TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan - Page 55 of 99

Is Budget A Good Metric For Security?

January 20, 2015

Michael Menor is Vice President of Support Services for Tech Experts.

Is budget a good metric for security? In other words, if an organization wishes to improve its security, is spending more money an appropriate response? Furthermore, how can an organization ensure that any additional budget it allocates to security is spent wisely?

Talking about an organization’s security program in terms of its budget is something we are quite accustomed to. We often hear people discussing security spending in the context of evaluating an organization’s security posture.

For example, it’s not uncommon to hear statements such as “In an effort to improve its security, the organization has increased its security budget by 30%.” Of course, it goes without saying that a sufficient budget is necessary to accomplish anything.

Additionally, and perhaps quite obviously, it is important to note that larger organizations will need larger budgets to achieve the same level of execution.

What seems to be missing from the discussion, however, is the answer to a slightly different question: Does the organization spend its budget effectively?

A proper budget is indeed necessary, but it’s equally important how the budget is spent. Not every dollar spent will have the same impact on security posture.

Sometimes, we think about budget in a backwards manner. Oftentimes, clients say things like “I need a firewall,” “I need an IDS,” or “I need a DLP solution.”

The security organization will then communicate the business’ need for each of these requirements to the executives and make the case for the required budget accordingly.

If a new requirement arises down the line, the client will request more budget, which it may or may not receive.

The issue with this approach is that a security organization’s respective security programs are not tasked with things like “buy a firewall.”

Печать Just purchasing a network firewall will not stop an attacker from walking into your organization and physically plugging his computer into your network.

Maintenance and having the proper security policies in place is as equally important as having the appropriate equipment.

Take a look at this perspective. You never buy a car just to drive it around aimlessly. It involves proper maintenance and there are always risks that need to be identified each time you’re driving.

You need to mitigate, manage, and minimize risks and that’s essentially what the security organization does. Those risks can then be broken down into realistic and attainable goals and priorities.

Once we look at that list of goals and priorities, we soon realize that we have a framework in which to build our security operations. It is into this framework that we can drop all of our operational requirements.

Each goal generates a set of operational requirements and these spell out the peoples, processes, and products required to meet that specific goal.

It’s worth noting that each operational requirement may take one or more products to address. Similarly, each product may address one or more operational requirement.

While keeping that in mind, it’s possible to quickly build a matrix that will allow security organizations to map and optimize the products that best address the operational requirements.

It will take some time to transform budgetary discussions from product-centric to operation-centric.

However, as executives and boards see the direct correlation between increasing budget and improved security posture, they will be more likely to approve future budgetary increases.

So, getting back to the original question: Is budget a good metric for security? I would say that budget is not a metric at all, but rather a means to address operational security requirements.

(Image Source: iCLIPART)

What You Need To Know About Network Security Devices

January 20, 2015

Scott Blake is a Senior Network Engineer with Tech Experts.

With cyber hacking, identity theft and malware programs on the rise, it’s become even more important to protect your business networks from cyber invaders. One of the best ways to accomplish this is through the use of network security devices and installed anti-virus software.

Security devices attached to your network will act as a front line defense against threats. It behaves as an anti-virus and anti-spyware scanner and a firewall to block unauthorized network access.

It also acts as an Intrusion Prevention System (or IPS, which will identify rapidly spreading threats like zero day or zero hour attacks) and a Virtual Private Network (VPN), which allows secure access via remote connections.

Security devices come in four basic forms: Active, Passive, Preventative and Unified Threat Management (UTM). Active devices with properly configured firewalls and security rules will be able to block unwanted incoming and outgoing traffic on your network.

Passive devices act as a reporting tool that scans incoming and outgoing network traffic, utilizing IPS security measures. After reviewing these reports, the Active devices can be adjusted to close any detected security holes.

Finding and correcting possible security concerns is accomplished through the use of Preventative devices. These devices scan your network and identify potential security problems.

They will generate a detailed report showing which devices on your network need improved security measures.

UTM devices combine the features of Active, Passive and Preventive devices into one compact device. UTM-enabled devices are the most commonly found security device in small and medium-sized businesses.

By incorporating all the features into one device, your network administrator is able to more easily manage and maintain the security of your network. This greatly reduces overhead to your business.

Many businesses think they know what security measures need to be in place. Often, security professionals will find basic or home-class routers installed in companies.

While the upfront cost of the home-class router is lower than a business-class security device, the fact of the matter is that the home-class routers don’t offer the features and security a business needs to protect their network.

Companies electing to use home based devices run a much higher risk of finding themselves the victims of cyber attacks.

Information security. Shield covers laptop Before purchasing any security device, it’s best to consult with a security professional. Have penetration tests performed and a vulnerability assessment report generated.

The report coupled with the advice of the security professional will guide you in determining what device is best for your network and business.

The benefits to having a proper and professionally-installed security device in place include protection against business disruption, meeting mandatory regulatory compliances, and protection of your customers’ data, which reduces the risk of legal action from data theft.

Along with the proper security device in place, you also want to make sure every device on your network is running a robust anti-virus program.

Managed anti-virus platforms are best for any business. Your network administrator can manage, update, scan and remove any threats found on any system attached to the network. This greatly reduces overhead and employee interruption.

For professional advice on security device installation, anti-virus solutions, or if you’re interested in network penetration testing, call Tech Experts at (734) 457-5000.

(Image Source: iCLIPART)

Five Great Google Search Tips

January 20, 2015

If you have ever felt discouraged when trying to find something specific on the web but Google search lists a ton of sites that aren’t relevant, you’re not alone.

Try these handy tips to hone your search terms and help Google locate precisely the information you need:

Tabs
Sometimes, the most obvious things are the most overlooked, and tabs at the top of search results are no exception. Get closer to your desired results simply by clicking the tab that best describes what you want.

If you need a picture, for example, select Images, and you will see nothing but images. The same holds true for news and more.

Quotes
Word order is often crucial to finding the right information, but Google search doesn’t naturally take this into account.

For example, you may want to locate information about the movie Simon Birch, but your search turns up results for a guy named Simon talking about birch trees. Simply put quotation marks around your term to search for a precise phrase.

Hyphens
There also may be words or phrases you wish to exclude from your search results. In this case, put a hyphen in front of the term to indicate you don’t want to see information that contains that term.

For example, if you wish to learn about antique dolls but are not interested in Barbie dolls, input antique dolls -Barbie.

Colons to Search Specific Sites
If you need to restrict your search results to a specific site, add a colon followed by the site address after your search terms to let Google show results only from that particular website. When you want to read news about the ebola virus just on CNN, for example, type in ebola virus: cnn.com.

This is also useful to search your company’s website. Simply use the word site, a colon, followed by your company’s website address. This will display all pages Google has indexed from your website.

Related Sites Search
Sometimes, you want to discover similar sites to ones you already enjoy. Let’s say you like the types of articles on Elephant Journal but have already read everything there. You can find new and similar reading material by searching related: elephantjournal.com.

Using Flash Drives? Encrypt Them

January 20, 2015

Flash drives are becoming an increasingly popular means for transferring files from one computer to another – especially now that they are capable of storing up to a whopping 256 GB. These handy devices are easy to tote because of their small physical size and are a no-brainer to use since they pop right in and out of a USB port. So, it’s no surprise that employees may use flash drives to transfer work from the office to home. While this may initially sound like a run-of-the-mill activity, think about the ramifications of taking sensitive company data out of the building.

A variety of methods have been used to prevent employees from using flash drives due to the security risk it poses. While establishing policies for using removable data is good practice, it isn’t necessarily effective, and it is virtually impossible to monitor if and how flash drives have been used. This has spurred some businesses to physically disable the USB ports on its computers by calking ports or using software to disable them. This certainly works, but it is possible to eliminate the security risk without damaging any equipment or putting restrictions on employees simply by encrypting the data on drives.

There are two main ways to encrypt flash drives in order to prevent prying eyes from viewing your important business information. The first is to use drives that are outfitted with encryption service. As such, there is no worry about training your staff how to encrypt files or a question on whether it’s being done at all. Encryption, however, can still be achieved on regular flash drives that may already be in employees’ possession with software-based encryption services, most of which are low-cost.

In either case, sensitive business data that is encrypted is secure without a lot of hassle. When your employees need to access such files from flash drives outside of the office, they will be prompted to enter a password or encryption key to view them.

If a flash drive falls into the wrong hands, the information stored is completely unreadable without the proper key or password. This prevents any data breach while still allowing employees the ease of using flash drives to relay their work between the home and office.

Most Employees Use Work Computers For Outside Activities

December 12, 2014

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

GFI Software, a leading software tool provider for companies like Tech Experts, recently released a report that found the personal use of company computers and other devices is leading to major downtime and loss of confidential data in many businesses.

The study of about 1,000 small business employees who used a company-provided desktop or laptop computer found that 39 percent of them said their businesses have suffered a major IT disruption caused by staff members visiting non-work related websites with work-issued hardware, resulting in malware infections and other related issues.

Even more alarming, the study showed nearly 36 percent of staff members said they would not hesitate to take company property, including email archives, confidential documents and other valuable intellectual materials, from their work-owned computer before they returned the device if they were to leave their company.

The Real Risks Of Running Outdated Software

December 12, 2014

Are you still holding onto your trusty old server that’s aging towards uselessness?

Or perhaps you are still running important applications on older servers with old operating systems because they’re “good enough” or “doing the job just fine.”

In many ways, your old server is like a trusty old car. You know where the kinks are and it gets you where you need to go.

But lurking below the surface of that trusty old car, and your old server, can be hidden risks that can result in very big problems, even dangers. Usually, when least expected.

Security risks are the number one danger of older technology. The older your operating system or application, the longer the bad guys have to find and exploit vulnerabilities.

This is especially true when the manufacturer is no longer actively maintaining support. Dangers can lurk across the entire aging application platform.

Your older versions of SQL Server are at risk. Perhaps you are still using an old FTP server that’s innocently sitting in the corner. Or you have some older network equipment and appliances.

The bottom line is anything that listens on the network is a potential threat to the server, and therefore your business.

If that software or firmware isn’t up to date, you’re doubly at risk of a major security incident.

Here are the top 5 risks you’re taking with running outdated software:

Crashes and system downtime
Aging systems are more vulnerable to failure, crashes and corruption causing significant downtime.

Targeted technology upgrades can reduce total annual outage risk and reduce downtime.

Increased costs
Outdated software is more expensive to maintain than newer versions. Failing software increases costs by overloading IT personnel. The process of applying patches is also costly and time consuming.

Updated software portfolios not only decrease maintenance costs but also free up IT budgets for more strategic and innovative programs.

Decreased productivity
Aging software applications that crash or require maintenance result in reduced employee productivity.

Modernizing software increases productivity by improving the efficiency and quality of work.

Security holes
Mission critical software is more vulnerable to security breaches as it ages. A security breach can compromise sensitive customer and employee information, and proprietary company data.

Legal and regulatory compliance risks
Updated software ensures compliance to governance, regulation and policy as regulatory bodies continue to mandate new global requirements.

This is especially important for healthcare professionals that need to comply with new HIPAA regulations.

With older technology, any of the above risks can strike you at any time. The consequences can be loss of productivity, or worse, loss of critical data that negatively impacts your business.

Perhaps “good enough” isn’t really good enough after all.

(Image Source: iCLIPART)

The Human Factor In Network Security

December 12, 2014

As you’re aware, disaster can manifest in many forms. In the past, we have included articles about weather-related events and how to best prepare your business against disasters.

However, there is another type of disaster that’s unlike flooding or fires that can also have devastating effects on your business.

The Human Factor
When it comes to safeguarding your business both physically and virtually, you have the power and controls available to give the edge against company espionage, cyber-attacks, or absent-minded employees.

It comes down to three basic areas: Software, Hardware and People. Once you have a firm grasp and control over these areas, you will have reduced your risk level considerably.

Software
Make sure all of your company’s electronic devices – from company-owned smart phones, tablets, laptops, workstations and servers – are running anti-virus and have a firewall in place.

While some devices are easier to secure and manage than others, this is a critical area, so be sure to make the best attempt to cover all your devices.

Be certain that your data storage devices are running backups and the backups are indeed good. As an added form of protection, encrypt your data being stored, making sure you save the key offsite as well.

That way, if your data is comprised either through internal access or external, it will become very difficult to use the data that was stolen.

The size of your company and the amount of sensitive data you have will dictate the frequency of your backup schedule. Remember, it never hurts to be overprotective when it comes to your data.

Hardware
Have security/firewall devices in place. Make sure they are fully configured for your business and that the firmware is up to date.

A lot of security devices add increased measures through the firmware updates.

They often have the ability to fully lock down your internal network as well. Restrict Internet access to only websites necessary for your business operations.

If your business offers Wi-Fi access for either internal use or guest use, make sure that controls are in place to limit access to your company’s internal network. The best precaution is to place the guest Wi-Fi on a completely separate network.

While Exchange mail servers can increase overhead, they will also add a level of increased security to combat against viral infections being delivered via email and attachments.

I’m sure everyone is well aware of Crypto-Locker and its variants. The majority of Crypto-Locker infections were delivered through infected PDF files sent as attachments.

People
By nature, humans are (and will always be) the most random aspect to safeguard your business from. It is vital that you run full background checks on any employee that will be given access to sensitive data or hardware.

Restrict the use of portable media such as flash drives and external hard drives while employees are working on or in the server room. Some companies may go as far as banning all portable media devices entirely.

Be proactive in actively monitoring your employees and watch for any changes in behavior, appearance, attitude and tone of speech. These can all be signs something is wrong.

If you have questions or you’re looking for suggestions, call Tech Experts at 734-457-5000, or email us at info@mytechexperts.com.

(Image Source: iCLIPART)

Don’t Forget Your End-of-Year Data Backup

December 12, 2014

In a ritual akin to spring cleaning, computer users far and wide are backing up their data en masse. Although backing up your vital data is a wise idea to prevent the loss of important documents during crashes or even computer theft, it often goes undone.

By the end of the year, however, an amazing amount of data would have been stored which may slow computers’ performance. This is a silent reminder to clean out the cobwebs and back up the files you want to keep.

There are various ways to back up your data, and one is readily available right on your PC. Windows users can access backup tools by pressing the Start button, typing “backup” in the search area, then clicking “Backup and Restore.”

This allows users to back up files instantly. Similarly, Mac users can open the System Preferences menu and select Time Machine. It will promptly perform backup tasks with the selection of the appropriate disk to store the files.

However, the aforementioned tools on your PC or Mac, don’t address more complex situations where your computer may be completely damaged or lost.

Therefore, it is also advisable to back up important documents, such as financial records or critical documents or emails, on a separate device.

If you depend solely on your computer’s backup system, your backed up data is vulnerable to the same threats that can damage the whole computer.

There are various data storage solutions on the market. The more expensive ones offer extra features, but the main factor to consider is the data storage size that you will need to have on the device.

Alternatively, simply upload your most important data to cloud storage, which can also be automated for future backups.

Other computer users prefer to back up data on an external USB device and keep it in a safe place.

It would also be best to automate your backups based on a recurring schedule that takes into consideration the particular files/folders that change often and/or are the most critical and include them in the backup set.

If you require assistance in figuring out the most appropriate automated backup solution for your home or business, give us a call at (734) 457-5000 and one of our technicians will be glad to help.

My Laptop’s Ethernet Port Isn’t Working. What Can I Do?

December 12, 2014

If the Ethernet port is damaged, purchase a USB to Ethernet converter.
The laptop Ethernet port is integrated into the motherboard, which makes it hard to replace only that part without swapping out the entire motherboard.

Since it just doesn’t make sense to throw the proverbial baby out with the bath water, just make it possible to plug into another port that is undamaged with a USB to Ethernet converter.

Fortunately, these converters are relatively inexpensive, so there’s no need to despair. Converters are available at virtually any store with an electronics section and there isn’t much difference between converters.

One thing you may wish to consider is to purchase the latest model of adapter, even if your current laptop is not new.

These converters are backward compatible, so the latest USB 3.0 to Gigabit Ethernet adapter works with even the oldest computers with older USB ports.

With the latest version as part of your arsenal, you can still use it in the future with a newer laptop.
These adapters have another great feature which is that they don’t require any technical knowledge, saving you time and money for installation and troubleshooting in case of problems.

Simply plug it in the USB port, and it’s ready to deploy your Ethernet connection, getting you back online without any hassle.

Windows automatically detects the adapter and the operating system installs the appropriate drivers for you.

Remember to use an in-line surge protector on your Ethernet cable, particularly if you travel frequently.

IT Policies Companies Under HIPAA Regulations Must Have

November 30, 2014

HIPAA (the Health Insurance Portability and Accountability Act) and HITECH (the Health Information Technology for Economic and Clinical Health act) have been around for quite some time. Even so, many companies covered by these laws are way behind when it comes to implementation. When you really think about it, even companies not covered by these laws should have the requisite policies and procedures in place.

Access Control Policy
How are users granted access to programs, client data and equipment? Also includes how administrators are notified to disable accounts.

Security Awareness Training
Organizations must ensure regular training of employees regarding security updates and what to be aware of. You must also keep an audit trail of reminders and communications in case you’re audited.

« Previous Page