Security

Convenience And Security: The New Face Of Two-Factor Authentication

July 31, 2014

Michael Menor is Vice President of Support Services for Tech Experts.

Security may be part of an IT professional’s daily world, but these days consumers are just as concerned about protecting their privacy online. It’s no surprise that many businesses are trying to boost their brand image and differentiate themselves from their competitors by promising superior security.

Yet there’s one security action that many of them could take and don’t: two-factor authentication. We all know that online authentication issues can cost both businesses and consumers a high price through cyber-attacks, online fraud and identity theft.

Two-factor authentication has always been a strong solution in mitigating these attacks. By offering secure login, it protects company reputations and provides consumers with an added layer of security during online purchases, personal banking and other digital transactions.

So why aren’t more organizations implementing it? In a word: inconvenience. Businesses are afraid of annoying their buyers by demanding multiple passwords or asking them to take an extra action that might spur them into abandoning the sale.

In a landscape where catering to customer wishes is a common business mantra, risking customer irritation seems dangerous. After all, this is the digital age where consumers expect everything to go faster and smoother and easier online, whether they’re checking email, watching a video or doing their holiday shopping.

Of course, it’s also the age of digital crime. Two-factor authentication might seem user unfriendly at the outset, but ultimately it’s in the consumer’s best interest.

Still many organizations, including those with sensitive information to protect, hesitate to use it. I ran into this recently during a security discussion with a financial institution.

When one of its top executives and I discussed ways to protec their customers online, I asked if the company used two-factor authentication. The executive shook his head and told me the business didn’t want to inflict that “inconvenience” on their customers.

It’s a classic quandary that many organizations find themselves in: they want to offer their customers the utmost in digital security, but worry that if they make that security too complicated or inconvenient, they won’t have customers to protect.

Caught between the Scylla of risk and the Charybdis of inconvenience, these organizations have mostly chosen to forgo two-factor authentication and accept the risk on behalf of their customers.

Luckily there are some new innovations that are solving this very issue, including a unified two-factor authentication protocol in the works, and technologies that manage to sidestep the inconvenience issue.

Next Gen Authentication
It’s worth noting that two-factor authentication is required by the Payment Card Industry Data Security Standard (PCI DSS) for secure remote connectivity.

This is understandable, when you consider the rising number of website and retailer breaches where the hackers obtain buyer addresses, credit card numbers and other highly sensitive information.

But two-factor authentication isn’t just for eCommerce and financial institutions. As the digital health movement surges in popularity, it can be an excellent safeguard for patient Web-based apps as well.

In fact, two-factor authentication looks more and more like a smart security measure for pretty much any process that requires user authentication.

There may be plenty of password-cracking tools on the market, but in theory, even a successful crack won’t get a hacker into an account – not with the second form of authentication stopping him. This is why two-factor authentication continues to be an ongoing quest for many innovative companies out there.

Take OAuth, a popular protocol that provides a reference architecture for universal strong authentication across all users and devices over all networks. There are also cloud-based tools that seamlessly integrate into existing application login workflows using a robust API that works with smartphones and multiple platforms.

Not all two-factor authentication tools are perfect, of course. SMS-based techniques such as texting to reset passwords are compromised on a regular basis, either through malware on the phone or other vectors.

Ultimately hardware is the safest way to go, as seen in several clever two-factor solutions. For instance with some tools, users log in with their usernames and passwords, then activate their second factor by pressing a button on a USB device, which quickly enters a one-time password that is usually only good for a matter of seconds.

Each previous password is invalidated, so that even if a hacker records it, it’s worthless for all future access. Some of the hardware is engineered to work with NFC-enabled smart phones, allowing mobile security without the risk of traditional SMS two-factor authentication.

From cumbersome to convenient
It should be obvious by now that the face of two-factor authentication has changed. The days of burdensome multiple login steps and passwords are over. New two-factor technologies offer speed and convenience to users; brands can assure customer safety during online payments and activities without requesting additional action.

In short, it’s the kind of layered security demanded in these attack-prone times. Let’s hope organizations will look beyond the more primitive two-factor offerings of the past, and embrace new technologies that can provide customers with the protection they deserve.

(Image Source: iCLIPART)

Seven Smart Tips To Secure Your Business Network

June 30, 2014

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Hackers are constantly on the lookout for digital data they can use to make a profit, either by stealing money electronically or by selling the information to third parties.

Therefore, it is important to protect your precious data; here are seven tips to get you started:

Policies
Your staff is the front line of defense against hackers. Human error is one of the leading causes of data security breaches, so you need to have policies in place to ensure your employees are promoting the security of your network while working.

Strong passwords
People generally opt for simple easy-to-remember passwords that hackers can easily crack.

A simple “dictionary attack” (using an automated tool that uses a combination of dictionary words and numbers to crack passwords), is sufficient to uncover many passwords.

On the other hand, coming up with a complicated password and saving it to your computer as opposed to writing it down is a simple but very effective way to prevent hacks.

Multi-factor authentication
It is highly advisable to establish multiple layers of technology dedicated to security that you would apply to all your devices, including desktops, mobile devices, file servers, mail servers and network end points.

Multiple security blocks hacking attacks and alerts you to any problems beforehand so you can take the appropriate measures.

Data encryption
Encryption is yet another great security tool that you can use to protect your data. For instance, if your hard disk is stolen or your USB drive is lost, anyone trying to access your data would be unable to read it if it is encrypted.

Backup
Security makes up half of your data protection, while a proper backup strategy makes up for the other half.
Even with great security, you need to be able to recover your data if you have a failure. Back up often, and remember to test the backup regularly.

Audit
You need to identify the vulnerable areas of your network or which data needs to be protected.

Your entire IT infrastructure, including your computers, mobile devices and network should be audited by a professional IT specialist to determine the appropriate steps to prevent hackers from accessing your data.

Managed services
Managed services are an alternative and highly-effective approach for achieving the best possible security, including backup and recovery.

Many small businesses are unable to adequately meet the daunting and expensive task of securing their data.

With a managed-service provider specialized in data security, you get the benefit of professional services and skills without having to hire an in-house security expert, thus cutting on costs. In addition, you get access to the latest security technology and support professionals.

(Image Source: iCLIPART)

What Happens To Stolen Data After A Breach?

June 30, 2014

Data breaches have become so common that virtually everyone has been impacted by a breach in some way. Breaches at big retailers make the news, and replacement credit cards ominously arrive in the mail from our banks.

However, there is a lot more to most data breaches than meets the eye, as is the case with more traditional robberies, the theft of data is often just the beginning of the crime. If criminals can’t use or sell stolen data without being caught, then the data quickly becomes worthless. As a result it’s critical to understand what happens to data after a breach.

Understanding the Criminal Infrastructure
While “hacktivist” groups will periodically expose data to further an ideological cause, the vast majority of breaches are perpetrated by criminal groups focused on financial profit. Since very few of these attacks result in the direct theft of currency, criminals need a way to turn their stolen data into money.

Even in the simple case of stolen credit card information, criminals either need to sell the cards to other criminals or use the cards directly to commit fraud. In either case, the card data itself is a precursor to future fraud.

This may seem incidental at first, but there are important consequences. Specifically, the ability to monetize stolen data requires a very different set of skills than those needed to breach a network in the first place.

A network breach can be a relatively targeted operation perpetrated by a few attackers. However, once a breach is successful, the scale of the operation changes entirely. Whether the stolen data is personally identifiable information (PII), payment card data, or login credentials, the attackers face a challenge of scale. Millions of individual records need to be monetized either by reselling them or using the data directly for profit.

The sheer volume of data makes it impractical to do these tasks manually, and this is where cybercriminals need help. In most cases help arrives in the form of botnets that can automate the processing of individual records, and a larger ecosystem of organized crime that can consume the stolen data. Here are a few examples.

Direct Financial Fraud
Payment card breaches such as the recent attack against Target have obvious financial impacts and motivations. Yet while it is relatively simple for a criminal to derive value from an individual stolen credit card, doing the same for millions of cards is another thing entirely.

This is where the larger criminal ecosystem comes into play. The attackers behind the breach will sell the stolen card data to brokers, who in turn sell cards in batches to lower level criminals who use the data to either buy goods online or print cards to be used in physical stores.

This ecosystem shares a common problem in that stolen credit cards have a very limited shelf-life. As soon as it becomes apparent that a specific merchant has been compromised (Target for example), all of the compromised cards will be quickly deactivated.

This means that freshly stolen and active cards are highly valuable ($100 or more), while older cards can be worth pennies. This is a serious spread, and criminals need to know which sorts of cards they are buying, and the state of the cards they are holding.

To address this challenge, criminals will periodically test a subset of their cards by using them to make small online purchases. Attackers can drop a few hundred credit cards into a botnet programmed to make small purchases, and quickly determine the percentage of cards that are active and working.

Oddly enough, charities such as the Red Cross are a common recipients of these charges because they commonly receive small donations, and the purchase is unlikely to raise red flags with the consumer. Disrupting these validation steps could provide an interesting way to devalue the black-market price of stolen cards, and make the attacks less profitable for an attacker.

Stolen Credentials
End-user credentials (usernames and passwords) are another common target of attackers, and can provide considerable long-term value for additional attacks and fraud.

Unlike payment cards, there are no centralized authorities to deactivate compromised usernames and passwords in the event of a breach. A website that is compromised may lock out affected users so that they have to change their passwords, but there is nothing keeping an attacker from using the stolen credentials at other sites.

A 2011 study from PayPal unsurprisingly found that 60% of users reuse passwords at multiple sites, meaning that a breach at one site can easily spider out to other sites around the Internet.

In order to find sites where credentials are re-used, attackers again turn to botnets in what are called credential stuffing attacks. In these attacks, stolen credentials are fed into distributed botnets, which in turn slowly and deliberately test those credentials against high-value websites.

These attacks can afford to be patient, and will slowly test logins from many different IP addresses to avoid rate and reputation-based triggers that could expose the attack.
This strategy can transform a seemingly innocuous breach into something far more serious. If an attacker is able to take-over a victim’s account on an e-commerce site, they could easily commit fraud in the victim’s name.

Such fraud may take longer to identify because the attacker is using the victim’s real account and from a site that the victim is known to use.

Credentials to social media sites are also highly valuable, enabling an attacker to easily impersonate the victim and infect his or her social networks.

Likewise, compromised personal webmail accounts can be a goldmine for an attacker. Such access not only provides the attacker insight into the victim’s identity, but can also be key to breaking into additional online accounts.

Most sites and applications have an option to reset or resend a user’s password to the email address on file. If the attacker has access to the victim’s email account, he can again use a botnet to proactively find online accounts where that email is used, and then obtain or reset the victim’s password.

These are just a few examples, but it serves to illustrate why it’s important for security teams to consider the lifecycle of stolen data.

In order to monetize a breach, attackers often need to go through additional steps, and this provides additional opportunities to mitigate the effects of a breach.

Likewise, companies can insulate themselves from the impacts of breaches elsewhere on the Internet by knowing how criminals attempt to automatically use stolen data.

This of course won’t prevent breaches from happening in the future, but it certainly is possible to mitigate the damage.

(Image Source: iCLIPART)

Why Is Network Security Important For Your Small Business?

May 30, 2014

Network security is very important to all networks big or small. The purpose of network security is to prevent loss, through the misuse of data.

There are a lot of issues that can arise when network security is not properly implemented and maintained, a few issues include, but are not limited, to the following: data destruction, data manipulation, and breach of confidentiality.

The most important layer of security is physical security, this should be the first line of defense for any network. An organization can have all the access rules, logical security policies, and Intrusion Detection Systems (IDS) in place, but nothing beats being protected at the physical level.

One of the simplest steps is to lock the door, for example the server room or network closet should have a physical door and lock that secures it. This can also include any items that may be vulnerable to theft or physical damage.

Another form of physical security can be having surveillance cameras monitoring the premises. This gives an organization that extra sense of security, especially after hours.
Earlier we discussed ways to secure the physical network, but what about the logical network? You do not want to be on a network that does not challenge you for logon credentials to access systems.

This is where authentication and password security comes into play. Securing a network with usernames and passwords can prevent unauthorized access to data and also provide measures that prevent unauthorized changes of systems.

System administrators can also implement a password complexity policy, which requires users to have passwords that are of a certain length, and contains a combinations of alphanumeric and special characters. It is also wise for users not to use any personal identifying characters in their passwords because this is usually the first things hackers look into.

The Internet is not a secure place, viruses pose a big security risk to a computer network because there are so many out there. Without antivirus protection, a computer can get infected and may even infect other computers on the same network.

Depending on the purpose, or payload, of the virus, the viruses’ creator may have designed the virus to steal or delete information, render a system useless by using all resources, or even use the computer as part of a botnet. Antivirus software provides protection against most, but not all viruses.

Not only should users frequently update and scan their computers for viruses, but they must also be smart when browsing the Internet because many viruses can disguise themselves as legitimate software.

Firewalls are a great way to control the internal network traffic and also incoming traffic from the Internet.

While antivirus protection helps to protect a computer from potentially unwanted programs and viruses, a firewall can help to control network access into a computer system.

There are two types of firewalls: software- and hardware-based firewalls. Both provide similar functions, but it is best to implement a hardware firewall because it gives a system administrator the ability to make changes to a system as a whole, rather than at individual systems, or endpoints.

Within the firewall there are policies which allow or deny traffic based on the needs of the network. The most secure policy is a restrictive policy which denies all network traffic, this policy only allows essential network traffic to traverse the firewall.

If you have any questions about your network security give us a call at the office, (734) 457-5000, or email info@mytechexperts.com.

(Image Source: iCLIPART)

Spring Cleaning Tips for Your Home and Office Computers

May 30, 2014

Spring is a good time to get some cleaning done in your home as well as your office. Here are few tasks and tips you should check off your list, if you own a small business or if you simply are a computer user:

Back up your files
You should make it a routine and regularly back up your important files to the cloud or into an external hard drive. Delete old unnecessary emails and archive important ones. This will make it easier to locate specific email chains and will open up the storage space in your computer.

Update your security settings
You may assume that your home or small business or PC is too small a target for hackers, but that is simply not the case.
Internet security statistics show that hackers are targeting businesses with fewer than 250 employees due to the fact that it’s generally easier to hack into small businesses and home users.

As a rule, assume that any valuable information you have is at risk, and ensure you install the latest security patches and updates whenever they become available.

Take advantage of mobile technology
Research indicates that small businesses that do not accept mobile payments could be losing up to 1 trillion dollars annually. Many small business owners realize the potential of mobile technology, but 91% of them still don’t have mobile-optimized websites. If your business is not yet mobile friendly, it is important to start thinking about upgrading your services.

Go paperless
Going paperless will significantly reduce paper clutter and will minimize the time needed for spring cleaning. There are many affordable solutions you could adopt which allow you to maintain and organize critical business documents.

Manual clean-up
Your hardware and peripherals also need to be cleaned, so take some time to clean your keyboards, screen monitors and to check the batteries in your mouse or wireless keyboards. Also, remember to clean your printer and check whether or not you have installed all the required updates from the manufacturer and that all its parts work seamlessly.

(Image Source: iCLIPART)

Does Your Organization Have A Security Program?

April 29, 2014

No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a security program by information security professionals.

Whether yours is five or 200 pages long, the process of creating a security program will make you think holistically about your organization’s security.

A security program provides the framework for keeping your company at a desired security level by assessing the risks you face, deciding how you will mitigate them, and planning for how you keep the program and your security practices up to date.

Think you don’t have anything of value to protect? Think again. The key asset that a security program helps to protect is your data – and the value of your business is in its data.

You already know this if your company is one of many whose data management is dictated by governmental and other regulations — for example, how you manage customer credit card data (PCI Compliance) or even how you handle sensitive patient information (HIPAA). If your data management practices are not already covered by regulations, consider the value of the following:

Product information, including designs, plans, patent applications, source code, and drawings.

Financial information, including market assessments and your company’s own financial records.
Customer information, including confidential information you hold on behalf of customers or clients.

Protecting your data means protecting its confidentiality, integrity, and availability. Also known as the C-I-A triangle. The consequences of a failure to protect all three of these aspects include business losses, legal liability, and loss of company goodwill. Consider the following examples:

Failure to protect your data’s confidentiality might result in customer credit card numbers being stolen, with legal consequences and a loss of goodwill. Lose your clients’ confidential information and you may have fewer of them in the future.

A data integrity failure might result in a Trojan horse being planted in your software, allowing an intruder to pass your corporate secrets on to your competitors. If an integrity failure affects your accounting records, you may no longer really know your company’s true financial status.

Having a security program means that you’ve taken steps to mitigate the risk of losing data in any one of a variety of ways, and have defined a life cycle for managing the security of information and technology within your organization.

Hopefully the program is complete enough, and your implementation of the program is faithful enough, that you don’t have to experience a business loss resulting from a security incident. If you have a security program and you do experience a loss that has legal consequences, your written program can be used as evidence that you were diligent in protecting your data and following industry best practices.

Getting started in the right direction
It doesn’t matter whether your security program is five pages or 200 pages long. The important thing is that you have a security program and that you use it to address your company’s security in an organized, comprehensive, and holistic way. You can adapt the above elements to create a security program for your organization, or, if you need help, give us a call at (734) 457-5000.

Everyone needs to have a security program because it helps you maintain your focus on IT security. It helps you identify and stay in compliance with the regulations that affect how you manage your data. It keeps you on the right footing with your clients and your customers so that you meet both your legal and contractual obligations. Its life cycle process ensures that security is continuously adapting to your organization and the ever-changing IT environment we live in. And, of course, it’s the right thing to do because protecting your data’s security is the same as protecting your most important asset.

(Image Source: iCLIPART)

Online Banking: Safety And Security Precautions

January 17, 2014

by Jeremy Miller, Technician
There are many avenues of attack when banking online safely. Many people simply use a computer that is attached to the Internet with little to no precautions at all. Some bank online even if they know there are issues with their computer or virus infections on their computer.

I will cover three levels of precaution that you can take to ensure your online banking information stays secure: simple, advanced, and paranoid. As the level of precaution increases, it will be more time consuming and difficult but worth it if you want to keep your online banking experience safe and secure.

Simple Precautions
To keep your information secure you must make sure that your computer is fully up-to-date with all Windows Updates and other software patches. Software vendors like Microsoft release security patches regularly to close exposed security holes in their software. Without patching hackers can use known-vulnerabilities to attack your computer.

Next you must make sure that you have anti-virus software installed and it is up-to-date with the latest virus definitions. You must also have your anti-virus run scans regularly to make sure the computer is clean of any known infections.

You should always look in the Uniform Resource Locator (URL) bar to make sure the web address you are accessing is the correct one. Also make sure that the first five characters are HTTPS.

This will ensure that your traffic is encrypted, which will make your entire web traffic look like gibberish. If your first characters are only HTTP and not HTTPS then hackers would be able to read your password in plain text.

Lastly, you must only do online banking from trusted-networks like your home network or in some cases your work network. Anyone else attached to your network has the possibility to access your bank information if they have the know-how.

To be sure you are on a secure network, you should not use online banking from public or free networks that anyone can access. When you do this you ensure that only you and your Internet Service Provider (ISP) can view your online traffic.

This will also protect you from man-in-the-middle attacks (MITM).These attacks are when a hacker is in between you and your target destination usually a router. Hackers using MITM attacks will be able to see all unencrypted traffic.

Advanced Precautions
You must ensure you are implementing all simple precautions, including a few more steps you can take to up your protection level.

Run a full virus scan before accessing your online bank account each time. Your system will be clear of known infections, plus it gives you significantly less risk of an infection since your last scan. A full scan looks at every file on your computer and checks it against a known virus database.

You can also configure Windows Firewall to prompt you before allowing traffic in or out of the computer, or you can install a software-firewall to scan your active Internet traffic.

The firewall will prompt you with pop-ups to ask if specific connections are allowed. This will allow you to approve or deny all traffic on your computer. Usually firewalls have different settings to allow you to choose the level of security this firewall will provide.

Paranoid Precautions
This is the most secure of the three and implements the previous precautions. It would be best to boot to a new operating system every time you need to access your online bank account. You need to know how to change your computers boot order and how to create a bootable USB drive or disk.

There are a number of free operating systems that you can load onto a disk or USB drive. WinPE will allow you to boot into a portable version of Windows. This will be a clean installation with no additional software installed.

You can also use the more widely available bootable Linux distributions as a clean bootable operating system to access your bank information. Ensure you are getting your distribution from a reputable vendor.

Most Linux distributions are free. Downloading a reputable vendor will ensure that there isn’t malicious software pre-loaded into the operating system.

If you are interested in enjoying a safer browser experience you can contact us and we can answer any questions or concerns as well as help you implement any of these precautions.

(Image Source: iCLIPART)

One Last Time… How Important Are Small Business Backups?

December 30, 2013

tlfheadshot_web — Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Last month, I shared with you my personal experience with local search and how it impacted the surgery my dog Daisy needed. This month, I’m going to share with you my personal experience with the importance of offsite backups.

Earlier this month, we had a pretty bad fire at the house. Everyone got out ok, including Daisy and Bailey, but the damage is incredible. We’re living in a condo for the next six to nine months while the house is repaired.

The fire started in the center of the house, where all of my networking equipment is located, including my Fortinet router and my Western Digital network attached storage (NAS) device.

I use the NAS primarily to store old tax information, backups of my Quickbooks files, backups of my extremely important pictures from Michigan Football games, and other personal information.

The Fortinet, NAS and everything else that was in that room are completely destroyed – all that remains is a charred mess of plastic connected together by the thin copper wire that used to be Ethernet cable.

As is always the case, the fire was completely unexpected. And, it happened so fast that we had just enough time to get ourselves and the dogs out. There was no time to save network equipment, much less anything else.

And that’s the important thing to take from this. No matter how convinced we are that “it could never happen to me,” it’s our responsibility as business owners to be prepared for any eventuality.

Fortunately, all of my personal data is protected by the same industrial strength backup solution we use for our business clients – our Experts Total Backup service.

All of my files and documents were backed up to the Tech Experts cloud servers, and nothing was lost. Our Experts Total Backup service works quietly in the background, compressing and encrypting your files before sending a copy of them to the backup server in the cloud.

A few days after the fire, once things settled down, it took just a few hours to copy everything down from the cloud and onto a new NAS unit.

So, what’s the take away from all of this? Expect and prepare for the unexpected. If I didn’t have an offsite backup for my data, I would have lost a ton of information, but none of it mission critical (except, perhaps, my U of M football pictures).

A similar disaster at a small business would be catastrophic in the best instance, and deadly if the company didn’t have offsite backups.

And as I’ve written many times before, your business’s backup is only as good as the last time you tested it.

Whether your backup is onsite using tape or other removable media, or offsite using a service like Experts Total Backup, you must routinely test and verify your backups.

Thanks!
Everyone around me has pitched in to help, but a few folks have gone above and beyond.

Leski Insurance Agency and MEEMIC Insurance Company (734-242-6759) have been incredible.

The Frenchtown Fire Department was on-scene in minutes.

Annette Perna-Taormina from Gerweck Real Estate took literally one day to find us a temporary place to live. Call her for your real estate needs at (734) 243-4200.

Finally, friends Michele Paled, Marlene Messina, Tammi VanAken, Candie Mulligan, Kim Harper, and my mother Carol have been incredibly helpful and supportive.

Data Security: Why You Should Be Concerned

December 30, 2013

by Michael Menor, Network Technician
All businesses, big or small, have client data which is the life blood of their company. Losing this data can prove deadly; even worse having this data held hostage.

The purpose of this article is to explain the importance of data security with encryption and also viruses like CryptoLocker which purposely encrypts your data and requests that you pay a ransom to release this data. This nasty little virus is no joke, many companies have fallen prey to it and have paid the ransom which ranges anywhere from $300 and upwards to $2000.

Let’s talk about this CryptoLocker virus. “What is it?” you ask. This is a piece of ransomware that targets computers with the Windows operating system. This virus is spread as an email attachment and has been seen to pose itself as a voicemail message.

Once CryptoLocker is installed on your computer, it encrypts all documents on your local computer, as well as ones that are stored on network drives and external storage. The encryption used is strong, 2048-bit, cracking this level of encryption is impossible.

It would take approximately 6.4 quadrillion years to break. Even if you were using a super computer it would take a very long time to break.

Hard drive encryption should be the first step in ensuring data integrity. Microsoft has their own encryption technology called BitLocker, which is only available on Windows Enterprise and Ultimate editions.

TrueCrypt is a free alternative. The only problem with this is that once you authenticate the drive that is secured with either software, it is ready for use and allows the user to freely read and write to the drive. Which in turn lets other programs on the computer do the same.

In regards to TrueCrypt, it has no supporting management infrastructure, and no key recovery system. If you forget your password, or something goes wrong with the TrueCrypt file, there is no way to get your data back. You must therefore keep separate backups. Another alternative to hard drive encryption is backing up your important data to the Cloud. You don’t have to worry about maintaining a storage server or carrying around an external hard drive. Everything is available to you wherever you go as long as you have an Internet connection.

Talking about all this data security will not stop the standard user from opening email attachments without verifying the sender of this file. Having proper net etiquette training can be very useful, you want your employees to understand the risks of these attachments and the possible risks involved when they’re viewing their email or even browsing the Internet.

Before users open any email attachments they should ask themselves. Is the email address trusted? Were you expecting an email from them? Is the spelling and grammar consistent with what you’d expect from the sender?

Security Expert, Nick Shaw has created software that can prevent CryptoLocker. This software prevents CryptoLocker from ever executing and has been proven to work on Windows XP and Windows 7 workstations.

Contact us for more information on how to prevent viruses or if you have any questions regarding data security and backups.

How You Can Benefit From An Annual Security Assessment

October 18, 2013

by Jeremy Miller, Technician
Most companies have an IT service provider or an IT department to take care of all of the IT needs of the company.

These technicians can easily address any issues that arise. Most issues are not addressed until they become known and are reported to the IT service provider either from the person having the issue or monitoring software they have installed.

It is best to have your IT service provider run an assessment once or even better twice a year.

This can make you and your IT provider aware of any security issues that are not easily monitored or would cost too much to monitor.

A security audit can be implemented for a number of reasons.

Some organizations are required to have them if the information they are using needs to be secure based on a compliance standard such as HIPPA or PCI.

Every day new vulnerabilities are discovered and it is too time consuming to test every device on every network for each security risk that is discovered as they are discovered.

This is where the security audit shines; it can be used to check for any known vulnerability on every device on your network.
Even with all of the security software commonly installed on all business computers such as anti-virus, service checks, and patch management there can still be security risks running behind the scenes that can be detrimental to your company.

A security assessment can let you know if any software is using an insecure port to an employee’s malicious actions.

It can show you if an application is using more bandwidth than it should, which may be causing other issues on your network.

Security assessments are the best tools to test for data leakage. Data loss is every businesses problem. Significant data loss causes a business to fail almost 70% of the time.

There are other times beside annually that it is good to get a security assessment. It would be best to get them before and after changing IT providers.

It is good to get one after any large installation or migration. This can be a business application, hardware such as new computers or a new server or even a physical migration such as moving to a new location or building an addition.

Security assessments are increased in effectiveness when you run a baseline security assessment. A baseline security assessment is when you run an assessment before you do any changes to your current IT setup.

This will let you know where you are before any changes are made. You can then have a comparison to verify that your security is improving.

A baseline security assessment will also let you know what vulnerabilities you need to address. Some of these vulnerability issues can be quite costly to repair and are great to plan for.

The sooner you get an assessment the sooner you will be able to make informed decisions based on your actual network risks security requirements.

Everyone’s security needs are different; we can assist you with any questions or concerns that you may have about security assessments.

« Previous Page