TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

Important Security Alert To Anyone Using Instant Messaging

According to the Radicati Group, 85% of businesses—both large and small— are now using instant messaging (IM) as a communication tool.

Unfortunately, hackers are rapidly developing ways to use IM to spread viruses and gain access to computers and networks. Instant-messaging security vendors have reported an exceptionally high spike in attacks in recent months.

IM attacks work similar to e-mail viruses; the sender tries to get the user to click on a link that takes them to a website where they’ll be infected with a virus, or it tries to get the user to download a file. Many of these attacks appear to be from legitimate sources or people on a “buddy” list.

Just recently, researchers discovered a threat on AOL’s instant messenger system, but tens of thousands of computers had already been infected. Hackers then used a program to upload movies to the victim’s hard drive and use their computer as a vehicle for sharing it with others.

These attacks are also getting more complex. Savvy IM users will often reply to an IM and ask their buddy if the link or file sent was safe. However, hackers have now developed an intelligent bot that will actually automatically respond to the message confirming the file or link is safe.

Just like viruses, worms, and other security threats, businesses need to put measures in place to protect themselves from these new threats. The first step is educating your employees about these threats through your employee’s acceptable user policy. However, since there is always a chance someone will click on a link or download a file, education is not enough.

If you currently use IM, we urge you to contact our office about installing the proper software and security measures to make sure you don’t fall victim to these growing attacks.

How To Pick A Good Password

What’s the most common password? You guessed it…”password.” Obviously this is not the best way to protect yourself against hackers and online thieves. But even if you don’t use the word “password,” you might be using an equally easy password to decipher.
We suggest you DON’T use the following passwords for really important web sites, such as your online banking web site or other financially related sites.
• Your name or your spouse’s name.
• Your children’s names.
• Your pet’s name.
• Your birth date.
• The last four digits of your Social Security number.
• Your phone number.
• Your address.
• A series of consecutive numbers, such as “1, 2, 3, 4.”
• A single word that would appear in a dictionary.
Your best bet for creating a strong password: Use combinations of letters, numbers and special characters.

How To Keep Hackers At Bay

No one wants to have their network “hacked,” but what exactly can a hacker do?

Plenty, and you are right to be afraid!

One common way for hackers to access your network is through spyware or viruses, which are malicious programs written to imbed themselves into your network to gather private information, steal financial data, access passwords, e-mail addresses, and spread themselves to other users. But one of the most common ways for hackers to access your system is through e-mail, or spam e-mail to be more specific.

Phishing is when a hacker sends you a legitimate looking e-mail from a trusted source — like PayPal, your bank, eBay, or any number of other legitimate business web sites. These e-mails will tell you that your account is expired or will be closed if you don’t go to a designated web site and update or verify your account information.

Although you may have seen these e-mails before, be very careful! Hackers are brilliant at making not only the e-mail seem legitimate, but also at making the web site you go to look like the real thing.

If you fall prey to their scam, the site will gather your private information and then use that to access your bank account or to charge your credit card. To protect yourself, install a spam filter and NEVER open or respond to any e-mail requesting account verification. Instead, call the company. If it is a legitimate request, you can verify that with them over the phone.

School is Back in Session

How to Keep Your Kids Safe Online

With school back in session, thousands of children will be surfing the Internet to conduct research, chat with their new classmates and complete homework assignments.

Although the Internet provides a tremendous learning tool for children, left unchecked it can also expose them to inappropriate material and unscrupulous individuals looking to exploit innocent children.

The Statistics of Online Abuse Towards Children Are Alarming

According to a survey conducted by NetAlert, nearly one child in every five has been approached online by a stranger, and 45% have been exposed to material that is pornographic, sexually explicit, violent, racist, or that encourages them to participate in dangerous or illegal activities.

One of the biggest threats are social networking sites like MySpace.com.

But MySpace isn’t the only threat.

According to Highlights of the Youth Internet Safety Survey conducted by the U.S. Department of Justice, one in five children received unwanted sexual solicitations online. There are a growing number of pedophiles using the Internet to gain a child’s confidence and arrange face-to-face meetings.

These cyber criminals are using everything from spam e-mails to online messaging, kid’s chat rooms, and misleading domain names to trap children. If your child uses the Internet, you must take measures to protect them from these dangers.

As part of our back-to-school newsletter edition, we’ve outlined 3 things you should be doing now to keep your kids safe online.

3 Things You Can Do Right Now To Protect Your Children Online

1. Install web and e-mail filtering software to prevent your children from viewing inappropriate material. We recommend using www.bsafeonline.com. Not only will this prevent your children from visiting inappropriate web sites, but it will also stop inappropriate spam.

2. Talk to your kids about online safety and proper Internet usage. Set limits and guidelines about when they can go online, what they can do, and how long they are allowed to be online. Explain why it is dangerous for them to “chat” with strangers online or download suspicious looking files.

3. Give your children specific online guidelines or rules to follow when using the Internet. It’s not enough to warn them about potential risks; pedophiles know how to cloak their identity and gain a child’s confidence to arrange face-to-face meetings.

Require Your Kids To Follow These Rules Online:

  • I will not give out personal information such as my address, telephone number, parents’ work addresses, or our e-mail address to anyone online.
  • I will tell my parents right away if I see a web site, e-mail, or message that makes me feel uncomfortable.
  • I will never send my picture to anyone online or upload my picture to any web site without my parent’s knowledge and permission.
  • I will never agree to meet someone face-to-face whom I met online without my parents’ knowledge and permission.
  • I will not respond to any messages that are mean or that make me feel uncomfortable in any way.
  • If I get a message like that, I will tell my parents right away so that they can contact the online service.
  • I will never give my parents’ financial information to anyone, especially their credit card information, bank account information, or social security number.

If you want more information on how to keep your children safe online or to report illegal, violent, or explicit acts towards children, go to www.cybertipline.com.

This site is run by the National Center for Missing & Exploited Children and is a great resource for parents, teachers, and guardians.

 

Raise IT Security Measures And Lower Your Stress

Updating Your Network Security Protects Your Valuable Data

Simplify. Prevent problems. Do it right, not over. These are just a few of the phrases among the most popular published in “Stress Reducing Tips” articles. But, how do you achieve these goals?

Take a look at your IT security measures first. Protecting your information systems from unauthorized use, disruption or destruction can help you reduce the number of stressful incidents that may arise as a result of a vulnerability. How can you decide what level of security is right for your organization?

Dive into a threat and risk analysis.
We can work with you to review the current security mechanisms and determine what needs to be protected. The level of security necessary for your business is largely reliant on the possible threats. If you have many employees, you may have a greater interest in user account changes versus a small dental practice whose chief concern is confidentiality.

Take advantage of our Free Network Audit and learn about the current options available for firewalls, controlled accessibility, anti-virus, spam filtering and much more.

Take time to develop a plan. Listen to employee feedback, analyze your current operations and review key points for development within your company in order to simplify business processes and protect your company data.

Think of the future.
Is your organization in growth mode or are you looking to stabilize your current position? Many clients come to us with only a few changes and end up with many things they would like completed to help increase security, increase efficiency, decrease operating costs or prepare for the future.

Prevent problems.
Security is everyone’s responsibility. According to Datapro Research, the most common causes of damage are: Terrorism, 3%; water, 10%; technical sabotage, 10%; dishonest people, 10%; fire, 15%; and, finally, human error, 52%. Unfortunately, 81% of this damage is caused by current employees.

You could install the most elaborate security and computer protection systems available, but if passwords are written on sticky notes and stuck to computer monitors in the office, or saved in Word documents, we cannot guarantee security.

New threats and vulnerabilities emerge everyday that can endanger your company. Take a preventive approach to managing your information systems with reliable security measures and proper staff training.

Firewalls and virus protection must be current. If you don’t know if these measures are in place, we can help you identify current software installed and enable or update them if necessary. A good anti-virus or firewall solution will automatically update itself as new updates are available.

Spam filtering is essential and can solve many e-mail problems that plague your inbox. Everyday spammers find new ways to get into e-mail inboxes. A lot of spam is simply unwanted advertising that is just annoying and takes up space. Some, though, are used to transmit viruses, adware or spyware that can eventually infect your entire network.

Take Caution Before Opening your Next e-greeting Card

According to a new article in PC Magazine, cyber criminals are now starting to exploit e-greeting card sites in an attempt to steal confidential information.

In 2007, nearly 1/3 of infected e-mail messages contained a phishing scam, while 7 percent of such e-mail messages masqueraded as an electronic greeting card and directed the target to a malicious site.

Here’s how it works: Hackers place a malicious hyperlink in the e-mail greeting, which first sends the user’s web browser to an exploit server that checks to see if the user’s machine has the most up-to-date security patches.

If it’s unpatched, the server silently force-downloads a rootkit and a keylogger onto the user’s computer before redirecting the web browser to an authentic Yahoo greetings card.

On the user-facing end, the victim clicks the link to view the card. However, the card does not let them know who sent it. The victim closes the card and goes about his business without realizing arootkit was delivered to his PC before he even picked up the card.

How do you avoid this from happening to you? First, never open emails from unknown sources. Second, make sure your PC/Servers always have the most up-to-date security patches. And finally, always maintain an active, up-to-date anti-virus software.

Has Your Computer Been Taken Over By a Bot?

David Perry, global director of education for security software provider Trend Micro, was recently quoted in PCWorld as saying, “An unprotected [Windows] computer will become owned by a bot within 14 minutes.”

A bot is an automated program that takes over your computer and uses it as a spam machine, to copy your personal information, such as credit cards numbers, or something equally as evil.

One way to spot a bot is to be aware of network activity when you aren’t on the Internet. You can put a network status light in your system tray. If you see it blinking when you are not using the Internet, there might be a problem.

Do this: In Windows XP, choose Start, Control Panel, Network Connections. You will see an icon for your network connection. Right-click the network connection and select Properties from the popup menu. Check “Show icon in notification area when connected,” and click OK.

Remember, lots of unexplained network activity can mean your computer is “owned” by a bot.

Double check by going to one of several free scanning sites such as McAfee Free Scan or Trend Micro’s House-Call. Then buy antivirus software, install a firewall, and never open e-mail attachments from unknown sources.

Do You Roll Out The Red Carpet For Identity Thieves?

Just about every web site you visit these days wants you to register and choose a password, especially when making a purchase.

However, if you do this carelessly, you may be setting yourself up as an easy prey for online criminals.

Although we know we should choose unique and hard to decipher passwords that contain both numbers and letters, most people still use easy to remember passwords and words for their convenience.

Below are the top 10 passwords used online according to PC Magazine. If you are using any of the following, you’re putting a big red bullseye on your account for identity theft:

  1. password
  2. 123456
  3. qwerty
  4. abc123
  5. letmein
  6. monkey
  7. myspace1
  8. password1
  9. link182
  10. [your first name]

If you want to avoid having to remember dozens of hard-to-remember passwords, Robo Form is a great FREE software you can download without having to fear adware or spyware. RoboForm was named PC Magazine Editor’s Choice, and CNET Download. com’s Software of the Year.

After you download the software, it memorizes your passwords and logs you in automatically to every web page with one click.

Best of all, it encrypts your passwords and generates random passwords that hackers cannot guess. You can even back up your passwords so you can copy them to another computer.

How To Keep Your Laptop Safe and Secure

You can’t beat the convenience of checking e-mail and hopping on the Internet at (Wi-Fi) hotspots found in airports, coffee shops, and bookstores. For the uninitiated, hotspots are areas where you can use your wireless laptop to surf the Web.

But the question you have to ask yourself is, just how safe are hotspots? With the proliferation of hackers, viruses and identity theft at an all time high, you’re smart to be concerned. Wi-Fi spots are very attractive to hackers because they can use what’s called an “evil twin” connection to access your laptop.

An evil twin is a hotspot set up by a hacker to lure people from a nearby, legitimate hotspot. For example, when you log in at your favorite coffee shop, you might actually be logging onto the evil twin Internet connection set up by the innocent-looking person working on a laptop at the next table. The most dangerous evil twins remain invisible and allow you to do business as usual. But in the background, they record everything you are typing. Buy something online and they are recording your credit card information. Log on to your bank account, and they can grab your password.

So what can you do to make sure you are not giving an evil twin access to your laptop?

First, know the name of the hotspot you’re going to use by asking someone who works there. Some businesses will give you printed instructions that include the hotspot name. But be careful. Hackers will name their evil twin network by a very similar name as the real hotspot, and may even show up as a stronger signal.

The best protection you can have is connecting via your company’s VPN (virtual private network). A VPN will protect your online information by encrypting your data and activity even if you’re connected through an evil twin.

If you don’t have a company VPN, you should assume that someone is looking over your shoulder and recording everything you type in. Therefore, the BEST protection without a VPN is to never type in information such as credit cards, passwords, or social security numbers when connected to a public Wi-Fi hotspot.

The Simple Document That Could Save Your Company From Complete Disaster

It’s official: end users are the weakest link in the IT security chain. You can set up a firewall, encryption, anti-virus software, and password protection up to your ears, but it won’t save you from the employee who posts his access information to a public website.

Most security breaches, viruses, spyware, and other network problems are a result of human error—an end user unknowingly downloading an infected file, emailing confidential information, or disabling their anti-virus, to name a few.

So what is a company to do? While there is no surefire way to keep end users from making mistakes, you can dramatically reduce the number of problems by creating an acceptable use policy (AUP) and training your employees on what is and what is NOT acceptable behavior.

But if you want your employees to actually adhere to your security policies, here are a few tips:

  • Keep it simple. A long, confusing policy that looks like a legal document is about as easy to read as the instruction manual for your digital camera. Make the policies clear and easy to read. Give examples and include screen shots where necessary.
  • Provide group training. Many companies make the mistake of distributing their AUP by e-mail and telling employees they must read it on their own. This gives the employees the option of NOT reading and simply signing and submitting. You don’t need hours of classroom training but a simple 15 or 20-minute session will force even the most reluctant users to learn a thing or two.
  • Keep employees updated. To add to the above tip, make sure you update employees on a regular basis to keep the policies fresh in their minds and to educate them about new threats.
  • Explain the consequences of not following the policy. This is both explaining the negative effects to the business as well as disciplinary actions that will be taken if they refuse to follow policy. Occasional violators should be warned, and habitual violators should be disciplined.
  • Monitor their behavior. The best policy in the world won’t work if it’s not enforced. There are many tools on the market that can do this for you automatically.

Need Help In Creating An Acceptable Use Policy and Training Your Staff?
Not only can we help you create a customized acceptable use policy for your staff, but we can also provide training on the topic and even install network monitoring software to make sure it is enforced, and that your
policy is working.

Call us at 734-457-5000 or visit us online at www.MyTechExperts.com for more info!