Tag: security

5 Ways business security is flawed

Business owners and managers are becoming increasingly worried about the security of their systems and networks. While the vast majority have implemented some form of security, this may not be enough. In fact, we have helped a number of businesses with flawed security measures in place. The issue is, how do you know if your security is working sufficiently? Here are five common security flaws you should be aware of.

1. Open wireless networks

Wireless networks are one of the most common ways businesses allow their employees to get online. With one main Internet line and a couple of wireless routers, you can theoretically have the whole office online. This method of connecting does save money, but there is an inherent security risk with this and that is an unsecure network.

Contrary to popular belief, simply plugging in a wireless router and creating a basic network won’t mean you are secure. If you don’t set a password on your routers, then anyone within range can connect. Hackers and criminal organizations are known to look for, and then target these networks. With fairly simple tools and a bit of know-how, they can start capturing data that goes in and out of the network, and even attacking the network and computers attached. In other words, unprotected networks are basically open invitations to hackers.

Therefore, you should take steps to ensure that all wireless networks in the office are secured with passwords that are not easy to guess. For example, many Internet Service Providers who install hardware when setting up networks will often just use the company’s main phone number as the password to the router. This is too easy to work out, so changing to a password that is a lot more difficult to guess is makes sense.

2. Email is not secure

Admittedly, most companies who have implemented a new email system in the past couple of years will likely be fairly secure. This is especially true if they use cloud-based options, or well-known email systems like Exchange which offer enhanced security and scanning, while using modern email transition methods.

The businesses at risk are those using older systems like POP, or systems that don’t encrypt passwords (what are known as ‘clear passwords’). If your system doesn’t encrypt information like this, anyone with the right tools and a bit of knowledge can capture login information and potentially compromise your systems and data.

If you are using older email systems, it is advisable to upgrade to newer ones, especially if they don’t encrypt important information.

3. Mobile devices that aren’t secure enough

Mobile devices, like tablets and smartphones, are being used more than ever before in business, and do offer a great way to stay connected and productive while out of the office. The issue with this however is that if you use your tablet or phone to connect to office systems, and don’t have security measures in place, you could find networks compromised.

For example, if you have linked your work email to your tablet, but don’t have a screen lock enabled and you lose your device anyone who picks it up will have access to your email and potentially sensitive information.

The same goes if you accidentally install a fake app with malware on it. You could find your systems infected. Therefore, you should take steps to ensure that your device is locked with at least a passcode, and you have anti-virus and malware scanners installed and running on a regular basis.

4. Anti-virus scanners that aren’t maintained

These days, it is essential that you have anti-virus, malware, and spyware scanners installed on all machines and devices in your company and that you take the time to configure these properly. It could be that scans are scheduled during business hours, or they just aren’t updated. If you install these solutions onto your systems, and they start to scan during work time, most employees will just turn the scanner off thus leaving systems wide-open.

The same goes for not properly ensuring that these systems are updated. Updates are important for scanners, because they implement new virus databases that contain newly discovered malware and viruses, and fixes for them.

Therefore, scanners need to be properly installed and maintained if they are going to even stand a chance of keeping systems secure.

5. Lack of firewalls

A firewall is a networking security tool that can be configured to block certain types of network access and data from leaving the network or being accessed from outside of the network. A properly configured firewall is necessary for network security, and while many modems include this, it’s often not robust enough for business use.

What you need instead is a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like us, in order for them to be most effective.

How do I ensure proper business security?

The absolute best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures in place and the systems are set up and managed properly. Tech peace of mind means the focus can be on creating a successful company instead. Contact us today to learn more.

Published with permission from TechAdvisory.org. Source.

Cloud and data breach prevention

Today’s technology advancement has one obvious parallel: increasing security threats. One such issue which has been growing both in number and intensity is data breach. And while many businesses have turned to the cloud in the hope of improving security, there is still a chance of a collision between data breaches and cloud usage. But don’t panic just yet, there are measures you can take to avoid the headache of a cloud and data security breach.

The cloud opens up some great tech advancements for businesses and is here to stay. However, as with all tech developments, you need to also be aware of any vulnerabilities and security issues as they change and develop at the same time too. If you use the cloud and want to proactively prevent cloud-and-data security breaches then here are five tips to follow:

Know your cloud apps: Get a comprehensive view of the business readiness of apps and which ones render you more or less prone to a breach. Ask yourself these questions: Does an app encrypt data stored on the service? Does it separate your data from that of others so that your data is not exposed when another tenant has a breach? The idea here is to know exactly what each cloud service employed offers and how your company uses them.
Migrate users to high-quality apps: Cloud-switching costs are low, which means that you can always change and choose apps that best suit your needs. If you find ones that don’t fit your criteria, take the time to talk to your vendor or switch; now more than ever you have choices, and the discovery process in step one will help you find out what these are.
Find out where your data is going: Take a look at your data in the cloud. Review uploads, downloads, and data at rest in apps to get a handle on whether you have potential personally-identifiable information (PII), or whether you simply have unencrypted confidential data in or moving to cloud apps. You wouldn’t want cloud-and-data breaches with this critical data.
Look at user activities: It’s important to understand not only what apps you use but also your data in the context of user activity. Ask yourself: From which apps are people sharing content? According to tech news source, VentureBeat, one-fifth of the apps they tracked enable sharing, and these aren’t just cloud storage apps, but range from customer-relationship management to finance and business intelligence. Knowing who’s sharing what and with whom will help you to understand what policies to best employ.
Mitigate risk through granular policy: Start with your business-critical apps and enforce policies that matter to your organization in the context of a breach. For example, block the upload of information covered by certain privacy acts, block the download of PII from HR apps, or temporarily block access to vulnerable apps.

The key to preventing a cloud-and-data security breach lies in careful attention to your cloud applications and user activity. Analyzing your apps and looking into user activities might be time consuming, but the minimization of cloud-and-data security breaches makes this task worthwhile. Looking to learn more about today’s security? Contact us and let us manage and minimize your risks.

Published with permission from TechAdvisory.org. Source.

2014sep15_security_b Cloud Security cloud security from data breach data breach security QS_3 security security from cloud data breach

What’s juice jacking?

Everyone today seems to be constantly relying on their smartphones to help complete daily tasks which has resulted in the need to recharge subsequently increasing. And when you’re far from your charger, public charging kiosks can seem like a good substitute. However, this can lead to juice jacking of your smartphone. If this is news to you then let’s find out what juice jacking is and how you can avoid it.

What’s juice jacking?

Regardless of the kind of smartphone you have, whether it’s an Android, iPhone or BlackBerry, there is one common feature across all phones: the power supply and the data stream pass over the same cable. This setup allows for juice jacking during the charging process whereby user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.

The attack can be as simple as an invasion of privacy, wherein your phone pairs with a computer concealed within the charging kiosk and information such as private photos and contact information are transferred to a malicious device. However, on the other hand, it can also be as invasive as an injection of malicious code directly into your phone. According to security researchers at this year’s Black Hat security conference, your iPhone can be compromised within one minute of being plugged into a harmful charger.

Exposure to a malicious kiosk can also create a lingering security problem even without the immediate injection of malicious code. Once a device is paired to a computer, it can access a host of personal information on the device, including your address book, notes, photos, music, sms database, typing cache, and even initiate a full backup of your phone, all of which can be accessed wirelessly at anytime.

How do I avoid it?

The most effective precautions center around simply not charging your phone using a third-party system. Here are some tips to help you avoid using public kiosk charger:

Keep your devices topped off: Make it a habit to charge your phone at your home and office when you’re not actively using it or are just sitting at your desk working.
Carry a personal charger: Chargers have become very small and portable, from USB cables to power banks. Get one and throw it in your bag so you can charge your phone anytime you’re at the office or while on-the-go if you use a power bank.
Carry a backup battery: If you’re not keen on bringing a spare charger or power bank, you can opt to carry a full spare battery if your device has a removable battery.
Lock your phone: When your phone is truly locked as in inaccessible without the input of a pin or equivalent passcode, your phone should not be able to be paired with the device it’s connected to.
Power the phone down: This technique only works on phones on a model-by-model basis as some phones will, despite being powered down, still power on the entire USB circuit and allow access to the flash storage in the device.
Use power only USB cables: These cables are missing the two wires necessary for data transmission and have only the two wires for power transmission remaining. They will charge your device, but data transfer is made impossible.

Even the tiniest detail like charging your phone from a kiosk charger could affect the security of your device. While there are many substitutes to using a third-party system, ultimately the best defense against a compromised mobile device is awareness. Looking to learn more about today’s security and threats? Contact us today and see how we can help.

Published with permission from TechAdvisory.org. Source.

2014sep02_security_b juice jacking QS_3 security Security issues security problems usb security what is juice jacking?

Russian hackers expose 1.2 B accounts

The idea of Internet security is almost always being called into question. It seems like nearly every month there is a security breach where important information like usernames and passwords are stolen. The trend appears to be increasing, with an ever expanding number of accounts being hacked. In early August, news broke of possibly the biggest breach to date.

The latest big-scale breach

In early August, it emerged that a Russian hacker ring had amassed what is believed to be the biggest known collection of stolen account credentials. The numbers include around 1.2 billion username and password combinations, and over 500 million email addresses.

According to Hold Security, the company that uncovered these records, the information comes from around 420,000 sites. What is particularly interesting about this particular attack is that such a wide variety of sites were targeted when compared this with other attacks which tend to either attack large brand names or smaller related sites.

How did this happen?

Despite what many believe, this was not a one-time mass attack; all sites that were compromised were not attacked at the same time. Instead, the hacker ring – called the Cyber Vor – was likely working on amassing this data over months or longer. How they were able to amass this much information is through what’s called a botnet.

Botnets are a group of computers infected by hackers. When the hackers establish a botnet, they attack computers with weak network security and try to infect them with malware that allows the hacker to control the computer. If successful, users won’t even know their computer has been hacked and is being used by hackers.

Once this botnet is established, the hackers essentially tell the computers to try to contact websites to test the security. In this recent case, the computers were looking to see if the websites were vulnerable to a SQL injection. This is where hackers tell the computers in the botnet to look for fillable sections on sites like comment boxes, search boxes, etc. and input a certain code asking the website’s database to list the stored information related to that box.

If the Web developer has restricted the characters allowed in the fillable text boxes, then the code likely would not have worked. The botnet would notice this, and then move onto the next site. However, if the code works, the botnet notes this and essentially alerts the hacker who can then go to work collecting the data.

So, is this serious and what can I do?

In short, this could be a fairly serious problem. While 420,000 sites may seem like a large number, keep in mind that the Internet is made up of billions of websites. This means that the chances of your website’s data being breached by this ring are small. That being said, there is probably a good chance that one of the sites related to your website may have been breached.

So, it is a cause for concern. However, you can limit the chance of hackers gaining access to your information and a website’s information.

1. Change all of your passwords

It seems like we say this about once a month, but this time you really should heed this warning. With 1.2 billion username and password combinations out there, there is a chance your user name for at least one account or site has been breached.

To be safe, change all of your passwords. This also includes passwords on your computer, mobile devices, and any online accounts – don’t forget your website’s back end, or hosting service. It is a pain to do, but this is essential if you want to ensure your data and your website is secure from this attack.

2. Make each password different

We can’t stress this enough, so, while you are resetting your password you should aim to ensure that you use a different one for each account, site, and device. It will be tough to remember all of these passwords, so a manager like LastPass could help. Or, you could develop your own algorithm or saying that can be easily changed for each site. For example, the first letter of each word of a favorite saying, plus the first and last letter of the site/account, plus a number sequence could work.

3. Test your website for SQL injection

If you have a website, you are going to want to test all text boxes to see if they are secure against SQL injection. This can be tough to do by yourself, so it’s best to contact a security expert like us who can help you execute these tests and then plug any holes should they be found.

4. Audit all of your online information

Finally, look at the information you have stored with your accounts. This includes names, addresses, postal/zip codes, credit card information, etc. You should only have the essential information stored and nothing else. Take for example websites like Amazon. While they are secure, many people have their credit card and billing information stored for easy shopping. If your account is hacked, there is a good chance hackers will be able to get hold of your card number.

5. Contact us for help

Finally, if you are unsure about the security of your accounts, business systems, and website, contact us today to see how our security experts can help ensure your vital data is safe and sound.

Published with permission from TechAdvisory.org. Source.

2014aug18_security_b account breach cyber vor attack QS_3 russian hacker ring security Security threats

5 ways systems can be breached

When it comes to business security, many small to medium business owners and managers often struggle to ensure that their systems and computers are secure from the various attacks and malware out there. While there are a million and one things you can do to secure systems, one of the most useful approaches is to be aware of common security threats. To help, here are five common ways your systems can be breached.

1. You are tricked into installing malicious software

One of the most common ways a system’s security is breached is through malware being downloaded by the user. In almost every case where malware is installed the reason is because the user was tricked into downloading it.

A common trick used by hackers is to plant malware in software and then place this software on a website. When a user visits the site, they are informed that they need to download the software in order for the site to load properly. Once downloaded, the malware infects the system. Other hackers send emails out with a file attached, where only the file contains malware.

There are a nearly limitless number of ways you can be tricked into downloading and installing malware. Luckily, there are steps you can take to avoid this:

Never download files from an untrusted location – If you are looking at a website that is asking you to download something, make sure it’s from a company you know about and trust. If you are unsure, it’s best to avoid downloading and installing the software.
Always look at the name of the file before downloading – Many pieces of malware are often disguised with file names that are similar to other files, with only a slight spelling mistake or some weird wording. If you are unsure about the file then don’t download it. Instead, contact us as we may be able to help verify the authenticity or provide a similar app.
Stay away from torrents, sites with adult content, and movie streaming sites – These sites often contain malware, so it is best to avoid them altogether.
Always scan a file before installing it – If you do download files, be sure to get your virus scanner to scan these before you open the apps. Most scanners are equipped do this, normally by right-clicking on the file and selecting Scan with….

2. Hackers are able to alter the operating system settings

Many users are logged into their computers as admins. Being an administrator allows you to change any and all settings, install programs, and manage other accounts.

If a hacker manages to access your computer and you are set up as the admin, they will have full access to your computer. This means they could install other malicious software, change settings or even completely hijack the machine. The biggest worry about this however, is if a hacker gets access to a computer that is used to manage the overall network. Should this happen, they could gain control over all the systems on the network and do what they please on it.

In order to avoid this, you should ensure that if a user doesn’t need to install files or change settings on the computer, they do not have administrator access. Beyond this, installing security software like anti-virus scanners and keeping them up to date, as well as conducting regular scans, will help reduce the chances of being infected, or seeing infections spread.

3. Someone physically accesses your computer

It really feels like almost every security threat these days is digital or is trying to infect your systems and network from the outside. However, there are many times when malware is introduced into systems, or data is stolen, because someone has physically had access to your systems.

For example, you leave your computer on when you go for lunch and someone walks up to it, plugs in a USB drive with malware on it and physically infects your system. Or, it could be they access your system and manually reset the password, thereby locking you out and giving them access.

What we are trying to say here is that not all infections or breaches arrive via the Internet. What we recommend is to ensure that you password protect your computer – you need to enter a password in order to access it. You should also be sure that when you are away from your computer it is either turned off, or you are logged off.

Beyond that, it is a good idea to disable drives like CD/DVD and connections like USB if you don’t use them. This will limit the chances that someone will be able to use a CD or USB drive to infect your computer.

4. It’s someone from within the company

We have seen a number of infections and security breaches that were carried out by a disgruntled employee. It could be that they delete essential data, or remove it from the system completely. Some have even gone so far as to introduce highly destructive malware.

While it would be great to say that every business has the best employees, there is always a chance a breach can be carried out by an employee. The most effective way to prevent this, aside from ensuring your employees are happy, is to limit access to systems.

Take a look at what your employees have access to. For example, you may find that people in marketing have access to finance files or even admin panels. The truth is, your employees don’t need access to everything, so take steps to limit access to necessary systems. Combine this with the suggestions above – limiting admin access and installing scanners – and you can likely limit or even prevent employee initiated breaches.

5. Your password is compromised

Your password is the main way you can verify and access your accounts and systems. The issue is, many people have weak passwords. There has been a steady increase in the number of services that have been breached with user account data being stolen. If a hacker was to get a hold of say your username, and you have a weak password, it could only be a matter of time before they have access to your account.

If this happens, your account is compromised. Combine this with the fact that many people use the same password for multiple accounts, and you could see a massive breach leading to data being stolen, or worse – your identity.

It is therefore a good idea to use a separate password for each account you have. Also, make sure that the passwords used are strong and as different as possible from each other. One tool that could help ensure this is a password manager which generates a different password for each account.

If you are looking to learn more about ensuring your systems are secure, contact us today to learn about how our services can help.

Published with permission from TechAdvisory.org. Source.

2014aug05_security_b common security breaches common security issues data breach QS_3 security security breach security tips

Tag: security

5 Ways business security is flawed

1. Open wireless networks

2. Email is not secure

3. Mobile devices that aren’t secure enough

4. Anti-virus scanners that aren’t maintained

5. Lack of firewalls

How do I ensure proper business security?

What’s juice jacking?

What’s juice jacking?

How do I avoid it?

Russian hackers expose 1.2 B accounts

The latest big-scale breach

How did this happen?

So, is this serious and what can I do?

1. Change all of your passwords

2. Make each password different

3. Test your website for SQL injection

4. Audit all of your online information

5. Contact us for help

5 ways systems can be breached

1. You are tricked into installing malicious software

2. Hackers are able to alter the operating system settings

3. Someone physically accesses your computer

4. It’s someone from within the company

5. Your password is compromised

4 BYOD integration tips

5 myths of virtualization security

Security flaw hits Internet Explorer

Securing your passwords

Massive security flaw you need to know

Interested in
learning more?