Security Risks Of Employee Owned Devices
Employees using their own mobile devices for work may seem like a good idea at first – it’s less expense for you, the employer, and they can also make employees more productive.
However, it also means that you are allowing potentially unsecure devices to access your company’s data. The solution? An effective IT security policy that balances personal freedom to use these devices and your need to secure important business information.
As technology continues to become more affordable and accessible to consumers, it’s an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company’s IT system.
This can be a dangerous thing. Since these devices aren’t company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.
The solution: a comprehensive IT security policy. It’s important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data’s security.
Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don’t forget that while Android seems to have a bigger problem with malicious software, Apple isn’t exactly virus-free, either.
Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data.
If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don’t hesitate to give us a call so we can sit down with you and discuss a custom security blueprint tailored for your company’s network.
Windows XP: Usage Declining After 10 Years
With Windows XP being released more than 10 years ago its still amazing that it is still on top when it comes to the most widely used operating system. The question still stands however, why?!
Many users have become comfortable with Windows XP and everyone hates change so it is really no surprise that users are holding on to the antiquated operating system. There are however major problems with holding onto old technology.
The first major problem is support. Windows XP is slated to lose its support in early August of 2014. “So why not hold on to Windows XP a little longer, I heard Windows 8 is coming out soon?” While there are many users out there with that mentality, it is bad practice to hold on to an operating system beyond its useful life.
The fact is there is a great alternative to Windows XP that has been out long enough that the bugs have been worked out and is a stable alternative. Windows 7 is the alternative, while many users are nervous about moving on to a new operating system because they don’t like change, Windows 7 is a very intuitive, stable and user friendly operating system.
The second reason you should not be holding on to Windows XP over Windows 7 is the simple fact of security. Windows 7 has been proven to be more than five times as secure as Windows XP.That’s right, all those viruses you get in Windows XP due to its numerous security holes do not exist in Windows 7. While its true there are still some viruses and malware in Windows 7, this is true of any software (Yes even a Mac…).
Many businesses are starting to see these facts as well and are not waiting around for Windows 8. So why are they not waiting?
Well, current reviews of Windows 8 have very mixed opinions on whether or not it will be a good fit for businesses. Much like Vista was to the Windows XP user, Windows 8 is going to be a very different looking and feeling operating system.Many people in the Information Technology field have their doubts as to whether it will fit into businesses well due to the drastic changes that have been made in the users interface.
While Windows 8 is still not released to the general public yet, it still appears that it will be too big of a change for those in the business world that generally are not early adopters of new Windows operating systems (Sound familiar?).
Many businesses are just starting to push into Windows 7 for their primary workstations and the numbers of Windows XP computers versus the number of Windows 7 computers out are starting to show that. Windows XP has dropped over 10% in the past year which is huge! As a matter of fact Windows 7 gained 15% last year which means not only is it doing well enough to take those XP users, but it also managed to steal some users from other operating systems.
The long and short is it is time to get that upgrade and stop wasting your time with Windows XP. Windows XP will cost you more to maintain due to the fact that it is more likely to have viruses and other problems. Windows 7 is the way to go don’t wait until Windows XP support finally dies then decide its time.The time is now, save yourself the hassle and plan the upgrade process now rather than waiting till the last minute.
We can get you upgraded to Windows 7 or, if your computer is too old to put the money and time into it to switch to Windows 7, we can get a computer for you with Windows 7 and transfer all of your existing data to it. Just give us a call.
Feature article by:
Frank Wright
Data Management: From Storage To Security
One of the most important aspects of maintaining a smooth running safe and secure network comes down to data management.
How you or your company manages its data is important because if managed improperly, or not managed at all, you risk losing years of important confidential data due to failed hardware or even worse, theft.
Data management needs to begin with an audit of your various assets and how they should be managed properly.
This is the first step because you need to know what you have to manage and more importantly how it needs to be managed (can you use a simple flash drive backup, do you need a NAS, how secure does the data needs to be, should data be encrypted, etc.)
An audit should take place at the beginning of your data management plan as well as at the end which will be touched on later.
During your data management audit you need to first lay out what data is being used, when it is in use, when your slow periods are, and how securely you need to store this data.
For example client credit card data requires much more security than say your pictures from the company party.
After establishing what data you have as stated above you need to separate it into its various classes.
Generally people will store all of their data together so if that is your plan, you need to plan your security based on your most important and confidential data sets.
Some people may have a very large amount of data and smaller data sets that need more extreme security.
In these cases backup sets can be separated to allow less confidential data to be backed up to a less secure and much cheaper backup device while you could have a more secure setup for your confidential data.
One major consideration when it comes to backing up your data is encryption.
The stronger the encryption on data the longer it will take to recover in the event of a data loss.
Encryption is one of the best methods to store data, determined by level of security - it can be high or low.
Again the amount of encryption contributes greatly to recovery time. Data can be managed and stored in many different manners.
Some of the various storage solutions are; a network drive to another computer, a NAS, a flash drive, an external hard drive, data drives and tapes, offsite backups, etc.
Depending on your needs and the amount of recovery time needed, your choices can vary.
For instance, if you have 1 TB of data you are backing up chances are you would be doing an onsite backup rather than offsite to decrease down time in the event of a crash.
A terabyte of data in an offsite backup is going to take a very long period of time to download to your server if your only recover option is to download from the Internet.
A much better solution for this amount of data would be a data drive like a “REV” drive. A REV drive in combination with good backup software offers plenty of space to backup and encrypt your data.
Backups via tapes or data drives should have at least the previous night’s copy taken offsite each night to ensure that you keep one data set safe at all times. It is a horrible idea to store all data onsite.
After you have a plan in place, run through the audit again once things seem to be running smooth to see what is in place, how its running, how secure it is in the event that a data set is stolen, and is the backup time/recovery time acceptable.
If the answer to any of these questions makes you feel your backup solution may be inadequate, it may be a good idea to try something different.
Even though it would cost more money to change data management solutions, it will save you money and hassle in the long run if you find it does not meet your company’s needs.
For a full data management audit give us a call today and we can happily sit down and discuss with you possibilities for your backups and data management as this only touch on a very small portion of data management.
Your data is very important and generally people do not realize just how important it is until they’ve either lost it or had it stolen due to poor management practices.
Feature Article Written By:
Frank Wright
Beware: Online Banking Phishing Schemes Are On the Rise
Banking online is a convenient and time saving way of managing and keeping track of your company’s finances.
Weak security practices, though, can make it more possible for cyber-thieves and hackers to steal your hard-earned money. It is important to make sure that all possible steps are taken to safeguard your company’s finances.
Online banking is a tool that many businesses utilize because of the ease, efficiency, and convenience it offers.
It’s a great way to manage finances in your day-to-day operations. Unforunately, as more businesses turn to online banking, cyberthieves and hackers who target small companies are becoming more adept at stealing from companies online.
Security experts are urging companies to beef up their security systems to keep them safe from cyber and identity theft.
The more companies rely on the Internet, especially when it comes to managing finances through online banking, the more prudent it is to take steps to prevent that hardearned money from being stolen or diverted to someone else’s account.
One tip experts give is to establish proper protocols for transacting with the bank, such as requiring two people to verify a transaction before it is approved.
This helps create a checks-andbalance system that hackers can’t bypass.
Having a dedicated workstation used for only online financial transactions is also recommended, as this lessens the likelihood of it being infiltrated by Trojans, viruses, spyware, and other malware that may come from the machine being used for other purposes.
Having the right anti-virus and antimalware software - and keeping it updated - also goes a long way in keeping your online banking transactions safe from unfriendly eyes.
Your finances are the lifeblood of your business. If you’re interested in how you can make your online banking experience more safe and secure, we’d be happy to sit down with you to discuss security solutions that are tailor-fit to your specific requirements and needs.
Give us a call at the office, (734) 457-5001.
For Small Businesses, Smartphone Security Is As Important As PC Security
Thomas Fox is president of Tech Experts, southeast Michigan's leading small business computer support company. |
Although there aren’t any prevalent security attacks or threat mechanisms associated with smartphones in the market today, security vendors and analysts are urging mobile device users to use security best practices on them, just as they would with their computers.
With recent advancements around mobile devices and technologies, particularly smartphone devices, more and more people are staying connected both in the home and office environments.
Analysts at Forrester Research, a leading authority on security in the small business IT space, say the new breed of smartphones, such as Android and iPhone-based devices, are built on operating systems that are “fairly-well locked down.”
However, although they said using these types of devices are generally safer than PCs because malware can’t run on them (yet), there are still privacy and data risks to be aware of.
GPS hacking is just one concern - a rogue phone application sending your location to an outside service without your permission.
Privacy-related issues will emerge as third-party “fake” applications access more of your personal data.
These would be apps that look legitimate, but are designed to steal your personal information.
Fixing this type of issue will be simpler than a PC, though: The operators of the “app stores,” (Apple and Google) can find the offenders and remove them from the sites in a matter of minutes.
Security and privacy are a concern especially for users who bring and work with their personal devices in and out of the workplace.
The safety of the data on those devices becomes an even larger issue.
Smartphones allow business owners and employees to be more connected with each other. Users are sending information via e-mails and through attachments, all of which are susceptible to loss or theft.
Smartphones that are used for business communication should be treated like office PCs when it comes to data protection. The security threat is there - you have to protect the data that’s on the device.
One of the biggest security mistakes customers make with their mobile devices today is that they fail to use even the most basic security protection methods such as passwords.
Most users don’t set up passwords on their mobile device because they think of their smartphone as just a phone.
But really, it’s a small, low-power computer that happens to let you make phone calls, too.
For small business, it’s time to start thinking of smartphones as another entry into your business’ data. If they’re used for business communication, they need to be monitored, protected and updated just like a PC on your network that attaches to your server and financial data.
Industry Standard Security Best Practices
Network security is a must in any network, but when it comes to a business network, there are a number of security standards and best practices that ensure you have control over your network.
Businesses in certain industries secure. Many different companies require different security standards; one organization for instance is the PCI (Payment Card Industry). The payment card industry has very a strict network security standard.
The below practices are fairly strict and will offer you a great deal of control and protection against data theft and network intrusion.
Modem
We will start from the outside edge of your connection of your network and work our way in from your modem on into client workstations.
The modem is probably the simplest device on the network - you can’t really secure it (beyond performing regular updates), but some ISP’s feature a built in firewall in the modem. This can be turned on or off to work in conjunction with your company’s firewall.
Firewall
The next item to take a look at is your router/firewall. Generally you would have a router that offers several ports you can connect to via a direct Ethernet connection as well as WiFi access.
This firewall will add another layer of protection for when your network connects to the Internet. When configured properly, you would block all unauthorized network connections. As far as protecting the WiFi goes you are best to enable MAC filtering.
Each piece of network hardware has a unique identifying numerical code, called a MAC address. Filtering by MAC lets you set up WiFi so that only devices you explicitly define are allowed to connect to your network.
Once you have MAC filtering in place, you can also encrypt network traffic and use a long secure password. Since the clients on the network will not need to type this password in all the time, it is best to make a complex password containing both capital and lower case letters, numbers, and symbols.
Another option to further increase security when it comes to WiFi connections is to set the access point to not broadcast it’s SSID. This will make it look to the normal person as if there is no wireless connection available.
Server
There are a lot of features that can be enabled at the server to further improve network security. The first item to review is the group policy. Group policy is part of the server operating systems that allows you to centrally manage what your client workstations have access to and how.
Group policies can be created to allow or deny access to various locations on your users’ desktops. You can get as granular as defining a group policy that sets standards on user passwords.
By default, Windows Server 2008’s password policy requires users to have passwords with a minimum of 6 characters and meet certain complexity requirements.
While these settings are the defaults, generally 8-10 characters is recommended as well as mixing upper and lower case letters, numbers, and special symbols. An example of a complex password might be @fF1n!ty (Affinity). This password would meet all complexity requirements and is fairly easy to remember. Passwords should also be forced to reset every so many days. A good time period is roughly 30 days.
One other possible option is to have firewall software installed on the server itself to regulate traffic in and out of the server.
The nice thing about having a firewall on the server itself is that you have the ability to log failed connections to the server itself as well as what that connections is and where it was coming from.
This feature alone gives you a lot more control over the network. For example if you noticed in the firewall logs on the server that a connection you didn’t want getting through was making it to the server you can go back and edit policies on the router/firewall to attempt to further lock down your network from that point as well as blocking it at the server.
One final quick thought on server security is physical security.
Generally it is a good practice to have the server physically locked in a room that only specific people have access to. If you really wanted more control as well you can have the server locked using a system that logs who comes in and out of a room via a digital keypad and their own passwords.
When it comes to your workstations, employees should only be logging into the workstation via their domain login and not using the local admin login.
This will allow you to centrally control via group policy what they can access like stated above. You can also configure roaming profiles so that if someone was to steal a physical workstation they would not have access to any company information as it would all be stored on the server and not that workstation - which is another great reason to have your server locked up.
Employee logins to workstations should also have account lockout policies in place so that if a user attempts to login too many times with an incorrect password, the server would lock them out on that workstation for a time period set by the administrator. One other item you could have in place for various employees is specific time periods their credentials will allow them to log into the systems.
One final step in network security is having good antivirus software installed on your workstations and your server. A compromised machine can be giving your passwords and information away to hackers making it possible for them to waltz right into your network undetected.
You are best protected by having as many of the above security steps configured and working properly on your network.
Determine what your network needs, evaluate the practice after it has been in place for a month and make the proper adjustments to ensure your network is safe. You should also preform regular security audits.
If you would like to see how secure or unsecure your network is give us a call and we can perform a network security audit for you and let you know where you stand!
Featured Article Written By:
Frank Wright
Internet Security: What Are They Surfing At Work?
Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company. |
A recent survey of business owners and IT managers found that employees are using company computers, Internet access, e-mail, and other resources to conduct hours of non-work related activities. And the problem is on the rise.
Some of these activities simply waste time, like day trading and monitoring eBay bids. However, some of the activities are malicious and can cause serious issues with a company’s server and network.
Here are a few incidents that were reported by the IT managers that were surveyed:
• One employee was caught running a gambling website and acting as a bookie for his co-workers.
• To bypass the company’s web filter, one employee was caught using his desktop computer as an FTP server for the other employees. He had downloaded and saved over 300GB of material, all on his work computer, using his company’s Internet connection and undoubtedly slowing down their systems.
• One employee was caught giving away confidential information such as price lists, contracts, and software code for application development.
• Another employee had a pretty lucrative side business stealing and selling company inventory on eBay.
• One woman was caught running an online “outcall” service from her desk.
• One employee was caught renting the corporate IP address to hacker friends to attack other company’s computers and networks.
While these scenarios seem outrageous, they are not uncommon. Of the 300 companies surveyed, almost one-third have fired an employee in the last 12 months for violating e-mail policies, and 52 percent of companies said they have disciplined an employee for violating e-mail rules in the past year.
Educating your employees through an acceptable use policy is simply not enough. If the requirements are not enforced, employees will accidentally or intentionally violate your rules.
That’s why every company needs to invest in good e-mail and web filtering software. Just having it in place will act as a deterrent for such activities. If something really is going on - like an employee leaking confidential information to a competitor or sending racial or sexist jokes through your company’s e-mail - you’ll be able to catch it and resolve the issue proactively, instead of reacting to it after the fact.
Additionally, a good web filter will prevent employees from accessing inappropriate material online, wasting time on non-work activities, downloading viruses and spyware, and using up company bandwidth to download photos and music.
Almost Every Small Business Can Expect To Get Hacked
Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company. |
Juniper Networks recently commissioned a study on small and medium company network security.
The startling result: Over 90% of US companies reported at least one security breach in the last year, with more than half indicating they experienced two or more significant security problems with their networks.
There’s a misconception among a lot of small business owners that they’re safe from cyber attacks, because small companies offer a smaller payback for hacking efforts.
Small business network security is usually lax
The reality is, security policies and procedures at small companies usually make them an easy and simple target for hackers.
While the payout isn’t as large as hacking TJ Maxx, invading a small business’ network usually takes a lot less effort, and the business lacks a sophisticated response system.
Why is hacking so easy?
A new technique, called spear phishing, let’s hackers target a small group of previously identified people. Sometimes, the attack goes after just a handful of people who work at the same company.
Spear phishing does away with the need for hackers to gain access to your passwords. As more companies start to use social media sites such as FaceBook and Twitter, hackers using spear phishing are finding it easier to “trick” unsuspecting employees into installing crimeware on their company computers. This crimeware let’s the criminals access the computer system directly. Once they have access to one machine on your network, it’s easy to connect to the others.
Recent attacks have highlighted the growing need for companies to implement network security controls to catch the bulk of socially engineered spear phishing attacks.
They also need to take measures to quickly detect and contain security breaches.
The first thing you’ll want to do to protect your business is implement a strong firewall (see Frank’s article on page two) that lets you assign security restrictions for users based on the content of websites, and even keywords that might be potentially dangerous.
The next thing to look at is your company’s acceptable use policy. This can be as simple as a few pages added to your employee handbook that outlines what is and isn’t acceptable behavior on your network.
The final thing to examine is your backup and disaster recovery plan. The hacker’s aren’t giving up, which means it’s time to plan for what comes after a security breach.
Firewalls: What Do They Do And Why Should You Have One?
Firewalls are network security devices that protect your internal network (your servers and PCs) from your external network (the Internet).
We’ve put together a basic guide to firewalls - what they are, when you should have one, and why.
What is a firewall?
A firewall is simply a border between the device and the firewall software is installed and running on (and devices on the LAN side of the firewall) and any other devices on the outside of it.
For example, there are many different kinds of firewalls. Windows firewall gives you very basic features, and is built into Windows.
This firewall is designed to block unwanted access to the computer itself and is not designed to protect the rest of the devices on a network.
Another form a firewall can take is a separate device all together.
Having a device that specifically functions as a firewall gives more control over what the firewall can be used to protect.
For example it is possible to buy a firewall appliance that can be attached to the perimeter of your network and block specific connections to your LAN.
When is it a good time to look into using a firewall?
On most Windows based computers Windows firewall is generally on by default so most people already run a firewall on their computers without even knowing it.
That being said, Windows firewall does not give you anywhere near the control or protection of a dedicated firewall product.
If your business requires very strict security and data compliance, or you intend to store highly confidential information (an example would be client credit card numbers), it may be in your best interest to have a third party firewall.
Third party firewalls offer much greater protection and allow the ability to configure specific rules in much greater detail than Windows firewall.
Having the ability to configure rules with more detail makes it possible for you to lock down your network and its possible security holes more tightly.
The reason this is a good idea if you are storing confidential information on a network is that having a firewall gives you control over exactly what comes in and out of your network.
Without this added security it may be possible for your valuable information to be compromised or copied to a remote location without you even knowing it is happening.
Why have a firewall or invest in a better one?
Three words: Vastly improved security. A third party firewall solutions affords you the best protection for your data and network.
If you have important data to secure, a firewall is an excellent step in protecting your network from unwanted access to your network.
If you have questions about your firewall (or lack of firewall) and would like us to evaluate your network security, please give us a call.
Whether it is security holes left open due to a weak firewall or other possible security issues we can help you secure your data!
Why Internet Predators Love Social Network Sites
Internet predators have become a fi xture of sorts on many social media sites which necessitates the need for users to exercise caution.
Since the advent of the Internet “instances” of cyber crime have evolved into regular and expected occurrences.
Now the growing popularity of social network sites has cyber criminals taking direct aim at them with their Internet scams.
What is it that makes the social networks such an attractive target for this type criminal behavior?
Here are 3 very “inviting” reasons:
Casual Atmosphere
Social network sites are meant for just what they imply and that is to socialize.
This type of atmosphere is casual and relaxed therefore people for the most part are NOT expecting devious behavior.
It is just this type atmosphere that cyber criminals depend upon and thrive in. Their ability to manipulate others is based upon a “blind” trust or having others believe in their own sense of security.
Ease of Use
Most social media sites by and large are set up to be easy to use and navigate. This allows even the less than ‘tech savvy’ to become involved, but they also bring along their own naive nature relative to Internet security issues.
This makes them even easier prey since they are unaware of or unfamiliar with many Internet scams.
This ease of use on the other hand has also made it just as convenient for the “sinister online element” to gain access to their unsuspecting prey.
There are no security systems to work around or advanced coding to decipher therefore the “door” is wide open for the criminal element to gain easy access.
Popularity
As we all know crime always seems to gravitate towards the largest population bases offline and this remains true online as well. The very popularity of social media sites has put them in the “cross hairs” of the devious minded predators that lurk on the Internet.
Safety in numbers is NOT something innocent site members can count on when interacting within online social communities.
Internet predators have settled in quite comfortably on many social media sites to the point that they have almost become accepted “fixtures” to users.
For the 3 reasons we have spoken of above cyber criminals are attracted to many of the online communities.
The structure of these sites offers the perfect opportunity for the criminal element to successfully implement their Internet scams.
For the users they must simply be aware that cyber crime does exist and will continue to do so calling for the need to exercise caution when socializing online.