TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

Beware Of These Tax Return Scams

In the online world, it seems that there is always a new threat cropping up on the horizon. There is one, however, that has been returning year after year following the onset of online tax filing.

This is the prime time for tax phishing scams, and it is important to recognize the signs of a cyber-criminal going after your identity and holdings.

Since tax season is often a mystifying time financially with ever-changing laws that directly affect your pocketbook, it isn’t far-fetched to believe the IRS or a related government agency may need to double-check your data or ask for additional information via email or text.

This is a situation that sophisticated thieves are well aware of, and they do not hesitate to exploit citizens’ lack of knowledge of how the revenue service actually conducts its business.

In fact, approximately 25,000 phishing emails (messages asking for personal data like Social Security numbers and the like) and 611 scam websites were shut down during the last tax season. It is probable that far more efforts went unreported.

Fortunately, it is easy to thwart criminals’ efforts to gain access to your personal information and financial holdings when you are on the alert.

First, no government agency will ask for such information through an unsecured email or text. If the tax agency, tax-preparation company, or related organization needs additional sensitive information from you, you will be contacted by mail, phone, or directed to a secure website.

In the case you are suspicious of a particular communication, double check that the email or physical address matches that of the legitimate organization.

Also, beware of messages that do not use your full name with something generic, such as “Dear valued customer,” or warn that there will be dire consequences if you do not reply right away.

If there is any doubt whether an email or text is a scam, report it to the organization in question or law enforcement agencies.

Remote Access And Security For Your Business

Working remotely is on the rise and is revolutionizing how business is conducted as a whole. As companies make the switch from centralized networks that require being physically present in the office to expansive virtual environments, it is possible to access corporate data from just about anywhere. Those companies that resist embracing remote access risk being left behind technologically and miss out on all of the benefits using things like clouds or application virtualization can bring.

Just by providing remote access to corporate files and programs, employees can work from anywhere on the fly. This allows your team to work on projects while at home or out of town, greatly increasing productivity and reducing the stress of trying to meet deadlines when life gets in the way and prevents being physically in the office. Remote access also lets employees view or share important documents from other devices, such as smartphones or tablets, to quickly verify information on the fly or perform last-minute tasks with ease.

With remote access, new security concerns also arise. With the transfer of sensitive data, there is the risk of it being intercepted by a third party that isn’t committed to your company’s success or has the intent of doing harm.

Consequently, it crucial to secure your remote access system. Secure remote access will ensure that files are encrypted during transfer, scan for malware, authenticate user identity, and control who has access to particular information.

In these ways, proper security measures not only prevent those outside the company from gaining access to private data, but also manage who can view and use data internally.

With the proper security, a business can thrive beyond expectation. Employee performance can skyrocket by having access to work data 24/7 and from any location because physical presence in the office is no longer a prerequisite to getting work done.

Business continuity is also greatly improved because inclement weather or natural disasters don’t shut down operations and the meeting of deadlines. Secure remote access can even boost employee morale and productivity by facilitating work in varied locations using multiple access mechanisms.

If you require assistance setting up or securing remote access to your business, let us know and we will show you what works best for your situation.

CryptoWall 2.0: Ransomware Is Alive And Well

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

CryptoWall is the latest strain of ransomware to rise to prominence, extorting more than $1 million from victims and wreaking havoc on thousands of police departments, businesses, and individuals across the globe.

On the surface, CryptoWall is similar to its better-known predecessor Cryptolocker, another strain of crypto-ransomware. But there are many differences.

Victims are typically infected with CryptoWall by opening a malicious email attachment, though drive-by-downloads on websites are also possible. The email attachments are often zip files that contain executables disguised as PDFs.

Once infected, CryptoWall scans all mapped drives and encrypts important files. That’s an important distinction: CryptoWall will scan your local drives, but also any server mapped drives, such as an S: or N: drive. [Read more…] about CryptoWall 2.0: Ransomware Is Alive And Well

Risks When Employees Use Their Own Mobile Devices

Michael Menor is Vice President of Support Services for Tech Experts.

BYOD (Bring Your Own Device) is an exciting development for increasingly mobile and interconnected employees, but also a new challenge for IT security teams.

Gone are the days where security professionals can lock down a finite set of machines and facilities; instead, they must manage an ever-growing, ever-changing landscape of employees, devices and applications, many of which have access to information that needs to be protected.

According to an article on eWeek, a survey was done on organizations with mobile devices connecting to their networks: only 33 percent have any official BYOD policy governing the use of personal portable devices, 67 percent do not.

The security risks are inherent in BYOD between viruses, hacking, improper security, and more. Flat-out thefts of smartphones, laptops, and tablets are also an issue.

In New York City alone, police data show that Apple products were stolen in a total of 11,447 incidents in the first nine months of 2012. That is an increase of 40 percent compared to the previous year.

Of course, employee education and awareness are important as informed users are more likely to act responsibly and take fewer risks with company data. Unfortunately, employees can be careless and criminals crafty, which is why network security defenses and policies are so critical.

Although implementing a restrictive device policy may feel like the most secure approach for your company, it can easily backfire.

Your craftiest employees are going to find a way to connect their devices to your network no matter what. And employees who do obey your “no iPhones” message will probably resent the policy and experience lower productivity.

Bring Your Own Device conceptToday’s workers expect to have 24/7 access to their information. They want to be able to catch up on emails on the evening train ride home or access information while away from the office.

BYOD lets IT staffs eliminate the hassle and expense of provisioning, distributing, and maintaining hundreds of corporate-owned mobile devices.

But setting up a BYOD program isn’t without its challenges. For starters, when you give employees free rein to bring in their own devices, you put your corporate documents and data at the mercy of the native security on these devices.

When you consider that many of your employees probably have “1234” as the PIN on their iPhones, that’s a pretty sobering thought.

Another major concern is your network. When you allow today’s increasingly powerful smartphones and tablets to request resources from your network, you really put your infrastructure to the test.

Are you ready to serve data instantly to hundreds of increasingly powerful hand-held mobile devices?

What if your mobile employees want to watch training videos, play back webinars, or listen to conference call recordings on their devices – can you deliver this kind of bandwidth?

Like most things, there are upsides and downsides, but a decision should be made on what best suits you, your employees, and your business.

When it comes down to it, BYOD isn’t a completely ridiculous idea. In fact, the benefits of BYOD may be worth the extra security precautions required to implement it.

(Image Source: iCLIPART)

New Security Risk For Android Phones

Just when you thought you had safeguarded your mobile device from any misuse, a new threat emerges.

For Android users, it’s a big one. Rapid7 has recently discovered a security bug that allows cyber criminals to access a smartphone user’s data.

Although this security problem is widespread, Google has responded that it will take no action to fix it. The bug exists in phones operating on Android 4.3 and below, and allows hackers to control your smartphone.

Although Android 4.4 and 5.0 users are not vulnerable to this risk, this issue affects approximately 60 percent of Android users – almost a billion people worldwide.

Google’s official response is that their policy is not to develop fixes for older software versions, but it can notify people of the risk and others are welcome to create their own fixes.

To date, there are no known patches to address this issue. There is, however, one way to ensure your safety if you possess an affected smartphone. Simply download and install a newer version of the operating software.

Is My Business Data Safe in the Cloud?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

One of the newest business technologies is “the cloud” that more and more people are using. It’s an elusive term that is difficult to pin down, and it is precisely that vagueness that inspires fear in those who are considering transferring sensitive business data to it.

The cloud, however, isn’t as mystifying as you may think, and, if you use an online data drive or social media, you are already using it. Simply put, the cloud consists of networks of servers worldwide that are capable of storing information.

The primary benefit of using the cloud for business is that it eliminates the cost and hassle of purchasing and maintaining a physical server. Also, employees don’t have to waste time downloading and running applications and programs when they can pluck what they need from the cloud and virtually put it back when they are done. While this all sounds well and good, the question remains, “Is business data safe in the cloud?”

[Read more…] about Is My Business Data Safe in the Cloud?

Is Budget A Good Metric For Security?

Michael Menor is Vice President of Support Services for Tech Experts.

Is budget a good metric for security? In other words, if an organization wishes to improve its security, is spending more money an appropriate response? Furthermore, how can an organization ensure that any additional budget it allocates to security is spent wisely?

Talking about an organization’s security program in terms of its budget is something we are quite accustomed to. We often hear people discussing security spending in the context of evaluating an organization’s security posture.

For example, it’s not uncommon to hear statements such as “In an effort to improve its security, the organization has increased its security budget by 30%.” Of course, it goes without saying that a sufficient budget is necessary to accomplish anything.

Additionally, and perhaps quite obviously, it is important to note that larger organizations will need larger budgets to achieve the same level of execution.

What seems to be missing from the discussion, however, is the answer to a slightly different question: Does the organization spend its budget effectively?

A proper budget is indeed necessary, but it’s equally important how the budget is spent. Not every dollar spent will have the same impact on security posture.

Sometimes, we think about budget in a backwards manner. Oftentimes, clients say things like “I need a firewall,” “I need an IDS,” or “I need a DLP solution.”

The security organization will then communicate the business’ need for each of these requirements to the executives and make the case for the required budget accordingly.

If a new requirement arises down the line, the client will request more budget, which it may or may not receive.

The issue with this approach is that a security organization’s respective security programs are not tasked with things like “buy a firewall.”

ПечатьJust purchasing a network firewall will not stop an attacker from walking into your organization and physically plugging his computer into your network.

Maintenance and having the proper security policies in place is as equally important as having the appropriate equipment.

Take a look at this perspective. You never buy a car just to drive it around aimlessly. It involves proper maintenance and there are always risks that need to be identified each time you’re driving.

You need to mitigate, manage, and minimize risks and that’s essentially what the security organization does. Those risks can then be broken down into realistic and attainable goals and priorities.

Once we look at that list of goals and priorities, we soon realize that we have a framework in which to build our security operations. It is into this framework that we can drop all of our operational requirements.

Each goal generates a set of operational requirements and these spell out the peoples, processes, and products required to meet that specific goal.

It’s worth noting that each operational requirement may take one or more products to address. Similarly, each product may address one or more operational requirement.

While keeping that in mind, it’s possible to quickly build a matrix that will allow security organizations to map and optimize the products that best address the operational requirements.

It will take some time to transform budgetary discussions from product-centric to operation-centric.

However, as executives and boards see the direct correlation between increasing budget and improved security posture, they will be more likely to approve future budgetary increases.

So, getting back to the original question: Is budget a good metric for security? I would say that budget is not a metric at all, but rather a means to address operational security requirements.

(Image Source: iCLIPART)

What You Need To Know About Network Security Devices

Scott Blake is a Senior Network Engineer with Tech Experts.

With cyber hacking, identity theft and malware programs on the rise, it’s become even more important to protect your business networks from cyber invaders. One of the best ways to accomplish this is through the use of network security devices and installed anti-virus software.

Security devices attached to your network will act as a front line defense against threats. It behaves as an anti-virus and anti-spyware scanner and a firewall to block unauthorized network access.

It also acts as an Intrusion Prevention System (or IPS, which will identify rapidly spreading threats like zero day or zero hour attacks) and a Virtual Private Network (VPN), which allows secure access via remote connections.

Security devices come in four basic forms: Active, Passive, Preventative and Unified Threat Management (UTM). Active devices with properly configured firewalls and security rules will be able to block unwanted incoming and outgoing traffic on your network.

Passive devices act as a reporting tool that scans incoming and outgoing network traffic, utilizing IPS security measures. After reviewing these reports, the Active devices can be adjusted to close any detected security holes.

Finding and correcting possible security concerns is accomplished through the use of Preventative devices. These devices scan your network and identify potential security problems.

They will generate a detailed report showing which devices on your network need improved security measures.

UTM devices combine the features of Active, Passive and Preventive devices into one compact device. UTM-enabled devices are the most commonly found security device in small and medium-sized businesses.

By incorporating all the features into one device, your network administrator is able to more easily manage and maintain the security of your network. This greatly reduces overhead to your business.

Many businesses think they know what security measures need to be in place. Often, security professionals will find basic or home-class routers installed in companies.

While the upfront cost of the home-class router is lower than a business-class security device, the fact of the matter is that the home-class routers don’t offer the features and security a business needs to protect their network.

Companies electing to use home based devices run a much higher risk of finding themselves the victims of cyber attacks.

Information security. Shield covers laptopBefore purchasing any security device, it’s best to consult with a security professional. Have penetration tests performed and a vulnerability assessment report generated.

The report coupled with the advice of the security professional will guide you in determining what device is best for your network and business.

The benefits to having a proper and professionally-installed security device in place include protection against business disruption, meeting mandatory regulatory compliances, and protection of your customers’ data, which reduces the risk of legal action from data theft.

Along with the proper security device in place, you also want to make sure every device on your network is running a robust anti-virus program.

Managed anti-virus platforms are best for any business. Your network administrator can manage, update, scan and remove any threats found on any system attached to the network. This greatly reduces overhead and employee interruption.

For professional advice on security device installation, anti-virus solutions, or if you’re interested in network penetration testing, call Tech Experts at (734) 457-5000.

(Image Source: iCLIPART)

Using Flash Drives? Encrypt Them

Flash drives are becoming an increasingly popular means for transferring files from one computer to another – especially now that they are capable of storing up to a whopping 256 GB. These handy devices are easy to tote because of their small physical size and are a no-brainer to use since they pop right in and out of a USB port. So, it’s no surprise that employees may use flash drives to transfer work from the office to home. While this may initially sound like a run-of-the-mill activity, think about the ramifications of taking sensitive company data out of the building.

A variety of methods have been used to prevent employees from using flash drives due to the security risk it poses. While establishing policies for using removable data is good practice, it isn’t necessarily effective, and it is virtually impossible to monitor if and how flash drives have been used. This has spurred some businesses to physically disable the USB ports on its computers by calking ports or using software to disable them. This certainly works, but it is possible to eliminate the security risk without damaging any equipment or putting restrictions on employees simply by encrypting the data on drives.

There are two main ways to encrypt flash drives in order to prevent prying eyes from viewing your important business information. The first is to use drives that are outfitted with encryption service. As such, there is no worry about training your staff how to encrypt files or a question on whether it’s being done at all. Encryption, however, can still be achieved on regular flash drives that may already be in employees’ possession with software-based encryption services, most of which are low-cost.

In either case, sensitive business data that is encrypted is secure without a lot of hassle. When your employees need to access such files from flash drives outside of the office, they will be prompted to enter a password or encryption key to view them.

If a flash drive falls into the wrong hands, the information stored is completely unreadable without the proper key or password. This prevents any data breach while still allowing employees the ease of using flash drives to relay their work between the home and office.

Most Employees Use Work Computers For Outside Activities

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

GFI Software, a leading software tool provider for companies like Tech Experts, recently released a report that found the personal use of company computers and other devices is leading to major downtime and loss of confidential data in many businesses.

The study of about 1,000 small business employees who used a company-provided desktop or laptop computer found that 39 percent of them said their businesses have suffered a major IT disruption caused by staff members visiting non-work related websites with work-issued hardware, resulting in malware infections and other related issues.

Even more alarming, the study showed nearly 36 percent of staff members said they would not hesitate to take company property, including email archives, confidential documents and other valuable intellectual materials, from their work-owned computer before they returned the device if they were to leave their company.

[Read more…] about Most Employees Use Work Computers For Outside Activities