TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Online Security

Internet Security: What Are They Surfing At Work?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

A recent survey of business owners and IT managers found that employees are using company computers, Internet access, e-mail, and other resources to conduct hours of non-work related activities.  And the problem is on the rise.

Some of these activities simply waste time, like day trading and monitoring eBay bids. However, some of the activities are malicious and can cause serious issues with a company’s server and network.

Here are a few incidents that were reported by the IT managers that were surveyed:

• One employee was caught running a gambling website and acting as a bookie for his co-workers.

• To bypass the company’s web filter, one employee was caught using his desktop computer as an FTP server for the other employees. He had downloaded and saved over 300GB of material, all on his work computer, using his company’s Internet connection and undoubtedly slowing down their systems.

• One employee was caught giving away confidential information such as price lists, contracts, and software code for application development.

• Another employee had a pretty lucrative side business stealing and selling company inventory on eBay.

• One woman was caught running an online “outcall” service from her desk.

• One employee was caught renting the corporate IP address to hacker friends to attack other company’s computers and networks.

While these scenarios seem outrageous, they are not uncommon. Of the 300 companies surveyed, almost one-third have fired an employee in the last 12 months for violating e-mail policies, and 52 percent of companies said they have disciplined an employee for violating e-mail rules in the past year.

Educating your employees through an acceptable use policy is simply not enough. If the requirements are not enforced, employees will accidentally or intentionally violate your rules.

That’s why every company needs to invest in good e-mail and web filtering software. Just having it in place will act as a deterrent for such activities. If something really is going on – like an employee leaking confidential information to a competitor or sending racial or sexist jokes through your company’s e-mail – you’ll be able to catch it and resolve the issue proactively, instead of reacting to it after the fact.

Additionally, a good web filter will prevent employees from accessing inappropriate material online, wasting time on non-work activities, downloading viruses and spyware, and using up company bandwidth to download photos and music.

Strong Passwords Keep Your Personal Information Secure

A recent ZoneAlarm survey revealed that 79 percent of consumers use risky password construction practices, such as including personal information and words.

The survey also revealed that 26 percent of respondents reuse the same password for important accounts such as e-mail, banking or shopping and social networking sites.

In addition, nearly 8 percent admit to copying an entire password found online in a listing of “good” passwords.

Given these numbers, it’s no wonder that 29 percent of respondents had their own e-mail or social network account hacked, and that over half (52 percent) know someone who has had a similar problem.

The first step a hacker will take when attempting to break into a computer or secure account is try to guess the victim’s password.

Automated programs are available to repeatedly guess passwords from a database of common words and other information.

Once a hacker gains access to one account, almost 30 percent of the time that information can be used to access other sites that contain financial data such as bank account numbers and credit card information. To ensure you stay safe online, here are a few tips for creating a strong password.

Use Unique Passwords For Each Account
Choose different and unique passwords for each account.

Passwords Should Be Eight To Ten Characters Long
Choose a password that is at least eight to 10 characters long. This should be long enough to prevent brute force attacks, which consist of trying every possible combination of a password until the right one is found.

Avoid Using Personal Information
Make sure your password is difficult for someone to guess. Do not use names of any kind, including your login name, family member’s name or a pet’s name. Also avoid using personal information such as a phone number, birthday or place of birth.

Avoid Words In The Dictionary
Avoid words that can be found in the dictionary. With the availability of online dictionaries, it is easy for someone to write a program to test all of the words until they find the right one.

Avoid Repeating Characters Or Sequences
Stay away from repeated characters or easy to guess sequences. For example: 77777, 12345, or abcde.

Use Numbers, Letters And Special Characters
Choose a password that is a mixture of numbers, letters and special characters. The more complex and random it is, the harder it will be to crack.

Use Word Fragments
Use fragments of words that will not be found in a dictionary. Break the word in half and put a special character in the middle.

Frequently Change Your Passwords
Change your passwords often. Even if someone cracks the system password file, the password they obtain is not likely to last long.

Cyber crime is on the rise. Taking the time to actively choose secure passwords will protect your identity, banking information and personal information. And remember, writing your password on a sticky note on your monitor isn’t secure!

Online Banking: Five Steps To Protect Yourself

I was reading the Wall Street Journal website recently, and came across an interesting article about online bank fraud. The article was about a small business owner in California had over $100,000 stolen from his bank account.

He only recovered about $50,000 of it back. The other $50,000 went to a bank in Europe, where mules (someone who receives the stolen money) started to withdraw the money from the bank account.

How did this happen? The business owner had spyware on his computer that transferred his banking username and password to the hackers. I always shake my head when I read an article like this, because I know it could have been easily avoided.

Anti-virus and anti-spyware
The first step in protecting yourself is to make sure your computer has anti-virus and anti-spyware installed.

If you’re doing online banking, make sure that you’re using commercial quality protection – not something you download from the Internet for free.

The stronger your first layer of protection, the safer you are online.

We see computers every day that don’t have this simplest of protection installed; or, worse, the business owner has installed protection software, but then fails to keep it updated or renewed.

Unified threat management
The next step is to invest in a unified threat management (UTM) firewall. A UTM firewall is miles ahead of the simple DSL or cable routers you’d pick up at the office supply store.

They offer solid protection against viruses, hackers, spyware, and the host of other Internet dangers.

The device scans all Internet traffic in real time, and can protect you even before the anti-virus and antispyware vendors have updated their software for new attacks.

UTM firewalls can also implement web filtering and prevent the computer from reaching the intended attacker.

Web filtering can block access to websites that contain malware and spyware; it can also protect employees from going places they shouldn’t be.

Fortinet is our preferred vendor that makes firewall appliances that do what I describe above. A dedicated firewall and UTM appliance is very effective in helping prevent an attack such as this.

Block SPAM at the source
One of the sneakiest ways hackers can compromise your computer is through email, so you’ll want to look for a rock-solid spam filtering solution. Numerous cloud based (hosted) solutions exist that are very inexpensive. A good spam filter will keep viruses, phishing and other attacks from hitting your email. Reflexion is our favorite cloud based email filtering solution. The product is easy to use, well supported and extremely effective.

With online banking, phishing attacks are very common. Someone creates an email that looks like your bank in an attempt to collect information, you click on the link, and next thing you know, the hackers have your login and password.

Personally, I never open emails from my bank. Most banks will not contact you for important account information with email.

Perform regular maintenance
The fourth step to keeping your computers safe is patch management. Microsoft releases security updates for Windows nearly very week. Having a trained IT professional ensure patches are applied correctly – and quickly – will protect you from any security holes in the software that you’re running.

Most small businesses should look at one of our managed service plans, which provides you with “whatever it takes” service at a low fixed monthly cost.

Pay attention
The final step is a matter of common sense. Most people will go to potentially hazardous websites or click on something they shouldn’t have. My suggestion is if you are doing Internet banking, it should be on a computer that is used the least.

If you are going to go to questionable websites, don’t do it on the computer where you do your banking.

FBI: Rogue Antivirus Scammers Have Made $150M

They’re the scourge of the Internet right now and the U.S. Federal Bureau of investigation says they’ve also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs.

The FBI’s Internet Crime Complaint Center (ICC) issued a warning over fake antivirus software, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers.

This software can appear almost anywhere on the Web. Typically, the scam starts with an aggressive pop-up ad that looks like some sort of virus scan. Of course, the scan turns up problems, and the pop-up says the only way to get rid of them is to pay with a credit card.

This is always a bad idea. At best, the software is subpar. At worst, it could result in viruses, Trojans and/or keyloggers being installed on the computer. Identity thieves often use keyloggers to gain access to credit
card numbers, bank account information, and computer users’ social security numbers.

The tactics of the scareware have caused significant losses to users. The FBI is aware of an estimated loss to victims in excess of $150 million.

The IC3 says that users who see these unexpected antivirus pop-up warnings should shut down their browsers or their computers immediately and then run an antivirus scan to see what’s going on.

New Phishing Schemes You Should Know About

I know growing up as a child, I loved to go fishing. I never caught very many fish, but just being out on the water “drowning worms” was good enough for me. As the years have passed, though, a new kind of “phishing” has emerged.

The term phishing refers to luring techniques used by identity thieves to fish for personal information in a lake of unsuspecting Internet users.

Their purpose is to take this information and use it for criminal objectives such as identity theft and fraud.

Phishing is a general term for the creation and use by criminals of emails and websites – designed to look like they come from well-known, legitimate and trusted businesses, financial institutions and government agencies – in an attempt to gather personal, financial and sensitive information.

These criminals deceive Internet users into disclosing their bank and financial account information or other personal data such as usernames and passwords.

Today a new form of phishing appears to be spreading through social websites such as Facebook. This new scam works like this.

As soon as you login to the site, it will steal your email and password and then log you into Facebook. Within a short period of time the system will automatically switch your password and block you from the site. It then begins to send the same URL to all of your Facebook friend’s inboxes.

As this spreads, the criminals gather thousands of email addresses and passwords before Facebook can stop all references to the website.

The scammers have developed a method to duplicate the scam immediately and the next thing you know they have four or five phishing scams going on at the same time all over Facebook. This allows them to gather hundreds of thousands of victims very quickly.

It is not known yet what these people intend to do with all these addresses, but you can almost guarantee that they will result in a malicious worm at some point. The potential to access a user’s financial information and accounts could result in the loss of millions of dollars.

Another form of phishing is called “in session” phishing. This form does not use email nor does it rely on the user having to be tricked into clicking on a link.

It works like this. Let’s say you go to your banking website that is secure. You login and take care of your business, then leaving that browser window open you innocently go to another website that has been compromised. All of a sudden a pop-up asks you to validate your login to continue your banking session.

Remember two things must happen in order for this scam to work. First, a website must be compromised and infected—the higher traffic the better, obviously.

Second, the downloaded malware must be able to identify whether or not the unknowing user is logged into a relevant website.

Most banking institutions have taken steps to prevent this. One step is having a rapid disconnect of an idle session.

But in order to be safe we would recommend closing all browser windows after you have visited a secure banking website.

In addition it is very important to keep your system free of all spyware, malware and viruses.

Tech Experts has certified technicians that clean these types of infections and malware from computers every day. We urge you to take advantage of our system checkup and cleaning service to keep your identity to yourself.

QuickTime Video Software Target Of Hacker Attack

We all remember that it was not too long ago when Microsoft had left a huge hole for attackers to exploit in Windows XP.  Microsoft corrected the error by releasing a new security update and including it as an important update in the Windows Update service.

Now for the third time, attackers have found a new vulnerability in Windows. This attack only affects Windows XP, Windows 2003 server and Windows 2000. Windows Vista, Server 2008 and surprisingly Windows 7 aren’t affected.

Microsoft has already discovered that the attackers are using the code on many different video websites. The attack starts with a QuickTime video and exploits a problem in the Direct X software that Windows uses in almost everything you do, from watching videos to playing video games.

The hackers are using the code in QuickTime files which is the default video for Apple, but not in Windows. You most likely have QuickTime installed on your PC if you have an iPhone or iPod.

The malicious code is hidden inside video files, and allows the attacker to execute any kind of program he would like on the victim’s personal computer. Then, depending on what the attacker planned to do, they could take over your computer or make all your data disappear.

In order to get infected, you’d have to open an infected QuickTime file. Opening the file allows the hacker to have control of your computer. This virus code could be sent by an attachment in email or posted on any website. You’d just have to click and download the file in order to infect your computer.

According to the developers of QuickTime, QuickTime is not the flawed code, but rather, the code inside Windows that displays the QuickTime movie using Direct X is to blame.

The reason the newer operating systems are not vulnerable to these attacks is that the code was removed when Microsoft began development of Windows Vista.

Microsoft has already released two fixes for this security vulnerability. One is pretty technical and requires the user to edit the system registry. The second is a tool that Microsoft has built to automatically disable this feature.

Microsoft hasn’t released a patch, but said that once they do, users that used the automated tool will automatically have the parser turned back on.

Top Four Threats Attacking Your Network And What You Can Do About Them

Do you ever feel like your computer network could be more secure? Chances are, keeping a few simple things in mind will improve security and reduce downtime. Here are some things to look out for.

Social Networking Sites
Social networking sites like Facebook are exploding in popularity. Threats range from malware (e.g. viruses, worms,spyware) to scammers trying to steal your identity, information and money. Many businesses and government agencies are
using these sites to communicate with clients and constituents, so simply blocking access is no longer reasonable. Defending your company while allowing employee access requires social network education for your employees and the enforcement of strong acceptable use policies. We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network
access.

Attacks On Mobile Devices
Everyone is going mobile these days not just the “road warriors.” Once limited to laptop computers, mobile network devices now include PDAs, handheld computers and smart phones, with new appliances appearing in the stores every month. Mobile devices often contain sensitive data yet they are easily lost or stolen. Be sure to password protect and encrypt data on all mobile devices whenever possible. Include mobile devices in your acceptable use policy.

Cloud Computing
“The Cloud,” in its most simple form, involves using the Internet to access and store your data. When you access email using a web browser, you are working in “the cloud.” Using the cloud for automated off site backup is rapidly gaining popularity and is just the beginning. Companies like Microsoft, IBM and Google envision the day when we will use inexpensive terminals instead of computers to run programs and access data located somewhere on the Internet. You need to be sure that any data you store and access across the Internet is secure not just where it is stored, but during the trip to and from the Internet.

Overconfidence
User overconfidence in security products is the top threat to your network. Failure to “practice safe software” results in nuisance attacks like porn storms (unstoppable rapid fire pornographic pop-ups) and more subtle key loggers that steal passwords. Surveys promising free stuff, result in theft of information like your mother’s maiden name, high school, etc. used to answer common security questions leading to theft of otherwise secure data. Think before you click!

How To Pick A Good Password

What’s the most common password? You guessed it…”password.” Obviously this is not the best way to protect yourself against hackers and online thieves. But even if you don’t use the word “password,” you might be using an equally easy password to decipher.
We suggest you DON’T use the following passwords for really important web sites, such as your online banking web site or other financially related sites.
• Your name or your spouse’s name.
• Your children’s names.
• Your pet’s name.
• Your birth date.
• The last four digits of your Social Security number.
• Your phone number.
• Your address.
• A series of consecutive numbers, such as “1, 2, 3, 4.”
• A single word that would appear in a dictionary.
Your best bet for creating a strong password: Use combinations of letters, numbers and special characters.

School is Back in Session

How to Keep Your Kids Safe Online

With school back in session, thousands of children will be surfing the Internet to conduct research, chat with their new classmates and complete homework assignments.

Although the Internet provides a tremendous learning tool for children, left unchecked it can also expose them to inappropriate material and unscrupulous individuals looking to exploit innocent children.

The Statistics of Online Abuse Towards Children Are Alarming

According to a survey conducted by NetAlert, nearly one child in every five has been approached online by a stranger, and 45% have been exposed to material that is pornographic, sexually explicit, violent, racist, or that encourages them to participate in dangerous or illegal activities.

One of the biggest threats are social networking sites like MySpace.com.

But MySpace isn’t the only threat.

According to Highlights of the Youth Internet Safety Survey conducted by the U.S. Department of Justice, one in five children received unwanted sexual solicitations online. There are a growing number of pedophiles using the Internet to gain a child’s confidence and arrange face-to-face meetings.

These cyber criminals are using everything from spam e-mails to online messaging, kid’s chat rooms, and misleading domain names to trap children. If your child uses the Internet, you must take measures to protect them from these dangers.

As part of our back-to-school newsletter edition, we’ve outlined 3 things you should be doing now to keep your kids safe online.

3 Things You Can Do Right Now To Protect Your Children Online

1. Install web and e-mail filtering software to prevent your children from viewing inappropriate material. We recommend using www.bsafeonline.com. Not only will this prevent your children from visiting inappropriate web sites, but it will also stop inappropriate spam.

2. Talk to your kids about online safety and proper Internet usage. Set limits and guidelines about when they can go online, what they can do, and how long they are allowed to be online. Explain why it is dangerous for them to “chat” with strangers online or download suspicious looking files.

3. Give your children specific online guidelines or rules to follow when using the Internet. It’s not enough to warn them about potential risks; pedophiles know how to cloak their identity and gain a child’s confidence to arrange face-to-face meetings.

Require Your Kids To Follow These Rules Online:

  • I will not give out personal information such as my address, telephone number, parents’ work addresses, or our e-mail address to anyone online.
  • I will tell my parents right away if I see a web site, e-mail, or message that makes me feel uncomfortable.
  • I will never send my picture to anyone online or upload my picture to any web site without my parent’s knowledge and permission.
  • I will never agree to meet someone face-to-face whom I met online without my parents’ knowledge and permission.
  • I will not respond to any messages that are mean or that make me feel uncomfortable in any way.
  • If I get a message like that, I will tell my parents right away so that they can contact the online service.
  • I will never give my parents’ financial information to anyone, especially their credit card information, bank account information, or social security number.

If you want more information on how to keep your children safe online or to report illegal, violent, or explicit acts towards children, go to www.cybertipline.com.

This site is run by the National Center for Missing & Exploited Children and is a great resource for parents, teachers, and guardians.

 

Raise IT Security Measures And Lower Your Stress

Updating Your Network Security Protects Your Valuable Data

Simplify. Prevent problems. Do it right, not over. These are just a few of the phrases among the most popular published in “Stress Reducing Tips” articles. But, how do you achieve these goals?

Take a look at your IT security measures first. Protecting your information systems from unauthorized use, disruption or destruction can help you reduce the number of stressful incidents that may arise as a result of a vulnerability. How can you decide what level of security is right for your organization?

Dive into a threat and risk analysis.
We can work with you to review the current security mechanisms and determine what needs to be protected. The level of security necessary for your business is largely reliant on the possible threats. If you have many employees, you may have a greater interest in user account changes versus a small dental practice whose chief concern is confidentiality.

Take advantage of our Free Network Audit and learn about the current options available for firewalls, controlled accessibility, anti-virus, spam filtering and much more.

Take time to develop a plan. Listen to employee feedback, analyze your current operations and review key points for development within your company in order to simplify business processes and protect your company data.

Think of the future.
Is your organization in growth mode or are you looking to stabilize your current position? Many clients come to us with only a few changes and end up with many things they would like completed to help increase security, increase efficiency, decrease operating costs or prepare for the future.

Prevent problems.
Security is everyone’s responsibility. According to Datapro Research, the most common causes of damage are: Terrorism, 3%; water, 10%; technical sabotage, 10%; dishonest people, 10%; fire, 15%; and, finally, human error, 52%. Unfortunately, 81% of this damage is caused by current employees.

You could install the most elaborate security and computer protection systems available, but if passwords are written on sticky notes and stuck to computer monitors in the office, or saved in Word documents, we cannot guarantee security.

New threats and vulnerabilities emerge everyday that can endanger your company. Take a preventive approach to managing your information systems with reliable security measures and proper staff training.

Firewalls and virus protection must be current. If you don’t know if these measures are in place, we can help you identify current software installed and enable or update them if necessary. A good anti-virus or firewall solution will automatically update itself as new updates are available.

Spam filtering is essential and can solve many e-mail problems that plague your inbox. Everyday spammers find new ways to get into e-mail inboxes. A lot of spam is simply unwanted advertising that is just annoying and takes up space. Some, though, are used to transmit viruses, adware or spyware that can eventually infect your entire network.