TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Cloud Vs. On-Premise Systems – Pros, Cons And Costs

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

A common discussion among the business owners I work with is whether to store their data in the cloud or an on-premise IT system. The conversation usually starts with the cost implications; however, there are many things that need to be taken into consideration when comparing the two options, such as some of the following:

Cloud
The recurring monthly service cost is often the main and sometimes the only cost factor that is considered when comparing cloud solutions with an on-premise option.

Pros
• Although much is said about cloud solutions outages, public and private clouds can provide much better reliability and uptime than an old, outdated and poorly maintained on-premise system.

• In the long term, the total cost of ownership (TCO) for cloud solutions is much lower than that for on-premise systems for most businesses.

Cons
• Offloading hefty workloads to the cloud demands sufficient bandwidth. Without it, any savings you might be making from not running an internal server could potentially be negated by slowness and productivity loss.

• Similarly, any increased needs in Internet connection costs should be accounted for in an objective comparison of moving to the cloud versus staying in-house. If you are contemplating moving to the cloud, talk to us about the amount of bandwidth you need for your business.

• When dealing with cloud servers, you will often find that while you can move as much data as you wish into the server, transferring data out usually has an associated cost.

• Moving large amounts of data to the cloud may take a significant amount of time depending on your office Internet connection; it may not be enough to transfer these workloads in a timely manner between endpoints.

ПечатьOn-premise IT systems
Many people mistakenly believe that the cost for on-premise systems start and stop with how much they need to pay for new hardware and software.

Pros
• They are more suitable than cloud solutions for large capacity file sharing of 50GB or more, or for operations that would be bandwidth-prohibitive in a cloud scenario, such as rural offices with weaker Internet connectivity.

Cons
• In contrast to standard computers or laptops, the average solid server has a mixture of multiple-socket processors, dual power supplies, multiple hard drives and numerous other components that all increase your electrical overhead cost. You should also factor in the cost of cooling your hardware, which is critical in maintaining these components.

• On average, organizations replace on-premise systems every five years, which means you will incur upgrade costs to retire old servers. Even if staying in-house may be cheaper than moving to the cloud when you consider the monthly costs, your five-year upgrade or replacement costs could be even more expensive, and opting for cloud solutions may still be better in the long term.

It is worth noting that while one solution may seem more favorable than the other, it may not apply to all businesses.

As such, it is important to objectively compare these factors based on your business needs and make the most suitable decision accordingly.

(Image Source: iCLIPART)

Benefits Of Going Paperless

Michael Menor is Vice President of Support Services for Tech Experts.

The “paperless office” has been a concept in American business culture since 1979, when it was first coined in Newsweek. As the technology improves and becomes more cost effective for small businesses, the paperless office is becoming a reality for more and more small companies. If you are considering going paperless or adopting a document management system, consider these five benefits.

Increased Productivity
Call it a variant of Murphy’s Law — when you need a paper file, it is inevitably located at the bottom of a large stack of files on the floor in the corner of somebody’s office.

For example, law firm personnel can spend literally hours every year looking for paper files. In an industry that typically charges by the hour, that’s not a productive use of time.

By contrast, you can immediately retrieve a scanned file from your document management system. With a document management system, multiple people can retrieve a given document at the same time, improving efficiency.

When you scan a document, you get an image of that file. To convert the image of the text into searchable text, you can use optical character recognition (OCR ) software — often included with a scanner.

Once you’ve made scanned files searchable, it becomes even easier to find them because you can search for any phrase in the document, such as a client name, not just the name of the document itself. This makes it incredibly easy to find invoice numbers or any other information that is usually hidden deep within a document.

Improved Customer Service
At one time or another, everyone has been on the receiving end of the dreaded phrase “I’ll have to check the documents and get back to you.” Consider how much happier your customers would be if you could say, “Let me pull up the document now and check for you,” resolving their question during a single phone call?

As an added bonus, the ability to search documents makes it less likely that you’ll overlook that key piece of information. More efficient service means happier clients who pay their bills faster.

Even better, improving your client relations will make your clients more likely to hire your firm for other services and make it easier for them to refer your business!

Reduce Operating Costs
Storage costs represent a major expense. Typically, office space is second only to salaries in terms of cost, especially in large cities. As the piles of paper grow, so do your storage costs.

Scanning documents can substantially reduce storage costs by eliminating a significant portion of your paper files and the storage space required to store them. You can then put the space once used for storage to more productive use.
c852522_m
Before you call a shredding company, read your state rules on the retention of physical files, especially in practice areas such as Real Estate or Financial Services.

Even if you have to keep the files for a specified period of time, scanning them will enable you to store them off-site as cheaply as possible. Scanning documents also reduces time spent requesting documents from the file room or even warehouse.

Finally, since you can easily email scanned documents, you can reduce your phone bill by faxing documents less often. Some paperless law firms have even eliminated their fax machines entirely and switched to online fax services.

With a paperless office, you can almost entirely eliminate the costs of printing, such as copy paper, ink and toner. With toner being one of the most expensive liquids on the planet, this can equal huge cost savings for your small business.

Better Security
Paper documents are subject to two risks — physical theft and destruction from a variety of disasters (fire, flood, etc.). When you scan confidential documents, you can restrict access to your eyes only. For example, you can limit the access of sensitive information or specific case files to select people.

Law firms subject to federal and state regulations regarding the protection of client information will find compliance significantly easier with scanned documents. Also, replacing a digital file is much easier than trying to replace a file cabinet destroyed by fire or flood.

Environmentally Sound
If environmental issues are important to you and your business or you have clientele that care about these issues, going paperless can boost your status in the community.
For example, digitization of your files will result in fewer photocopies, reducing company paper consumption.

The less we use today means the more we leave behind for future generations. If you are part of the Green Revolution, making your business paperless is a great place to start.

Going paperless will save your firm time and money – but be wary of anyone selling you a magic software product that will fix all your problems. Like anything else, you get out of it what you put into it.

There are many organizations that can help with this type of solution, but make sure their company culture matches you own. After all, the last thing you want is to try and go paperless with the help of Xerox or any copier company whose main interest is in hardware and consumables.

(Image Source: iCLIPART)

What To Do With Electronic Waste – E-Waste

Scott Blake is a Senior Network Engineer with Tech Experts.

One of the biggest decisions a company or home user has to make after making the decision to upgrade their electronic devices is what to do with the old outdated equipment.

There are still many people and companies out there who are not aware of why it is so important that you recycle your old electronics. I wanted to go over some of the main reasons why all of us should be joining in.

The Federal government requires that companies producing over 220 pounds of electronic waste tested hazardous be disposed of in proper manners.

There are currently no federal regulations for organizations producing less than 220 pounds of hazardous electronic waste, however many states have become more stringent in the proper disposal of e-waste for both businesses and households.

It is estimated that of the approximately 201 million tons of solid waste generated annually in the United States, at least one percent is classified as computer and/or electronic equipment. Of this nearly 2.1 million tons, only an estimated 134,000 tons is actually recycled.  Even though e-waste accounts for a small percentage of all municipal waste, it still accounts for about 70% of heavy metals ending up in our landfills.

Some of the toxic materials you can find in old electronics are lead, mercury, arsenic, cadmium, selenium, and more. Computer monitors alone can contain as much as 8 pounds of lead. When these products are just discarded, the harmful toxins will leak out, which is harmful to both the environment and us.

Despite good intentions, much of this nation’s e-waste is exported to developing countries, where processing is done under unsafe conditions and endangers workers and nearby communities. Some progress has been made to end this practice through certification programs. One such program is e-Stewards.

Researcher’s estimate that between 50 and 80 percent of electronic waste from the industrialized world that winds up in the hands of “recyclers” actually goes to a few developing countries: China, India, Pakistan, Vietnam and the Philippines.

PrintThere, the unregulated materials are crudely handled in acid baths and burn pits, releasing into the air and soil heavy metals and chemicals that are used to make flexible plastics and flame retardants.

Studies of individual scrapping facilities in Ghana and China have measured contaminants and toxic metals like lead present in soil at more than 100 times typical background levels.

According to e-Stewards, recyclers who meet their certification requirements don’t export to developing nations. They follow safe practices for the handling of electronic waste, and adhere to other standards. Many will also reuse and refurbish equipment.

Lastly, when you choose to recycle your electronic equipment; make sure to choose a certified electronics recycler, that way you are ensuring that any data stored on your device is completely removed.

When you just toss an old computer in the trash, you risk having the right hacker find his or her way to your sensitive information. With so many reasons why you should recycle, it is hard to believe that some people could still put their old laptops in the trash.

If you have questions on how to properly recycle your electronic equipment; give us a call and we will answer all of your questions.

(Image Source: iCLIPART)

Summer Travel Laptop Tips

Beach umbrellas on a deserted beachIf you’re traveling with your laptop, you may need to carry a few accessories. These include adapters, surge protectors, converters, wireless Internet cards, Ethernet cables and a high-quality carrying case.

Power supply
If you’re traveling overseas, you need to consider possible international voltage differences and plug sizes and shapes. While the United State and Canada both use 110-volt electricity, the rest of the world runs on 220-240 volts.

Fortunately, most laptops can comfortably run on both voltages; however, check your computer label or owner’s manual to be on the safe side. If it runs on 110 only, you will need a converter.

You will also likely need an adapter so your plug can fit into the local outlets. Most countries have one or more adapters that are unique or that they share with a few close neighbors.

Surge protection is critical while traveling, particularly if you are traveling to a country where electricity is not reliable. You will need a surge protection electrical strip for whichever voltage you will be using, bearing in mind that surge protectors for 110 and 220-volt currents cannot be interchanged.

Internet connection
Most hotels offer either wireless or high-speed Internet. You may want to call ahead and find out what is available.

Many hotels will provide a Wi-Fi connection, which is helpful, since your laptop has its own built-in wireless network adapter that can search out the nearest wireless signal. Remember to ask for the hotel’s signal password at the front desk. You can also buy a wireless notebook card, if your laptop does not have an internal wireless network adapter. This would also be helpful for connecting to the Internet in WiFi hotspots in airports, libraries and coffee shops.

Some hotels will require that you plug into their Internet connection using an Ethernet cable. You should bring your own cable just in case one is not supplied to you by the hotel.

Extras
Your computer will more than likely take a few hits while you move around, so a sturdy padded carrying case could save you a lot of frustration and money.

You might also want to bring along a device onto which you can back up your work, just in case the hard drive crashes. An extra laptop battery might also come in handy, along with screen cleaners.

(Image Source: iCLIPART)

Making Content Marketing Work For Your Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Content marketing, in the form of blogs, videos, infographics, and white papers or e-books, is and will continue to be a permanent feature in the online world. The use of such tools is continually expanding as marketers find new ways to offer content to target audience.

In order to attract more people to buy your products, you must also provide useful information that will drive them to your site and build the trust needed to move them through the sales funnel.

Take advantage of social media
Act to reach as many potential customers as possible. Social media helps to boost the visibility of videos, blog posts or infographics that you create.

This can be done by scheduling updates across all social networking channels to encourage your followers to view the content you created and to share them with their own followers.

However, be aware that you are walking a fine line; multiple daily updates may alienate your audience.

Post to bookmarking sites
People trust sites that post content that has been vetted by people who share their interests.

Content which receives the most votes quickly becomes popular, so in most cases, readers will skim through the top links for the best content.

??????As a small business owner, social bookmarking sites offer a great opportunity to connect with readers you might otherwise never interact with, increasing your chances of bringing in more customers.

Updates
Visitors to your blog should be able to get quick and simple updates each time you post something new. RSS feeds are efficient in ensuring this process.

Every visitor that signs up for updates from your blog can either read them through an RSS feed or get them via email. This eliminates the problem of visitors needing to check on your blog for new content.

Measure results
There’s really no tangible way of knowing whether or not your content-marketing efforts are productive except to measure your results.

Look at your analytics to see how many visitors you are bringing to your site to see if you are taking the right steps in marketing and sharing your content.

Find out which topics people are reading the most to help you generate ideas for future content.

Google Analytics is a free tool you can use to collect data on your content marketing efforts.

You will be able to review traffic to your site over time and make sure it is steadily rising as intended.

It’s no longer enough to simply have a blog, even an active one. It is critical to develop a comprehensive plan of action that will ensure the right people are drawn to your content and ultimately turned into loyal customers.

(Image Source: iCLIPART)

Convenience And Security: The New Face Of Two-Factor Authentication

Michael Menor is Vice President of Support Services for Tech Experts.

Security may be part of an IT professional’s daily world, but these days consumers are just as concerned about protecting their privacy online. It’s no surprise that many businesses are trying to boost their brand image and differentiate themselves from their competitors by promising superior security.

Yet there’s one security action that many of them could take and don’t: two-factor authentication. We all know that online authentication issues can cost both businesses and consumers a high price through cyber-attacks, online fraud and identity theft.

Two-factor authentication has always been a strong solution in mitigating these attacks. By offering secure login, it protects company reputations and provides consumers with an added layer of security during online purchases, personal banking and other digital transactions.

So why aren’t more organizations implementing it? In a word: inconvenience. Businesses are afraid of annoying their buyers by demanding multiple passwords or asking them to take an extra action that might spur them into abandoning the sale.

In a landscape where catering to customer wishes is a common business mantra, risking customer irritation seems dangerous. After all, this is the digital age where consumers expect everything to go faster and smoother and easier online, whether they’re checking email, watching a video or doing their holiday shopping.

Of course, it’s also the age of digital crime. Two-factor authentication might seem user unfriendly at the outset, but ultimately it’s in the consumer’s best interest.

Still many organizations, including those with sensitive information to protect, hesitate to use it. I ran into this recently during a security discussion with a financial institution.

When one of its top executives and I discussed ways to protec their customers online, I asked if the company used two-factor authentication. The executive shook his head and told me the business didn’t want to inflict that “inconvenience” on their customers.

It’s a classic quandary that many organizations find themselves in: they want to offer their customers the utmost in digital security, but worry that if they make that security too complicated or inconvenient, they won’t have customers to protect.

Caught between the Scylla of risk and the Charybdis of inconvenience, these organizations have mostly chosen to forgo two-factor authentication and accept the risk on behalf of their customers.

Luckily there are some new innovations that are solving this very issue, including a unified two-factor authentication protocol in the works, and technologies that manage to sidestep the inconvenience issue.

Next Gen Authentication
It’s worth noting that two-factor authentication is required by the Payment Card Industry Data Security Standard (PCI DSS) for secure remote connectivity.

This is understandable, when you consider the rising number of website and retailer breaches where the hackers obtain buyer addresses, credit card numbers and other highly sensitive information.c473479_m

But two-factor authentication isn’t just for eCommerce and financial institutions. As the digital health movement surges in popularity, it can be an excellent safeguard for patient Web-based apps as well.

In fact, two-factor authentication looks more and more like a smart security measure for pretty much any process that requires user authentication.

There may be plenty of password-cracking tools on the market, but in theory, even a successful crack won’t get a hacker into an account – not with the second form of authentication stopping him. This is why two-factor authentication continues to be an ongoing quest for many innovative companies out there.

Take OAuth, a popular protocol that provides a reference architecture for universal strong authentication across all users and devices over all networks. There are also cloud-based tools that seamlessly integrate into existing application login workflows using a robust API that works with smartphones and multiple platforms.

Not all two-factor authentication tools are perfect, of course. SMS-based techniques such as texting to reset passwords are compromised on a regular basis, either through malware on the phone or other vectors.

Ultimately hardware is the safest way to go, as seen in several clever two-factor solutions. For instance with some tools, users log in with their usernames and passwords, then activate their second factor by pressing a button on a USB device, which quickly enters a one-time password that is usually only good for a matter of seconds.

Each previous password is invalidated, so that even if a hacker records it, it’s worthless for all future access. Some of the hardware is engineered to work with NFC-enabled smart phones, allowing mobile security without the risk of traditional SMS two-factor authentication.

From cumbersome to convenient
It should be obvious by now that the face of two-factor authentication has changed. The days of burdensome multiple login steps and passwords are over. New two-factor technologies offer speed and convenience to users; brands can assure customer safety during online payments and activities without requesting additional action.

In short, it’s the kind of layered security demanded in these attack-prone times. Let’s hope organizations will look beyond the more primitive two-factor offerings of the past, and embrace new technologies that can provide customers with the protection they deserve.

(Image Source: iCLIPART)

Is A Tablet The Right Choice? Pros And Cons

Scott Blake is a Senior Network Engineer with Tech Experts.

With so many gadget choices on the market these days, it can be very difficult for people to decide what they need and where to spend their money.

Tablets are currently the top of mobile technology. They are compact, very lightweight and extremely easy to carry. However, they do not possess the processing power of a laptop.

Their functionality as a computing device is very limited, although sufficient for some people’s uses. Tablets can be ideal for those who browse the Web casually, such as read the news or popular websites, and those who play “lightweight” games, or want to watch TV or films while traveling.

Despite advances in some niche professions, tablets are often not suitable for hardcore gamers, presentation arrangement and creation or heavy researching.

Pros of a Tablet Computer

Lightweight
Tablets are smaller in size compared to even the smallest types of laptops and this travel-sized gadget is definitely a plus to those who don’t want to lug a laptop around but still want to bring along a computer.

They are also lighter than laptops, putting less stress on the body and can be handled easily with one hand, unlike laptops.?

Longer Battery Life
The best models of tablets can hold power for up to eight hours or more of typical use, which is significantly longer than any laptop. They can even be on standby for days.

Touch Input
Some people actually enjoy using the touch input as opposed to a keyboard input. Touch input is especially useful for drawing digital images, playing certain games and manipulating certain programs.

c817296_mCons of a Tablet Computer

Lower Performance Ability
Tablets do not have the same processing power as laptops and can easily become overloaded if a lot is done on them. They are only suitable for simple computer usage that doesn’t involve heavy multitasking, like solataire.

Uncomfortable Usage
Most users still prefer the comfort of using a keyboard to type, as using a touch input is much more time consuming and can result in many errors if the user isn’t accustomed to that kind of input.

Using a tablet and its touch input can also be stressful to the wrists and arms of the user since there is no place for the user to rest his or her wrists and he or she has to use the arms to hold up and use the tablet as long as needed. However, some tablets do come with full keyboards as an add-on accessory.

Higher Fragility
The touch-sensitive display of tablets are also a weakness, as this renders them fragile and in need of proper care. Otherwise, the screen can easily be damaged and once the screen is damaged the tablet is unusable.

While tablets are the newer devices, they are slowly improving but they generally still have a lot to catch up with in terms of performance.

However, for the user who uses computers for simple things like checking email, playing games, going on social networks, and other tasks that don’t require the computer to process heavily, tablets have a convenince factor that makes them attractive.

If you have any questions whether a tablet is the right choice for you, give the Tech Experts team a call and we will help you make the right choice.

(Image Source: iCLIPART)

Ten Ways To Minimize Workplace Interruptions

Time Concept on Striped Background.You may be trying hard to practice your organizing techniques but still manage to complete only a few of your tasks at the end of the day. It may be due to uncontrolled workplace interruptions.

We suggest ten ways to minimize interruptions in the workplace without sacrificing your role of being accessible and available to co-workers and clients:

1. Use your voicemail when you are doing something important that needs your uninterrupted attention and concentration especially with a deadline. Schedule a time to respond to your messages.

2. Instead of checking your email every few minutes and responding immediately to each email, set a schedule on which times of the day you should read and respond to email messages.

3. If you are someone whom your co-workers often ask for company policies or procedures, create an FAQ and make it accessible to co-workers.

4. When you are in charge of certain processes in the workplace such as reservations, create a procedure for the process in making requests such as an online form.

5. Clearly communicate information needs and turnaround times especially for job order requests in order to avoid unnecessary follow-ups.

6. Block out time on office calendars so you can work without interruption.

7. If you are on a tight deadline or working on something extremely important, make yourself unavailable for interruptions by working outside your office – even if it is just the empty conference room.

8. If you are able to adjust your schedule, take advantage of this opportunity such as working earlier than usual, or having a different day off and work when everyone’s off. This way, you will have less interruptions and you can get more work done.

9. Set certain hours of the day when you will be available to answer questions from co-workers.

10. If you are working on a project with different departments or co-workers, create a regular update meeting in order for everyone to be clearly updated with information and avoid wasting time updating each other individually.

(Image Source: iCLIPART)

Seven Smart Tips To Secure Your Business Network

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Hackers are constantly on the lookout for digital data they can use to make a profit, either by stealing money electronically or by selling the information to third parties.

Therefore, it is important to protect your precious data; here are seven tips to get you started:

Policies
Your staff is the front line of defense against hackers. Human error is one of the leading causes of data security breaches, so you need to have policies in place to ensure your employees are promoting the security of your network while working.

Strong passwords
People generally opt for simple easy-to-remember passwords that hackers can easily crack.

A simple “dictionary attack” (using an automated tool that uses a combination of dictionary words and numbers to crack passwords), is sufficient to uncover many passwords.

On the other hand, coming up with a complicated password and saving it to your computer as opposed to writing it down is a simple but very effective way to prevent hacks.

Multi-factor authentication
It is highly advisable to establish multiple layers of technology dedicated to security that you would apply to all your devices, including desktops, mobile devices, file servers, mail servers and network end points.

Multiple security blocks hacking attacks and alerts you to any problems beforehand so you can take the appropriate measures.

Data encryption
Encryption is yet another great security tool that you can use to protect your data. For instance, if your hard disk is stolen or your USB drive is lost, anyone trying to access your data would be unable to read it if it is encrypted.

Backupicon with gold lock
Security makes up half of your data protection, while a proper backup strategy makes up for the other half.
Even with great security, you need to be able to recover your data if you have a failure. Back up often, and remember to test the backup regularly.

Audit
You need to identify the vulnerable areas of your network or which data needs to be protected.

Your entire IT infrastructure, including your computers, mobile devices and network should be audited by a professional IT specialist to determine the appropriate steps to prevent hackers from accessing your data.

Managed services
Managed services are an alternative and highly-effective approach for achieving the best possible security, including backup and recovery.

Many small businesses are unable to adequately meet the daunting and expensive task of securing their data.

With a managed-service provider specialized in data security, you get the benefit of professional services and skills without having to hire an in-house security expert, thus cutting on costs. In addition, you get access to the latest security technology and support professionals.

(Image Source: iCLIPART)

What Happens To Stolen Data After A Breach?

Michael Menor is Vice President of Support Services for Tech Experts.

Data breaches have become so common that virtually everyone has been impacted by a breach in some way. Breaches at big retailers make the news, and replacement credit cards ominously arrive in the mail from our banks.

However, there is a lot more to most data breaches than meets the eye, as is the case with more traditional robberies, the theft of data is often just the beginning of the crime. If criminals can’t use or sell stolen data without being caught, then the data quickly becomes worthless. As a result it’s critical to understand what happens to data after a breach.

Understanding the Criminal Infrastructure
While “hacktivist” groups will periodically expose data to further an ideological cause, the vast majority of breaches are perpetrated by criminal groups focused on financial profit. Since very few of these attacks result in the direct theft of currency, criminals need a way to turn their stolen data into money.

Even in the simple case of stolen credit card information, criminals either need to sell the cards to other criminals or use the cards directly to commit fraud. In either case, the card data itself is a precursor to future fraud.

This may seem incidental at first, but there are important consequences. Specifically, the ability to monetize stolen data requires a very different set of skills than those needed to breach a network in the first place.

Data Protection on Red Keyboard Button.A network breach can be a relatively targeted operation perpetrated by a few attackers. However, once a breach is successful, the scale of the operation changes entirely. Whether the stolen data is personally identifiable information (PII), payment card data, or login credentials, the attackers face a challenge of scale. Millions of individual records need to be monetized either by reselling them or using the data directly for profit.

The sheer volume of data makes it impractical to do these tasks manually, and this is where cybercriminals need help. In most cases help arrives in the form of botnets that can automate the processing of individual records, and a larger ecosystem of organized crime that can consume the stolen data. Here are a few examples.

Direct Financial Fraud
Payment card breaches such as the recent attack against Target have obvious financial impacts and motivations. Yet while it is relatively simple for a criminal to derive value from an individual stolen credit card, doing the same for millions of cards is another thing entirely.

This is where the larger criminal ecosystem comes into play. The attackers behind the breach will sell the stolen card data to brokers, who in turn sell cards in batches to lower level criminals who use the data to either buy goods online or print cards to be used in physical stores.

This ecosystem shares a common problem in that stolen credit cards have a very limited shelf-life. As soon as it becomes apparent that a specific merchant has been compromised (Target for example), all of the compromised cards will be quickly deactivated.

This means that freshly stolen and active cards are highly valuable ($100 or more), while older cards can be worth pennies. This is a serious spread, and criminals need to know which sorts of cards they are buying, and the state of the cards they are holding.

To address this challenge, criminals will periodically test a subset of their cards by using them to make small online purchases. Attackers can drop a few hundred credit cards into a botnet programmed to make small purchases, and quickly determine the percentage of cards that are active and working.

Oddly enough, charities such as the Red Cross are a common recipients of these charges because they commonly receive small donations, and the purchase is unlikely to raise red flags with the consumer. Disrupting these validation steps could provide an interesting way to devalue the black-market price of stolen cards, and make the attacks less profitable for an attacker.

Stolen Credentials
End-user credentials (usernames and passwords) are another common target of attackers, and can provide considerable long-term value for additional attacks and fraud.

Unlike payment cards, there are no centralized authorities to deactivate compromised usernames and passwords in the event of a breach. A website that is compromised may lock out affected users so that they have to change their passwords, but there is nothing keeping an attacker from using the stolen credentials at other sites.

A 2011 study from PayPal unsurprisingly found that 60% of users reuse passwords at multiple sites, meaning that a breach at one site can easily spider out to other sites around the Internet.

In order to find sites where credentials are re-used, attackers again turn to botnets in what are called credential stuffing attacks. In these attacks, stolen credentials are fed into distributed botnets, which in turn slowly and deliberately test those credentials against high-value websites.

These attacks can afford to be patient, and will slowly test logins from many different IP addresses to avoid rate and reputation-based triggers that could expose the attack.
This strategy can transform a seemingly innocuous breach into something far more serious. If an attacker is able to take-over a victim’s account on an e-commerce site, they could easily commit fraud in the victim’s name.

Such fraud may take longer to identify because the attacker is using the victim’s real account and from a site that the victim is known to use.

Credentials to social media sites are also highly valuable, enabling an attacker to easily impersonate the victim and infect his or her social networks.

Likewise, compromised personal webmail accounts can be a goldmine for an attacker. Such access not only provides the attacker insight into the victim’s identity, but can also be key to breaking into additional online accounts.

Most sites and applications have an option to reset or resend a user’s password to the email address on file. If the attacker has access to the victim’s email account, he can again use a botnet to proactively find online accounts where that email is used, and then obtain or reset the victim’s password.

These are just a few examples, but it serves to illustrate why it’s important for security teams to consider the lifecycle of stolen data.

In order to monetize a breach, attackers often need to go through additional steps, and this provides additional opportunities to mitigate the effects of a breach.

Likewise, companies can insulate themselves from the impacts of breaches elsewhere on the Internet by knowing how criminals attempt to automatically use stolen data.

This of course won’t prevent breaches from happening in the future, but it certainly is possible to mitigate the damage.

(Image Source: iCLIPART)