  Many victims of infections that cause pop-ups with objectionable material are traumatized.  They often react like the victim of a physical crime.  Anyone that has been hit with difficult to remove malware knows that it can be time-consuming and expensive to remove the infection.

Teaching you a lesson.  Hacking may have started as practical jokes that exploited vulnerabilities for pleasure and recognition, but it has grown into an industry that steals billions of dollars of productivity each year. The pranks of today can cause great harm, intended or not.  A recent Twitter Prank illustrated how disruptive it can be to “play around” on the Internet. Some may find justification for causing disruption in that they are just exposing vulnerabilities, but it is harmful and illegal.  Malware is vandalism.

The best defense is a good offense.  Implement appropriate protections for your electronics.  Computer or cyber security takes many of its strategies from the physical world.  You use locks for your house and car.  You may have an alarm system, but the amount of protection is related to the value of the property.  For instance, Fort Knox has fences and armed guards that protect the fortress.  You should use the same strategy to protect your computer systems – the more valuable the information, the more you should invest in protection.

Vulnerabilities, Threats and Consequences (VTC).  Determine the assets to protect and then analyze the vulnerabilities, threats and consequences. Just like with your physical property, use your assessment of the risk to determine the protection. Start with a review of your firewall and make sure you have a good backup of your system.  Backups are an essential part of a disaster recovery plan and are especially economical if you ever have to restore.  Also, use a malware protector in addition to your spam and virus protection. You may want to double-up on the malware protection.  For many companies, enterprise level protection is essential.  Protection includes content filtering in addition to the essential spam, virus, spyware, adware and ransomware protection.

It is difficult to stay ahead of the hackers.  There are so many of them and they spend a great deal of time working on the next attack.  Certainly, if that effort was put to positive use, we would be on the way to solving world hunger.  But meanwhile, use practical computer measures to protect yourself, your company and your family.

If you have suggestions or comments, please contact me at: mary@lansystems.com.

Twitter Prank

September 22, 2010

[tweetmeme source=”LANSystems” only_single=false]Twitter users were hit yesterday with tweets and sometimes offending pop-ups that originated from exploiting a programming flaw.  Twitter defines this as a prank rather than an attack or a hack.  They also have assured Twitter members that no personal account information Twitter Wormwas compromised.  But this does raise the point of what defines a malicious attack, prank or just a mistake.

In the 1960’s, Cap’n Crunch cereal put thousands of toy whistles in their boxes.  Children all over delighted in the whistle design, color and sound. There are many reports of children excitedly calling friends and grandparents to tell them about the wonderful whistle.  But when they would blow the whistle into the phone, they would get disconnected.  The connection between the whistle and the phone disconnect was discovered and exploited. 

The whistle emitted a precise 2600 Hertz tone, the same frequency used by AT&T to tell the switching equipment that the trunk was ready for a long distance call.  Lots of free long distance calls were made by exploiting this feature.  AT&T has long since fixed the flaw, but in the 1970’s one of the exploiters was charged and convicted of toll fraud. Cap'n Crunch Whistle

Mistakes, like programming flaws, can be innocently uncovered like children blowing their Cap’n Crunch whistle into the phone.  Those innocently uncovered flaws can be turned into pranks where some amount of disruption, like disconnected phones or pop-up windows or worms, can occur. But when malicious disruption or fraud evolves from the original mistake, it becomes a serious legal issue.  What will happen with the Twitter “prank” – we will just have to wait and see.

The Internet is the Wild, Wild West ….

April 12, 2010

[tweetmeme source=lansystems only_single=false]

 and there ain’t no Sheriff in town!

Just like the western frontier the Internet is a place where opportunity abounds, but it is not without danger.  If you understand risk, manage uncertainly and protect yourself from diabolical people, the Internet is a magical place. When online, a good rule to follow is “when in doubt – don’t.”

Two main problems with the Internet are that 1) there are more scammers than can be counted and 2) it is hard, sometimes impossible, to determine authenticity. 

In the Wild, Wild West if some cowboy came riding up to you, you’d better be a quicker shot or have a trusted friend covering your back.  You could never take any chances because there were all kinds of hoodlums out there, alone or in gangs, that were trying to separate you from your property.  And if you had established your homestead (website, email address), you’d have even more to worry about because they would always know where to find you.

On the Internet, the cowboys are the scammers and your trusted friend is your firewall, Spam filter and malware protection software to name a few.  But even with these helpers covering your back, you could fall prey to a malicious attack.  So you have to have a backup plan to protect all your critical data.

On the Internet, anyone can pretend to be anyone.  Determining someone’s authenticity is just not that easy.   In the Wild, Wild West anyone could steal the sheriff’s badge and the judge’s credentials.  Unless you had another way to identify them, you could be fooled.  This happens several times a second on the Internet.  A scam artist masquerading as a someone authentic gets you to download malware, adware, ransomware, gives  you a virus, steals your identity, gets you to buy something or send money to claim your million dollar inheritance.  Many of these scams are so obvious that it is hard to believe that people still fall for it, but then again it is the Wild, Wild West!

For ways to protect yourself, see our Tech Notes at http://www.lansystems.com.