TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Firewalls

How To Keep Your E-mail Off The “Naughty” List

Someone’s making a list and checking it twice, but it isn’t Santa. Due to rising e-mail abuse and spam, hundreds of servers at various companies now monitor e-mail accounts to make sure those accounts are not sending out mass e-mails.

If that e-mail account is assumed to be sending spam it is put on the “blacklist.”

Once on the blacklist, your e-mail account is virtually SHUT DOWN because your e-mail is blocked by hundreds or thousands of servers and your message can’t be delivered.

Big companies who give out e-mail addresses like AOL, Google, and Comcast, for example, will cut off e-mail service to anyone who sends an e-mail to a large number of people at once.

Because of this, even if you or your employees innocently send a message to 100 of your clients, you could be without e-mail for days or weeks.

So, how do you prevent this costly and frustrating downtime from happening to you?

Read these tips to find out:

Protect Your Server
Spammers LOVE to find e-mail servers that don’t have a proper firewall, anti-virus, and intrusion protection.

They get a high from hacking into these servers and then using them to send out thousands of e-mails. Plus, with no protection in place, tracking and catching these spammers is nearly impossible.

The right protection will also prevent malware from being installed on your server, which can automatically send spam without human interaction.

Don’t Allow Employees To Forward Messages
Unless it is for work –only related purposes, make a policy that no one is to forward messages like jokes, photos, or videos outside the company.

If just four of your employees send out this kind of an e-mail to 30 of their contacts, that’s well over 100 people receiving junk mail on the same day from the same e-mail server. This puts you at high risk of being blacklisted.

Have Your Clients And Prospects “Opt-In”
Sometimes companies end up on the blacklist because someone on your list complained and reported your message as spam.

If you have your clients and prospects agree via an opt-in form that they want to receive communication from you and confirm their permission, then you’ll have better protection against that.

Also make sure you keep good records of these optins. That way, even if you do get blacklisted, you should be back up and running fairly quickly.

Make Sure Your E-mail Is Set-up Properly
In addition to protecting yourself from hackers and invasions with software and firewalls, you also need to be sure that your e-mail is configured correctly and set-up to block outside relays.

If you’ve got the wrong setting in your e-mail account, you could wind up blacklisted, without any e-mail for days or weeks.

Keep Your E-mail List Up-To-Date
If someone asks to be removed from your list and you ontinue to send messages to him, the chances of him reporting your company as a spammer is pretty high.

Avoid this by using in-house lists (instead of purchasing one) and contracting your list to verify the information.

We use and recommend iContact. They’re excellent commericial email service. To sign up for a free trial, or for more information, go to: http://icontact.extole.com/a/clk/37L8x

Industry Standard Security Best Practices

Network security is a must in any network, but when it comes to a business network, there are a number of security standards and best practices that ensure you have control over your network.

Businesses in certain industries secure. Many different companies require different security standards; one organization for instance is the PCI (Payment Card Industry). The payment card industry has very a strict network security standard.

The below practices are fairly strict and will offer you a great deal of control and protection against data theft and network intrusion.

Modem
We will start from the outside edge of your connection of your network and work our way in from your modem on into client workstations.

The modem is probably the simplest device on the network – you can’t really secure it (beyond performing regular updates), but some ISP’s feature a built in firewall in the modem. This can be turned on or off to work in conjunction with your company’s firewall.

Firewall
The next item to take a look at is your router/firewall. Generally you would have a router that offers several ports you can connect to via a direct Ethernet connection as well as WiFi access.

This firewall will add another layer of protection for when your network connects to the Internet. When configured properly, you would block all unauthorized network connections. As far as protecting the WiFi goes you are best to enable MAC filtering.

Each piece of network hardware has a unique identifying numerical code, called a MAC address. Filtering by MAC lets you set up WiFi so that only devices you explicitly define are allowed to connect to your network.

Once you have MAC filtering in place, you can also encrypt network traffic and use a long secure password. Since the clients on the network will not need to type this password in all the time, it is best to make a complex password containing both capital and lower case letters, numbers, and symbols.

Another option to further increase security when it comes to WiFi connections is to set the access point to not broadcast it’s SSID. This will make it look to the normal person as if there is no wireless connection available.

Server
There are a lot of features that can be enabled at the server to further improve network security. The first item to review is the group policy. Group policy is part of the server operating systems that allows you to centrally manage what your client workstations have access to and how.

Group policies can be created to allow or deny access to various locations on your users’ desktops. You can get as granular as defining a group policy that sets standards on user passwords.

By default, Windows Server 2008’s password policy requires users to have passwords with a minimum of 6 characters and meet certain complexity requirements.

While these settings are the defaults, generally 8-10 characters is recommended as well as mixing upper and lower case letters, numbers, and special symbols. An example of a complex password might be @fF1n!ty (Affinity). This password would meet all complexity requirements and is fairly easy to remember. Passwords should also be forced to reset every so many days. A good time period is roughly 30 days.

One other possible option is to have firewall software installed on the server itself to regulate traffic in and out of the server.

The nice thing about having a firewall on the server itself is that you have the ability to log failed connections to the server itself as well as what that connections is and where it was coming from.

This feature alone gives you a lot more control over the network. For example if you noticed in the firewall logs on the server that a connection you didn’t want getting through was making it to the server you can go back and edit policies on the router/firewall to attempt to further lock down your network from that point as well as blocking it at the server.

One final quick thought on server security is physical security.

Generally it is a good practice to have the server physically locked in a room that only specific people have access to. If you really wanted more control as well you can have the server locked using a system that logs who comes in and out of a room via a digital keypad and their own passwords.

When it comes to your workstations, employees should only be logging into the workstation via their domain login and not using the local admin login.

This will allow you to centrally control via group policy what they can access like stated above. You can also configure roaming profiles so that if someone was to steal a physical workstation they would not have access to any company information as it would all be stored on the server and not that workstation – which is another great reason to have your server locked up.

Employee logins to workstations should also have account lockout policies in place so that if a user attempts to login too many times with an incorrect password, the server would lock them out on that workstation for a time period set by the administrator. One other item you could have in place for various employees is specific time periods their credentials will allow them to log into the systems.

One final step in network security is having good antivirus software installed on your workstations and your server. A compromised machine can be giving your passwords and information away to hackers making it possible for them to waltz right into your network undetected.

You are best protected by having as many of the above security steps configured and working properly on your network.

Determine what your network needs, evaluate the practice after it has been in place for a month and make the proper adjustments to ensure your network is safe. You should also preform regular security audits.

If you would like to see how secure or unsecure your network is give us a call and we can perform a network security audit for you and let you know where you stand!

Featured Article Written By:
Tech Experts

Almost Every Small Business Can Expect To Get Hacked

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Juniper Networks recently commissioned a study on small and medium company network security.

The startling result: Over 90% of US companies reported at least one security breach in the last year, with more than half indicating they experienced two or more significant security problems with their networks.

There’s a misconception among a lot of small business owners that they’re safe from cyber attacks, because small companies offer a smaller payback for hacking efforts.

Small business network security is usually lax

The reality is, security policies and procedures at small companies usually make them an easy and simple target for hackers.

While the payout isn’t as large as hacking TJ Maxx, invading a small business’ network usually takes a lot less effort, and the business lacks a sophisticated response system.

Why is hacking so easy?

A new technique, called spear phishing, let’s hackers target a small group of previously identified people. Sometimes, the attack goes after just a handful of people who work at the same company.

Spear phishing does away with the need for hackers to gain access to your passwords. As more companies start to use social media sites such as FaceBook and Twitter, hackers using spear phishing are finding it easier to “trick” unsuspecting employees into installing crimeware on their company computers. This crimeware let’s the criminals access the computer system directly. Once they have access to one machine on your network, it’s easy to connect to the others.

Recent attacks have highlighted the growing need for companies to implement network security controls to catch the bulk of socially engineered spear phishing attacks.

They also need to take measures to quickly detect and contain security breaches.

The first thing you’ll want to do to protect your business is implement a strong firewall (see Frank’s article on page two) that lets you assign security restrictions for users based on the content of websites, and even keywords that might be potentially dangerous.

The next thing to look at is your company’s acceptable use policy. This can be as simple as a few pages added to your employee handbook that outlines what is and isn’t acceptable behavior on your network.

The final thing to examine is your backup and disaster recovery plan. The hacker’s aren’t giving up, which means it’s time to plan for what comes after a security breach.

Firewalls: What Do They Do And Why Should You Have One?

Firewalls are network security devices that protect your internal network (your servers and PCs) from your external network (the Internet).

We’ve put together a basic guide to firewalls – what they are, when you should have one, and why.

What is a firewall?
A firewall is simply a border between the device and the firewall software is installed and running on (and devices on the LAN side of the firewall) and any other devices on the outside of it.

For example, there are many different kinds of firewalls. Windows firewall gives you very basic features, and is built into Windows.

This firewall is designed to block unwanted access to the computer itself and is not designed to protect the rest of the devices on a network.

Another form a firewall can take is a separate device all together.

Having a device that specifically functions as a firewall gives more control over what the firewall can be used to protect.

For example it is possible to buy a firewall appliance that can be attached to the perimeter of your network and block specific connections to your LAN.

When is it a good time to look into using a firewall?
On most Windows based computers Windows firewall is generally on by default so most people already run a firewall on their computers without even knowing it.

That being said, Windows firewall does not give you anywhere near the control or protection of a dedicated firewall product.

If your business requires very strict security and data compliance, or you intend to store highly confidential information (an example would be client credit card numbers), it may be in your best interest to have a third party firewall.

Third party firewalls offer much greater protection and allow the ability to configure specific rules in much greater detail than Windows firewall.

Having the ability to configure rules with more detail makes it possible for you to lock down your network and its possible security holes more tightly.

The reason this is a good idea if you are storing confidential information on a network is that having a firewall gives you control over exactly what comes in and out of your network.

Without this added security it may be possible for your valuable information to be compromised or copied to a remote location without you even knowing it is happening.

Why have a firewall or invest in a better one?
Three words: Vastly improved security. A third party firewall solutions affords you the best protection for your data and network.

If you have important data to secure, a firewall is an excellent step in protecting your network from unwanted access to your network.

If you have questions about your firewall (or lack of firewall) and would like us to evaluate your network security, please give us a call.

Whether it is security holes left open due to a weak firewall or other possible security issues we can help you secure your data!

Feature article by Tech Experts,
Service Manager for Tech Experts

The Three Scariest Threats To Small Business Networks

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
While spam, pop-ups, and hackers are a real threat to any small business network, there are three security measures that you should be focusing on first before you do anything else.

Worry About E-mail Attachments, Not Spam
Sure, spam is annoying and wastes your time, but the real danger with spam is in the attachments.

Viruses and worms spread primarily through cleverly disguised attachments to messages that trick you or your employees into opening them.

Another threat is phishing e-mails that trick you by appearing to be legitimate e-mails from your bank, eBay, or other financial accounts.

Here are three things you must have in place to avoid this nightmare. First, keep your anti-virus up to date and enabled. This sounds like a no-brainer, but it’s not uncommon for an employee to disable their antivirus software “because it bothers them.”

Second, educate your employees on what is and isn’t allowed on company computers, e-mail, Internet access, etc. One thing that should be on the list is that they should never open suspicious attachments or respond to phishing e-mails. We highly recommend creating an acceptable use policy (AUP) to teach your staff what NOT to do.

Third, put monitoring software in place to maintain the health of employees’ desktops and automatically “police” employees from accidentally visiting a phishing website, downloading a virus, or visiting questionable web sites.

Fear Downloads Before Pop-Ups
Did you know that most computers and networks get infected with viruses because the user actually invited the threat in by downloading a file (screen saver, music file, PDF document, pictures, etc.)?

Again, this comes down to training your staff on what they can and cannot do with your company’s network. Again, the best way to avoid trouble is to remove temptation by installing monitoring software that will prevent employees from downloading or opening dangerous items.

We also recommend installing and maintaining a good firewall, which will block Internet traffic to and from dangerous sites.

Lose Sleep Over Backups, Not Hackers
You are more likely to lose data from hardware failure, accidental deletion, human error, flood, fire, natural disaster or software corruption than a hacker.

Sure, you should do everything to keep hackers out of your network, but not backing up your data to a remote location is incredibly dangerous. At a minimum, you should have an onsite and offsite copy of your data, and you should be testing your data backups regularly to make sure your data can be restored in the event of an emergency.

So, here’s the scary Halloween question for you: If you came into your office tomorrow morning, and your computers and server were destroyed or missing, could you recover your data, and how long would it take?

Raise IT Security Measures And Lower Your Stress

Updating Your Network Security Protects Your Valuable Data

Simplify. Prevent problems. Do it right, not over. These are just a few of the phrases among the most popular published in “Stress Reducing Tips” articles. But, how do you achieve these goals?

Take a look at your IT security measures first. Protecting your information systems from unauthorized use, disruption or destruction can help you reduce the number of stressful incidents that may arise as a result of a vulnerability. How can you decide what level of security is right for your organization?

Dive into a threat and risk analysis.
We can work with you to review the current security mechanisms and determine what needs to be protected. The level of security necessary for your business is largely reliant on the possible threats. If you have many employees, you may have a greater interest in user account changes versus a small dental practice whose chief concern is confidentiality.

Take advantage of our Free Network Audit and learn about the current options available for firewalls, controlled accessibility, anti-virus, spam filtering and much more.

Take time to develop a plan. Listen to employee feedback, analyze your current operations and review key points for development within your company in order to simplify business processes and protect your company data.

Think of the future.
Is your organization in growth mode or are you looking to stabilize your current position? Many clients come to us with only a few changes and end up with many things they would like completed to help increase security, increase efficiency, decrease operating costs or prepare for the future.

Prevent problems.
Security is everyone’s responsibility. According to Datapro Research, the most common causes of damage are: Terrorism, 3%; water, 10%; technical sabotage, 10%; dishonest people, 10%; fire, 15%; and, finally, human error, 52%. Unfortunately, 81% of this damage is caused by current employees.

You could install the most elaborate security and computer protection systems available, but if passwords are written on sticky notes and stuck to computer monitors in the office, or saved in Word documents, we cannot guarantee security.

New threats and vulnerabilities emerge everyday that can endanger your company. Take a preventive approach to managing your information systems with reliable security measures and proper staff training.

Firewalls and virus protection must be current. If you don’t know if these measures are in place, we can help you identify current software installed and enable or update them if necessary. A good anti-virus or firewall solution will automatically update itself as new updates are available.

Spam filtering is essential and can solve many e-mail problems that plague your inbox. Everyday spammers find new ways to get into e-mail inboxes. A lot of spam is simply unwanted advertising that is just annoying and takes up space. Some, though, are used to transmit viruses, adware or spyware that can eventually infect your entire network.