TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

Online Banking: Five Steps To Protect Yourself

I was reading the Wall Street Journal website recently, and came across an interesting article about online bank fraud. The article was about a small business owner in California had over $100,000 stolen from his bank account.

He only recovered about $50,000 of it back. The other $50,000 went to a bank in Europe, where mules (someone who receives the stolen money) started to withdraw the money from the bank account.

How did this happen? The business owner had spyware on his computer that transferred his banking username and password to the hackers. I always shake my head when I read an article like this, because I know it could have been easily avoided.

Anti-virus and anti-spyware
The first step in protecting yourself is to make sure your computer has anti-virus and anti-spyware installed.

If you’re doing online banking, make sure that you’re using commercial quality protection – not something you download from the Internet for free.

The stronger your first layer of protection, the safer you are online.

We see computers every day that don’t have this simplest of protection installed; or, worse, the business owner has installed protection software, but then fails to keep it updated or renewed.

Unified threat management
The next step is to invest in a unified threat management (UTM) firewall. A UTM firewall is miles ahead of the simple DSL or cable routers you’d pick up at the office supply store.

They offer solid protection against viruses, hackers, spyware, and the host of other Internet dangers.

The device scans all Internet traffic in real time, and can protect you even before the anti-virus and antispyware vendors have updated their software for new attacks.

UTM firewalls can also implement web filtering and prevent the computer from reaching the intended attacker.

Web filtering can block access to websites that contain malware and spyware; it can also protect employees from going places they shouldn’t be.

Fortinet is our preferred vendor that makes firewall appliances that do what I describe above. A dedicated firewall and UTM appliance is very effective in helping prevent an attack such as this.

Block SPAM at the source
One of the sneakiest ways hackers can compromise your computer is through email, so you’ll want to look for a rock-solid spam filtering solution. Numerous cloud based (hosted) solutions exist that are very inexpensive. A good spam filter will keep viruses, phishing and other attacks from hitting your email. Reflexion is our favorite cloud based email filtering solution. The product is easy to use, well supported and extremely effective.

With online banking, phishing attacks are very common. Someone creates an email that looks like your bank in an attempt to collect information, you click on the link, and next thing you know, the hackers have your login and password.

Personally, I never open emails from my bank. Most banks will not contact you for important account information with email.

Perform regular maintenance
The fourth step to keeping your computers safe is patch management. Microsoft releases security updates for Windows nearly very week. Having a trained IT professional ensure patches are applied correctly – and quickly – will protect you from any security holes in the software that you’re running.

Most small businesses should look at one of our managed service plans, which provides you with “whatever it takes” service at a low fixed monthly cost.

Pay attention
The final step is a matter of common sense. Most people will go to potentially hazardous websites or click on something they shouldn’t have. My suggestion is if you are doing Internet banking, it should be on a computer that is used the least.

If you are going to go to questionable websites, don’t do it on the computer where you do your banking.

Network Security: Keep Your Network Environment Secure

As more and more people rely on the Internet to get things done in their daily life, network security is more important than ever. Typically, small businesses and home network users haven’t had to worry much about security.

Poor network security exposes you to viruses, spyware, and most dangerous, cyber criminals a.k.a. hackers.

These guidelines and best practices can help eliminate, or at least mitigate, the majority of network breaches and security vulnerabilities.

Security Policy
An active security policy is always the most important item for protection of your network, whether it is in your home or in a business environment.

This is simply a statement, or guideline of the rules and how security is setup in the organization.

This role will govern the level of security users are allowed access to on the network. The roles and responsibilities of each person on the network, as they are part of the system, should be clearly defined.

Passwords
Although the most obvious, it is definitely one of the most important,and often, most neglected ttems.

Be sure to enforce strong passwords across your network – a weak password could lead to a user account being compromised.

Email
Certain email attachments can become a major problem if the wrong one is opened, and a lot of the time it is by accident.

Some of the most common file types to block would be: .bas, .bat, .vbs, and .exe.

Patches/Updates
Be sure your operating system is up to date with most recent patches, security updates, and service packs. This will close many of the vulnerabilities that can be exploited by hackers.

Inventory
Keep a good inventory of your network devices by developing and maintaining a list of all hardware and software components that are implemented on the network.

Try to understand which software applications should be installed, and which provide a weak security configuration so you can monitor those applications.

Adopt The Least Privilege Concept
The least privilege concept influences the network and/or systems administrator to create custom policies for having permissions and access to network resources.

Try to allow only what access is absolutely necessary to users, not giving them more rights to the system than they should have.

Remote Access
Certain ports can be blocked to keep unwanted users from remotely accessing your network and any of its resources.

If you’re one of the many small business owners who also works from home on occasion, there should be a security policy in place for VPN (virtual private network) access and your IT support company should assist with getting connected properly.

Keeping these simple guidelines in mind when thinking security on your network, and you’ll prevent several possible problems from happening, as well as maintaining a safe and effective performing work environment for work and for pleasure, in home or in business.

Do You Know What Junk Email Costs Your Business?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

I used to think of junk email (spam) as just minor nuisance. Not so anymore. Today, spam is a major problem that costs businesses more than $100 billion a year in lost productivity and mitigation and prevention measures.

Spam used to be sent primarily by small time hackers trying to sell hair restoration, fake university degrees, and of course, anatomy enhancement pills.

The junk mail to real mail ratio was small, and spam didn’t take up a lot of room in email boxes. Spam didn’t place a huge burden on email servers, and they were easy to block.

Today, small time scammers are still responsible for some of those spams. The majority, however, are the work of organized criminals who use spyware and botnets to flood inboxes with an unprecedented amount of junkmail.

Spam profits can be huge. Hot stock tip scams, where criminals use spam to artificially create interest in a stock and raise the share price, can net the spammers millions of dollars.

Phishing scams, designed to steal your identity, can provide criminals with access to a mass amount of credit card data and sensitive corporate information.

Estimates put the cost of phishing alone at more than $8 billion in 2009.

With so much money at stake, spammers are constantly looking for new ways to get their junk emails past spam filters and to make their scams appear more convincing.

It has also drove an increase in the volume of junk mail. More than 2.8 million emails are sent every second – over 247 billion per day. Over 90% of that is junk email.

The cost to business
So, how does spam cost your business money?

Lost productivity: Experts put the labor cost of deleting each junk email at around four cents. By itself, that’s not all that significant. Multiply that, though, by perhaps 20 employees, each deleting 50 junk emails per day, and you’ll be spending over $14,000 over the course of a year.

Computer and network costs: Spam sucks up Internet bandwidth, and server storage space, both of which are significant costs to your business. This is especially true since a lot of spammers are using attachments to get around spam filters.

Security breaches and infections: Most malware and spyware infections are distributed via hacked websites. Even so, email has become more and more popular for infecting innocent users.

If your network becomes infected as the result of spammed spyware or malware, you’ll be facing a potentially expensive clean-up operation.

Phishing emails can lead to the exposure of sensitive corporate or financial information.

What you can do
The most effective way to prevent spam is to block it before you see it. We have dozens of clients with several hundred e-mail accounts currently utilizing our e-mail filtering system. We eliminate over 98% of the junk mail you normally would receive before our clients ever see it.

Our Experts Total Defense spam filtering system lets only the relevant and important messages come through.

You’ll have a clean inbox every day, and your Blackberry won’t ring all day with junk emails. You and your staff will become much more efficient and e-mail will be more useful again.

Plus, Experts Total Defense offers email archiving and off-site storage, saving valuable drive space on your servers.

You can use our filtering system if you have email hosted with us, or if you have your own in-house e-mail server (like Microsoft Exchange and Small Business Server). Give me a call if you’d like more information.

FBI: Rogue Antivirus Scammers Have Made $150M

They’re the scourge of the Internet right now and the U.S. Federal Bureau of investigation says they’ve also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs.

The FBI’s Internet Crime Complaint Center (ICC) issued a warning over fake antivirus software, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers.

This software can appear almost anywhere on the Web. Typically, the scam starts with an aggressive pop-up ad that looks like some sort of virus scan. Of course, the scan turns up problems, and the pop-up says the only way to get rid of them is to pay with a credit card.

This is always a bad idea. At best, the software is subpar. At worst, it could result in viruses, Trojans and/or keyloggers being installed on the computer. Identity thieves often use keyloggers to gain access to credit
card numbers, bank account information, and computer users’ social security numbers.

The tactics of the scareware have caused significant losses to users. The FBI is aware of an estimated loss to victims in excess of $150 million.

The IC3 says that users who see these unexpected antivirus pop-up warnings should shut down their browsers or their computers immediately and then run an antivirus scan to see what’s going on.

Think Security Is a Problem Only for Big Companies? Think Again!

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Information technology (“IT”) security is sometimes thought of as a problem only for the largest companies, whose data protection lapses expose customer information and result in front-page coverage.

Small and mid-sized businesses,of course, are just as susceptible to malware and network intruder attacks. In some cases, small companies confront a greater challenge. While large businesses and government agencies employ chief information security officers and IT security staffs, smaller firms usually don’t. This places the small business owner in a DIY situation.

Small businesses face many security vulnerabilities, but the SANS Institute, a think tank that focuses on IT training and certification, cites two pressing problems: unpatched software running on PCs and vulnerable web-based applications. Email attacks, dubbed “spear phishing,” specifically target unpatchedvulnerabilities in frequently used products, such as Adobe Acrobat, QuickTime and Microsoft Office.

The second factor, at-risk web applications, account for a sizable chunk of known security gaps. Assaults focused on web applications represent more than 60 percent of the total attack attempts observed on the internet, according to SANs.

Getting a Grip
Making sure current security patches are installed on applications and shoring up web application defense are just two chores small company owners face. They need to consider internal lapses – such as employees divulging intellectual property via e-mail – as well as external threats. In addition, many firms must meet regulatory compliance directives. A retailer handling credit card data must comply with the Payment Card Industry Data Security Standard.

With all of the security issues and products to address them, small businesses may have trouble knowing where to begin.

A vulnerability assessment, also referred to as a risk analysis, comes in handy here. Such an assessment aims to define the scope of an organization’s security issues, thereby identifying likely areas for investment in protection.

The key steps in a vulnerability assessment include taking stock of a company’s IT assets – servers, applications, networks, client-side devices among other gear. With this census in hand, a business can move on to prioritize assets according to their value to the business. The next phase is to zero in on vulnerabilities, starting with the more important assets.

Getting Started
Small businesses seeking to start down the vulnerability assessment track can turn to a few self-help resources. For example, the National Institutes of Standards and Technology (NIST) offers its eScan Security Tool, which was designed for small businesses: https://www.mepcenters.nist.gov/escan/.

The tool prompts users through a series of questions that touch upon such topics as computer virus protection, back-up policies, and the physical security of computer systems. At the end of the questioning, the tool generates a report with suggestions for improving IT security.

NIST also offers a guide to small business information security, which includes a section on identifying and prioritizing information. You can download a copy at http://csrc.nist.gov/publications/drafts/ir-7621/.

Small business owners can also opt to hire an IT consultant to help conduct theassessment. The task of automated vulnerability scanning, for instance, may call for an expert who can interpret the results and distinguish between “false positives” and legitimate concerns.

An company must take care in hiring an outsider. The consultant will learn all about your weaknesses and must be of the highest integrity. Client lists and referrals should provide the evidence. Security certifications, whether vendor-specific (e.g., Cisco Certified Security Professional) or independent (e.g., Certified Information Systems Security Professional), also help guide selection.

LoJack For Laptops

The technology behind Computrace LoJack for Laptops by Absolute Software is the Computrace Agent, a small software client that is embedded into the BIOS firmware of most computers at the factory. Or Tech Experts can install this agent for you.

The Agent in your computer maintains daily contact with the Absolute Monitoring Center. If you report your computer stolen, Agent contact will increase to every 15 minutes.

Increased contact allows Computrace to obtain specific details like the physical location of your computer, any activity that has occurred post-theft, and other important data that will aid Computrace in working with local law enforcement to catch the thief and return your property to you.

Regardless of recovery status, you can remotely delete data to remove some or all of the information stored on your computer so that it doesn’t fall into the wrong hands.

This could include files and applications containing personal photos, internet bookmarks, browser cookies, financial information, and stored passwords.Everything an identity thief would need to steal your identity.

On the web: www.absolute.com

Tired Of Being Tied Down? It’s Time To Lose The Wires!

Security Tips For Your New Wireless Network

With the decline in the cost of wireless equipment and “point and click” configuration ability most newer equipment offers, more and more people are setting up wireless networks in their homes and businesses.

One key configuration that is often missed, though, is security of the wireless network.

Is the wireless connection you’re using secure, is your data in jeopardy, and is your identity safe?

You might be asking yourself “How do I secure my network, and what does it mean so say a wireless network is unsecure?”

If a network is classified as unsecure, it means that the network can be accessed without the need for a key, or password. You’ll find unsecure networks in a lot of public places, such as coffee shops and airports.

The problem is that once a  user is connected to an unsecure network, it is possible they could access network resources such as files, folders, printers, etc. that are shared on your computer – many times, without you even knowing.

As you know, this could be a world of trouble if your confidential data is obtained by an unknown user.

A number of things can be done to ensure your wireless network is safe, network resources are protected, and your data is securely stored on your system.

Firewall
Software or hardware devices can be implemented, and are one of the first lines of defense, to prevent unauthorized access of your wireless network. Most wireless routers include basic firewall protection – it just has to be turned on when the unit is configured.

SSID
The SSID is the name of your network. Most routers come with a default SSID, which, if left that way, is a sign of a poorly configured network. This makes you an easy targets for hackers.

Password Changes
By default, wireless routers have a standard username and password that can be easily looked up on the web.

You should definitely set up your own username and password to access your wireless device’s setup screens, so hackers or unwanted Internet users can’t go into the settings on your router and make changes to your security settings.

Be sure to follow standard password security when coming up with the password for your wireless router – you don’t want hackers to be able to easily guess your password, and access your setup screens.

Signal Strength
Most routers allow you to set the signal strength of the network broadcast. Turning the signal down on your router lowers the  chances of outsiders being in range of your wireless network.

Enable Encryption
This is one of the most important steps to securing your wireless network- require a key or network password in order to connect to the wireless network.

There are several types of encryption, the most common being WEP, WAP, and WAP2. Each provides a different level and method of network security. Any form of encryption is better than having an open wireless network.

Securing your wireless network plays a key role in the protection of your data, network resources, and overall privacy when you’re using a home or work network. It’s a quick and easy process, requiring just a few changes to the default setup. The peace of mind and convenience of wireless networking are worth the extra few steps.

7 Tips For Working Securely From Wireless Hotspots

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Wireless hotspots are changing the way people work.

These wireless networks provide high speed Internet access in public locations—as well as at home—and require nothing more than a notebook PC with a wireless card.

From coffee shops to restaurants, airports to hotel lobbies, hotspots are ubiquitous. They range from paid services, such as T-Mobile or Boingo, to free connections at your local restaurant or library.

But they all have one thing in common: These are all open networks that are vulnerable to security breaches. And that means it’s up to you to protect the data on your PC. Here are a few tips to make working in public locations more secure.

Encrypt your files.
You can protect your files by encrypting them, which requires a password to open or modify them. Because you must perform this procedure on one file at a time, consider password-protecting only the files that you plan to use while working in a public place.

Choose more secure connections.
It’s not always possible to choose your connection type—but when you can, opt for wireless networks that require a network security key. The information sent over these networks is encrypted, which can help protect your computer from unauthorized access.

The security features of different networks appear along with the network name as your PC discovers them.

Make sure your firewall is activated.
A firewall helps protect your mobile PC by preventing unauthorized users from gaining access to your computer through the Internet or a network. It acts as a barrier that checks all incoming information, and then either blocks the information or allows it to come through. All Windows operating systems come with a firewall.

Monitor your access points.
Chances are, there are multiple wireless networks anywhere you’re trying to connect. These connections are all access points, because they link into the wired system that gives you Internet access. So how do you make sure you’re connecting to the right one? Simple—by configuring your PC to let you approve access points before you connect.

Disable file and printer sharing.
File and printer sharing is a feature that enables other computers on a network to access resources on your computer. When using your mobile PC in a hotspot, it’s best to disable file and printer sharing because when enabled, it leaves your computer vulnerable to hackers. Remember, though, to turn this feature back on when you return to the office.

Make your folders private.
When the folders on your mobile PC are private, it’s more difficult for hackers to access your files.

Consider completely removing sensitive data from your PC.
If you’re working with extremely sensitive data, it might be worth taking it off your notebook PC altogether. Instead, keep it behind the corporate firewall and use your company’s VPN to access it when necessary. This way, you have multiple safeguards in place.

A few simple precautions can help make working in public places more secure. And by selecting the best connections and adjusting settings, you can enjoy productive and safe work sessions no matter where you are.

How To Keep Hackers At Bay

No one wants to have their network “hacked,” but what exactly can a hacker do?

Plenty, and you are right to be afraid!

One common way for hackers to access your network is through spyware or viruses, which are malicious programs written to imbed themselves into your network to gather private information, steal financial data, access passwords, e-mail addresses, and spread themselves to other users. But one of the most common ways for hackers to access your system is through e-mail, or spam e-mail to be more specific.

Phishing is when a hacker sends you a legitimate looking e-mail from a trusted source — like PayPal, your bank, eBay, or any number of other legitimate business web sites. These e-mails will tell you that your account is expired or will be closed if you don’t go to a designated web site and update or verify your account information.

Although you may have seen these e-mails before, be very careful! Hackers are brilliant at making not only the e-mail seem legitimate, but also at making the web site you go to look like the real thing.

If you fall prey to their scam, the site will gather your private information and then use that to access your bank account or to charge your credit card. To protect yourself, install a spam filter and NEVER open or respond to any e-mail requesting account verification. Instead, call the company. If it is a legitimate request, you can verify that with them over the phone.

How To Keep Your Laptop Safe and Secure

You can’t beat the convenience of checking e-mail and hopping on the Internet at (Wi-Fi) hotspots found in airports, coffee shops, and bookstores. For the uninitiated, hotspots are areas where you can use your wireless laptop to surf the Web.

But the question you have to ask yourself is, just how safe are hotspots? With the proliferation of hackers, viruses and identity theft at an all time high, you’re smart to be concerned. Wi-Fi spots are very attractive to hackers because they can use what’s called an “evil twin” connection to access your laptop.

An evil twin is a hotspot set up by a hacker to lure people from a nearby, legitimate hotspot. For example, when you log in at your favorite coffee shop, you might actually be logging onto the evil twin Internet connection set up by the innocent-looking person working on a laptop at the next table. The most dangerous evil twins remain invisible and allow you to do business as usual. But in the background, they record everything you are typing. Buy something online and they are recording your credit card information. Log on to your bank account, and they can grab your password.

So what can you do to make sure you are not giving an evil twin access to your laptop?

First, know the name of the hotspot you’re going to use by asking someone who works there. Some businesses will give you printed instructions that include the hotspot name. But be careful. Hackers will name their evil twin network by a very similar name as the real hotspot, and may even show up as a stronger signal.

The best protection you can have is connecting via your company’s VPN (virtual private network). A VPN will protect your online information by encrypting your data and activity even if you’re connected through an evil twin.

If you don’t have a company VPN, you should assume that someone is looking over your shoulder and recording everything you type in. Therefore, the BEST protection without a VPN is to never type in information such as credit cards, passwords, or social security numbers when connected to a public Wi-Fi hotspot.