TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

Strong Passwords Keep Your Personal Information Secure

A recent ZoneAlarm survey revealed that 79 percent of consumers use risky password construction practices, such as including personal information and words.

The survey also revealed that 26 percent of respondents reuse the same password for important accounts such as e-mail, banking or shopping and social networking sites.

In addition, nearly 8 percent admit to copying an entire password found online in a listing of “good” passwords.

Given these numbers, it’s no wonder that 29 percent of respondents had their own e-mail or social network account hacked, and that over half (52 percent) know someone who has had a similar problem.

The first step a hacker will take when attempting to break into a computer or secure account is try to guess the victim’s password.

Automated programs are available to repeatedly guess passwords from a database of common words and other information.

Once a hacker gains access to one account, almost 30 percent of the time that information can be used to access other sites that contain financial data such as bank account numbers and credit card information. To ensure you stay safe online, here are a few tips for creating a strong password.

Use Unique Passwords For Each Account
Choose different and unique passwords for each account.

Passwords Should Be Eight To Ten Characters Long
Choose a password that is at least eight to 10 characters long. This should be long enough to prevent brute force attacks, which consist of trying every possible combination of a password until the right one is found.

Avoid Using Personal Information
Make sure your password is difficult for someone to guess. Do not use names of any kind, including your login name, family member’s name or a pet’s name. Also avoid using personal information such as a phone number, birthday or place of birth.

Avoid Words In The Dictionary
Avoid words that can be found in the dictionary. With the availability of online dictionaries, it is easy for someone to write a program to test all of the words until they find the right one.

Avoid Repeating Characters Or Sequences
Stay away from repeated characters or easy to guess sequences. For example: 77777, 12345, or abcde.

Use Numbers, Letters And Special Characters
Choose a password that is a mixture of numbers, letters and special characters. The more complex and random it is, the harder it will be to crack.

Use Word Fragments
Use fragments of words that will not be found in a dictionary. Break the word in half and put a special character in the middle.

Frequently Change Your Passwords
Change your passwords often. Even if someone cracks the system password file, the password they obtain is not likely to last long.

Cyber crime is on the rise. Taking the time to actively choose secure passwords will protect your identity, banking information and personal information. And remember, writing your password on a sticky note on your monitor isn’t secure!

The Three Scariest Threats To Small Business Networks

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
While spam, pop-ups, and hackers are a real threat to any small business network, there are three security measures that you should be focusing on first before you do anything else.

Worry About E-mail Attachments, Not Spam
Sure, spam is annoying and wastes your time, but the real danger with spam is in the attachments.

Viruses and worms spread primarily through cleverly disguised attachments to messages that trick you or your employees into opening them.

Another threat is phishing e-mails that trick you by appearing to be legitimate e-mails from your bank, eBay, or other financial accounts.

Here are three things you must have in place to avoid this nightmare. First, keep your anti-virus up to date and enabled. This sounds like a no-brainer, but it’s not uncommon for an employee to disable their antivirus software “because it bothers them.”

Second, educate your employees on what is and isn’t allowed on company computers, e-mail, Internet access, etc. One thing that should be on the list is that they should never open suspicious attachments or respond to phishing e-mails. We highly recommend creating an acceptable use policy (AUP) to teach your staff what NOT to do.

Third, put monitoring software in place to maintain the health of employees’ desktops and automatically “police” employees from accidentally visiting a phishing website, downloading a virus, or visiting questionable web sites.

Fear Downloads Before Pop-Ups
Did you know that most computers and networks get infected with viruses because the user actually invited the threat in by downloading a file (screen saver, music file, PDF document, pictures, etc.)?

Again, this comes down to training your staff on what they can and cannot do with your company’s network. Again, the best way to avoid trouble is to remove temptation by installing monitoring software that will prevent employees from downloading or opening dangerous items.

We also recommend installing and maintaining a good firewall, which will block Internet traffic to and from dangerous sites.

Lose Sleep Over Backups, Not Hackers
You are more likely to lose data from hardware failure, accidental deletion, human error, flood, fire, natural disaster or software corruption than a hacker.

Sure, you should do everything to keep hackers out of your network, but not backing up your data to a remote location is incredibly dangerous. At a minimum, you should have an onsite and offsite copy of your data, and you should be testing your data backups regularly to make sure your data can be restored in the event of an emergency.

So, here’s the scary Halloween question for you: If you came into your office tomorrow morning, and your computers and server were destroyed or missing, could you recover your data, and how long would it take?

Fall Is The Perfect Time For An IT And Network Checkup

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

To make the most of your IT investment,  you don’t need to be a technology whiz. However, you should have a plan in place for making the most of your company’s data. As fall approaches, now is an excellent time to examine your company’s technology to determine what’s working well and what could be improved.

Is It Time To Update?
Technology changes rapidly. While your systems may appear to be working well, you may be missing out on new ways to protect your business information, help your business run more efficiently, and better serve your customers.

For example, to run some of today’s most powerful programs, you need a fast and large hard drive with significant memory capacity.

You might consider adding newer technology – such as wireless capabilities – to older equipment; but the cost of upgrading a computer is often more than the cost of a new model.

Check Your Power Protection
Loss of electrical power and power surges are the most common causes of data loss and weaken computer components. If your business depends on computers, protecting the power source is critical.

This is especially important if your area is prone to power fluctuations or electrical storms.

An Uninterrupted Power Supply (UPS) unit offers both superior surge protection and, depending on the model, anywhere from 15 to 45 minutes of backup power-enough time to save and copy critical files.

The idea of a UPS isn’t to continue your business dealings while the lights are out. Rather, it is to ensure that your data is available when the lights come back on.

Have You Patched Windows?
Have you installed the latest version of Windows on your computer, and do you keep it updated? Do you do this automatically?

It is incredibly important that you keep Windows and your software applications current. Updates improve performance, fix bugs, and many add new features. You should also regularly update and run anti-virus software.

How’s Your Backup?
Consider storage needs in terms of both capacity and physical location. Depending on the amount of data, you can back up to USB flash drives, CDs, DVDs, tapes, or an external drive.

You might also want to look into off-site backup. Our Experts Total Backup System is an excellent backup, disaster recovery, and offsite storage service.

Integrate Your Data
Over the years, businesses tend to produce multiple silos of data. Your inventory, sales data, and marketing information need to be linked together to better serve your customers and increase your company’s productivity and profitability.

Without this integration, you may not know who your best customers are or you could end up agreeing to provide a top customer with an item you don’t have in your inventory.

Number One Security Risk For Small Business: Poor Patching

Symantec, one of the leading antivirus software companies, released their 2009 security review, and according to the report, the largest single threat to small business’ computer security is the failure to apply new security patches as they’re released by the manufacturers.

A “security patch” is simply a software fix to a security problem in a software application.

Once a security vulnerability is discovered, software companies rush to develop a security patch to prevent hackers from using the security breach to access PCs or servers, obtain confidential information, or erase files.

When the fix is released, cyber criminals often look at that as the best time to write a virus or trojan to exploit computer users who haven’t kept their systems up to date. That’s why regular server maintenance is so important.

With the national economy teetering on recession, more and more hackers are trying to take advantage of unsuspecting computer users. Economies of scale often come into play with cyber attacks – a well written trojan or virus can spread like wildfire in just a few hours.

Even if hackers are only successful in compromising a few hundred machines, that’s more than enough to obtain information that’s useful to steal someone’s identity or hold their electronic data hostage.

The real problem – most of the time, you can’t tell you’ve been hacked until it’s too late.

Since the majority of small business owners use their computers for everything from banking to client management, anything a hacker obtains will be useful.

PDF’s Can Be Dangerous
Adobe’s PDF application is the most hacked and exploited software program in use by small businesses. PDF-based security exploits rose to account for 49 percent of online attacks. Coming in second was Internet Explorer, accounting for 18 percent of webbased attacks.

Here’s an interesting fact: The Internet Explorer vulnerability that makes up the majority of the 18% is the Microsoft Internet Explorer ADODB> Stream Object File Installation Weakness that first came to the world’s attention in August 2003. Microsoft released a patch the following July.

Nearly six years later, this Internet Explorer exploit is still being used by hackers, which means an incredible amount of businesses simply aren’t patching their systems on a regular basis.

Regular Maintenance Is A Must
It seems strange to think of your computer this way, but it helps to think of your PC as an automobile. You know that to keep it in top running condition, you have to change the oil, rotate the tires, and flush the radiator once in a while.

Your computers and servers aren’t any different: To maintain optimal running condition, you have to perform regular, scheduled maintenance.

Downtime is expensive. When you consider the cost of lost employee productivity, the expense of the IT services to repair your network, and the amount of time it would take to recover your data by hand, the investment in regular maintenance seems a wise choice.

We perform regular, scheduled maintenance for the majority of our service contract clients – but if you’re not on one of our service plans, we should definitely talk about a comprehensive maintenance and update schedule for your business. If you’re not patching regularly, it’s only a matter of time before your system is compromised.

What is a Trojan Virus and How Does It Affect You?

We have all experienced the unfortunate virus infection on our computer; it’s not fun and most times it causes down time on the computer, cost to have it  fixed, loss of data, and possible identity theft.

A trojan horse or trojan is a program that presents itself as one  thing (anti-virus or a game) butactually works in the background to gain unauthorized access to information in a computer.

A trojan virus can steal all sorts of information on your computer such as credit card information, passwords, bank information and then sends the information to the virus creators who can use this information for malicious gains and identity theft.

When you are infected with a trojan infection you will also notice a substantial difference in the speed of your computer and you may even experience several pop-ups related to adult content, casinos, etc.

Don’t click on any of those pop-ups as those will only make the infection harder to remove.

The trojan infection can spread from one PC to another very quickly from e-mails and attachments sent from the infected computer.

It can even corrupt data on a hard drive which will lead to system crashes and deletions of computer files.

Trojan Win32
One of the most dangerous of all trojans is the Trojan.Win32, which is also referred to as the Win32 Trojan. This dangerous infection masquerades on your computer asa legal program, hides from the user and allows remote third parties to take partial or full control of your computer and can record keystrokes.

It can also alter the security settings of your computer to allow more malware to be delivered and installed onto the computer.

How Does it Get Into My Computer?
We have clients ask all the time, “How did my computer get infected?” Most times these infections come from freeware applications that they downloaded, free online games that were downloaded, anti-virus not being updated, firewall settings, computer security settings set too lenient, or from not performing regular updates on the operating system.

The trojan infection wraps itself inside legitimate software such as games, videos, virus and spyware programs, or any commonly downloaded file. In the end, the user ends up with a malicious piece of software that does something entirely different than what it was supposed to do.

Now that you have a general idea of what a trojan is and the most common ways that they get into your computer, what do you do if you are infected?

The first thing that you should do once you notice the infection is to shut down the computer and do not use it for anything.

If you have never dealt with virus removals before then you’ll probably want to work with a professional IT company to do the virus removal, since if not done correctly, the removal process can cause more damage than the trojan.

If you do need to get on the computer to pull some files off, disconnect it from the Internet. That way, no personal information can be sent out from thecomputer such as your credit card or banking information.

Then, you’ll want to work with your IT provider to have a virus clean-up done on the computer. The goal is to get you back online and using your computer safely.

At Technology Experts, we work with clients on virus infections on a day to day basis. Our technicians have several tools and processes to remove virus infections without damaging your system or data.

Online Banking: Five Steps To Protect Yourself

I was reading the Wall Street Journal website recently, and came across an interesting article about online bank fraud. The article was about a small business owner in California had over $100,000 stolen from his bank account.

He only recovered about $50,000 of it back. The other $50,000 went to a bank in Europe, where mules (someone who receives the stolen money) started to withdraw the money from the bank account.

How did this happen? The business owner had spyware on his computer that transferred his banking username and password to the hackers. I always shake my head when I read an article like this, because I know it could have been easily avoided.

Anti-virus and anti-spyware
The first step in protecting yourself is to make sure your computer has anti-virus and anti-spyware installed.

If you’re doing online banking, make sure that you’re using commercial quality protection – not something you download from the Internet for free.

The stronger your first layer of protection, the safer you are online.

We see computers every day that don’t have this simplest of protection installed; or, worse, the business owner has installed protection software, but then fails to keep it updated or renewed.

Unified threat management
The next step is to invest in a unified threat management (UTM) firewall. A UTM firewall is miles ahead of the simple DSL or cable routers you’d pick up at the office supply store.

They offer solid protection against viruses, hackers, spyware, and the host of other Internet dangers.

The device scans all Internet traffic in real time, and can protect you even before the anti-virus and antispyware vendors have updated their software for new attacks.

UTM firewalls can also implement web filtering and prevent the computer from reaching the intended attacker.

Web filtering can block access to websites that contain malware and spyware; it can also protect employees from going places they shouldn’t be.

Fortinet is our preferred vendor that makes firewall appliances that do what I describe above. A dedicated firewall and UTM appliance is very effective in helping prevent an attack such as this.

Block SPAM at the source
One of the sneakiest ways hackers can compromise your computer is through email, so you’ll want to look for a rock-solid spam filtering solution. Numerous cloud based (hosted) solutions exist that are very inexpensive. A good spam filter will keep viruses, phishing and other attacks from hitting your email. Reflexion is our favorite cloud based email filtering solution. The product is easy to use, well supported and extremely effective.

With online banking, phishing attacks are very common. Someone creates an email that looks like your bank in an attempt to collect information, you click on the link, and next thing you know, the hackers have your login and password.

Personally, I never open emails from my bank. Most banks will not contact you for important account information with email.

Perform regular maintenance
The fourth step to keeping your computers safe is patch management. Microsoft releases security updates for Windows nearly very week. Having a trained IT professional ensure patches are applied correctly – and quickly – will protect you from any security holes in the software that you’re running.

Most small businesses should look at one of our managed service plans, which provides you with “whatever it takes” service at a low fixed monthly cost.

Pay attention
The final step is a matter of common sense. Most people will go to potentially hazardous websites or click on something they shouldn’t have. My suggestion is if you are doing Internet banking, it should be on a computer that is used the least.

If you are going to go to questionable websites, don’t do it on the computer where you do your banking.

Network Security: Keep Your Network Environment Secure

As more and more people rely on the Internet to get things done in their daily life, network security is more important than ever. Typically, small businesses and home network users haven’t had to worry much about security.

Poor network security exposes you to viruses, spyware, and most dangerous, cyber criminals a.k.a. hackers.

These guidelines and best practices can help eliminate, or at least mitigate, the majority of network breaches and security vulnerabilities.

Security Policy
An active security policy is always the most important item for protection of your network, whether it is in your home or in a business environment.

This is simply a statement, or guideline of the rules and how security is setup in the organization.

This role will govern the level of security users are allowed access to on the network. The roles and responsibilities of each person on the network, as they are part of the system, should be clearly defined.

Passwords
Although the most obvious, it is definitely one of the most important,and often, most neglected ttems.

Be sure to enforce strong passwords across your network – a weak password could lead to a user account being compromised.

Email
Certain email attachments can become a major problem if the wrong one is opened, and a lot of the time it is by accident.

Some of the most common file types to block would be: .bas, .bat, .vbs, and .exe.

Patches/Updates
Be sure your operating system is up to date with most recent patches, security updates, and service packs. This will close many of the vulnerabilities that can be exploited by hackers.

Inventory
Keep a good inventory of your network devices by developing and maintaining a list of all hardware and software components that are implemented on the network.

Try to understand which software applications should be installed, and which provide a weak security configuration so you can monitor those applications.

Adopt The Least Privilege Concept
The least privilege concept influences the network and/or systems administrator to create custom policies for having permissions and access to network resources.

Try to allow only what access is absolutely necessary to users, not giving them more rights to the system than they should have.

Remote Access
Certain ports can be blocked to keep unwanted users from remotely accessing your network and any of its resources.

If you’re one of the many small business owners who also works from home on occasion, there should be a security policy in place for VPN (virtual private network) access and your IT support company should assist with getting connected properly.

Keeping these simple guidelines in mind when thinking security on your network, and you’ll prevent several possible problems from happening, as well as maintaining a safe and effective performing work environment for work and for pleasure, in home or in business.

Do You Know What Junk Email Costs Your Business?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

I used to think of junk email (spam) as just minor nuisance. Not so anymore. Today, spam is a major problem that costs businesses more than $100 billion a year in lost productivity and mitigation and prevention measures.

Spam used to be sent primarily by small time hackers trying to sell hair restoration, fake university degrees, and of course, anatomy enhancement pills.

The junk mail to real mail ratio was small, and spam didn’t take up a lot of room in email boxes. Spam didn’t place a huge burden on email servers, and they were easy to block.

Today, small time scammers are still responsible for some of those spams. The majority, however, are the work of organized criminals who use spyware and botnets to flood inboxes with an unprecedented amount of junkmail.

Spam profits can be huge. Hot stock tip scams, where criminals use spam to artificially create interest in a stock and raise the share price, can net the spammers millions of dollars.

Phishing scams, designed to steal your identity, can provide criminals with access to a mass amount of credit card data and sensitive corporate information.

Estimates put the cost of phishing alone at more than $8 billion in 2009.

With so much money at stake, spammers are constantly looking for new ways to get their junk emails past spam filters and to make their scams appear more convincing.

It has also drove an increase in the volume of junk mail. More than 2.8 million emails are sent every second – over 247 billion per day. Over 90% of that is junk email.

The cost to business
So, how does spam cost your business money?

Lost productivity: Experts put the labor cost of deleting each junk email at around four cents. By itself, that’s not all that significant. Multiply that, though, by perhaps 20 employees, each deleting 50 junk emails per day, and you’ll be spending over $14,000 over the course of a year.

Computer and network costs: Spam sucks up Internet bandwidth, and server storage space, both of which are significant costs to your business. This is especially true since a lot of spammers are using attachments to get around spam filters.

Security breaches and infections: Most malware and spyware infections are distributed via hacked websites. Even so, email has become more and more popular for infecting innocent users.

If your network becomes infected as the result of spammed spyware or malware, you’ll be facing a potentially expensive clean-up operation.

Phishing emails can lead to the exposure of sensitive corporate or financial information.

What you can do
The most effective way to prevent spam is to block it before you see it. We have dozens of clients with several hundred e-mail accounts currently utilizing our e-mail filtering system. We eliminate over 98% of the junk mail you normally would receive before our clients ever see it.

Our Experts Total Defense spam filtering system lets only the relevant and important messages come through.

You’ll have a clean inbox every day, and your Blackberry won’t ring all day with junk emails. You and your staff will become much more efficient and e-mail will be more useful again.

Plus, Experts Total Defense offers email archiving and off-site storage, saving valuable drive space on your servers.

You can use our filtering system if you have email hosted with us, or if you have your own in-house e-mail server (like Microsoft Exchange and Small Business Server). Give me a call if you’d like more information.

FBI: Rogue Antivirus Scammers Have Made $150M

They’re the scourge of the Internet right now and the U.S. Federal Bureau of investigation says they’ve also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs.

The FBI’s Internet Crime Complaint Center (ICC) issued a warning over fake antivirus software, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers.

This software can appear almost anywhere on the Web. Typically, the scam starts with an aggressive pop-up ad that looks like some sort of virus scan. Of course, the scan turns up problems, and the pop-up says the only way to get rid of them is to pay with a credit card.

This is always a bad idea. At best, the software is subpar. At worst, it could result in viruses, Trojans and/or keyloggers being installed on the computer. Identity thieves often use keyloggers to gain access to credit
card numbers, bank account information, and computer users’ social security numbers.

The tactics of the scareware have caused significant losses to users. The FBI is aware of an estimated loss to victims in excess of $150 million.

The IC3 says that users who see these unexpected antivirus pop-up warnings should shut down their browsers or their computers immediately and then run an antivirus scan to see what’s going on.

Think Security Is a Problem Only for Big Companies? Think Again!

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Information technology (“IT”) security is sometimes thought of as a problem only for the largest companies, whose data protection lapses expose customer information and result in front-page coverage.

Small and mid-sized businesses,of course, are just as susceptible to malware and network intruder attacks. In some cases, small companies confront a greater challenge. While large businesses and government agencies employ chief information security officers and IT security staffs, smaller firms usually don’t. This places the small business owner in a DIY situation.

Small businesses face many security vulnerabilities, but the SANS Institute, a think tank that focuses on IT training and certification, cites two pressing problems: unpatched software running on PCs and vulnerable web-based applications. Email attacks, dubbed “spear phishing,” specifically target unpatchedvulnerabilities in frequently used products, such as Adobe Acrobat, QuickTime and Microsoft Office.

The second factor, at-risk web applications, account for a sizable chunk of known security gaps. Assaults focused on web applications represent more than 60 percent of the total attack attempts observed on the internet, according to SANs.

Getting a Grip
Making sure current security patches are installed on applications and shoring up web application defense are just two chores small company owners face. They need to consider internal lapses – such as employees divulging intellectual property via e-mail – as well as external threats. In addition, many firms must meet regulatory compliance directives. A retailer handling credit card data must comply with the Payment Card Industry Data Security Standard.

With all of the security issues and products to address them, small businesses may have trouble knowing where to begin.

A vulnerability assessment, also referred to as a risk analysis, comes in handy here. Such an assessment aims to define the scope of an organization’s security issues, thereby identifying likely areas for investment in protection.

The key steps in a vulnerability assessment include taking stock of a company’s IT assets – servers, applications, networks, client-side devices among other gear. With this census in hand, a business can move on to prioritize assets according to their value to the business. The next phase is to zero in on vulnerabilities, starting with the more important assets.

Getting Started
Small businesses seeking to start down the vulnerability assessment track can turn to a few self-help resources. For example, the National Institutes of Standards and Technology (NIST) offers its eScan Security Tool, which was designed for small businesses: https://www.mepcenters.nist.gov/escan/.

The tool prompts users through a series of questions that touch upon such topics as computer virus protection, back-up policies, and the physical security of computer systems. At the end of the questioning, the tool generates a report with suggestions for improving IT security.

NIST also offers a guide to small business information security, which includes a section on identifying and prioritizing information. You can download a copy at http://csrc.nist.gov/publications/drafts/ir-7621/.

Small business owners can also opt to hire an IT consultant to help conduct theassessment. The task of automated vulnerability scanning, for instance, may call for an expert who can interpret the results and distinguish between “false positives” and legitimate concerns.

An company must take care in hiring an outsider. The consultant will learn all about your weaknesses and must be of the highest integrity. Client lists and referrals should provide the evidence. Security certifications, whether vendor-specific (e.g., Cisco Certified Security Professional) or independent (e.g., Certified Information Systems Security Professional), also help guide selection.