February 14th, 2014
There are a number of advantages to becoming a more mobile business. Employees are able to access data from virtually anywhere, which can make them more productive and give them access to vital information when meeting with clients. It’s also much easier for them to collaborate with others. There’s also the bring your own device trend that allows employees to integrate their own mobile devices into their work. All of these allow for more productivity and connectivity, but they also all introduce new security concerns. At Network World, Ed Tittel lists some best practices all business owners should be familiar with for dealing with mobile security.
With more smartphones being used worldwide and more valuable data being accessed with them, it stands to reason that they’re becoming a more valuable target for criminals. Attacks have been observed on both iOS and Android devices. For devices that are used to access company data, you can’t afford to let them connect to your network without proper security apps in place.
Typically, mobile communications are relatively easy for hackers to intercept. That’s why most experts recommend the use of a VPN, or virtual private network, to encrypt all communications between mobile devices and company servers. Cloud storage and an employee’s smartphone may both be properly protected, but when data is transferred between them there exists a vulnerability. Using a VPN eliminates that threat.
If a device is used to access company data, it should be secured with multiple forms of authentication. It goes without saying that smartphones should require a password to unlock, but newer devices also allow for fingerprint scanning or even facial or vocal recognition. In addition, companies need to plan ahead for cases when devices are lost or stolen. The ability to remotely lock and wipe lost devices is vital to security.
Once an employee begins using their mobile device for work, they lose the ability to use whatever software they choose. There must be some consideration to the security of the device and the company’s data. Completely blocking the downloading and using of third party software is one way. Another is to allow exceptions once IT or management is informed that an individual wants to download a third party application and it’s been cleared.
If you feel that you’ve put all the necessary precautions into place, you need to test to make sure there are no penetration points you’ve missed. How else will you be sure that your company’s data is protected from threats? Regular testing allows you to find vulnerabilities before the criminals do.
For help with the security at your business, contact Geek Rescue at 918-369-4335.
January 30th, 2014
Planning is a key step to effective data security for your business. If you know how you’re likely to be attacked, you’ll know how to best protect yourself. At PC World, Tony Bradley published a list of security threats he expects to be common throughout 2014.
The time when you could consider your smartphone immune from the dangers of malware has passed. With a large percentage of the population not only using mobile devices, but using them to access critical data, criminals have begun heavily targeting them with mobile-specific malware. And infection can stem from a number of places. Email, malicious links and text messaging are all popular modes of malware infection, but even connecting to an infected computer via USB has been the root of infection in some attacks.
You’ve likely seen this buzzword in the media and it refers to the growing number 0f items with internet capabilities. Your refrigerator, car, home security system, baby monitor and many other common items can now be online and controlled remotely. While this may present a convenience for you, it also poses a security risk as hackers may also be able to gain control of your things. We’ve already seen a refrigerator used as part of a botnet. Be aware that if an item in your home or business can connect to the internet, it can be hacked.
Patches and security updates for this operating system will be discontinued by Microsoft this April. While Microsoft Security Essentials will receive support until the summer of 2015, this still presents a significant security issue. A large portion of the world’s desktop computers, particularly in offices, are still running XP. Worse is that kiosks and other embedded devices also run off of XP. When Microsoft stops supporting their old operating system, developers will also likely stop releasing updates for their XP applications. This leaves users in a frozen state where known exploits won’t be fixed. Some security experts are forecasting that hackers will wait until support stops and then launch all out attacks on XP systems.
Due to the success of attacks, like those on Target and Nieman Marcus, expect large scale data breaches to continue. Cyber criminals understand how valuable data can be and are willing to launch intelligent attacks to steal it. Staying protected requires planning, putting proper security tools in place and being smart about what you download and who you allow on your network.
For help improving the security at your company or on your home PC, call Geek Rescue at 918-369-4335.
January 21st, 2014
The recent attack on Target that ended with millions of customer’s credit card information being stolen holds multiple lessons for IT departments everywhere. We already reported the facts about the malware used in the attack. At IT Manager Daily, David King has a list of what should be learned from the attack so it less likely to happen again, or at least handled more effectively.
If your body is infected with a virus, the longer you wait the worse it gets. It’s a similar rule of thumb of malware infections and attacks. Not only do you need to secure your network and get rid of the malicious files, but you’ll also need to warn your affected customers and be prepared to handle the influx of calls. This all needs to happen as soon as possible to prevent the situation from getting even worse.
- Secure All Points Of Access
The wrinkle in the attack on Target is that computers weren’t infected with the malware. Instead, the point of sale system was the target. Similarly, recent stories have reported that anything connected to the internet, including refrigerators, can be infected with malware and used by criminals. That makes it vital to secure every device that is connected to the internet and put security tools like firewalls in place to protect your entire network.
Part of the key for acting quickly is to make a plan for recovery before disaster strikes. This way, every part of your organization knows what their job is and everything will run smoothly. This plan will need to be updated when applications and personnel change and altered for new forms of attacks.
These three tips won’t keep you completely secure from a data-scraping malware attack. Unfortunately, nothing can guarantee the safety of your data. But, when you follow the correct protocol, you’re less likely to become a victim and are able to risk less.
For help improving the security of your company’s data, or for help recovering from an attack, call Geek Rescue at 918-369-4335.
January 7th, 2014
Taking charge of access management for your company is a vital step towards better security. Very few members of your organization need access to all of the applications and data on your network and access management ensures that each employee is given access only to what they need. This significantly decreases the likelihood of a data breach and allows you to keep closer tabs on who is accessing data and how they access it.
Cloud computing and the bring your own device trend make data security more difficult than ever before. Effective access management is crucial in tandem with these new technologies. David King of IT Manager Daily published a list of policies all businesses should follow to limit access to critical data and prevent data breaches.
The more employees you have, the more roles change. Communication between departments is important so that when an employee’s role changes, due to a promotion, firing or change in projects, their access changes too. Problems arise from individual users having access to data they no longer need. Especially in the case of workers who are no longer with the company, access changes should be a priority and made immediately.
Staying up to date on who can access what data and how and where they’re accessing it is a big time investment, but it’s necessary. Without regular checks on data access, you’ll be caught unaware when a problem occurs. Many times, warning signs of an impending breach, or at least a potential vulnerability, exist days or weeks before any data is actually stolen. Data being accessed during off-hours or being accessed off-site are warning signs that someone is accessing data that shouldn’t be. They don’t tell you definitively that there’s a problem, but they suggest you should look into the matter.
Part of access management is ensuring that employee accounts are only being used by those employees. Educating workers about the dangers of weak passwords is important. Make sure each employee understands what a strong password consists of and is using one. Also, prohibit the sharing of passwords or inheriting accounts from others. This weakens your efforts to limit access to certain employees and opens loopholes that workers can exploit after they’ve left the company.
Data breaches can be extremely costly to any type of business. Investing in security now can save you later.
For help improving all facets of data security at your company, call Geek Rescue at 918-369-4335.
December 17th, 2013
For business and even personal use, the cloud is earning the trust of more and more users. But, privacy and security remain major concerns. Victoria Ivey of CIO published a list of ways to maintain better security with the cloud, which mostly involve more diligence from users.
There are a seemingly endless number of options for how to use the cloud, but it’s not for everything. When it comes to storing data, your most valued, vital, important files should probably stay away. Cloud storage isn’t particularly insecure, but it doesn’t provide enough security for the data you absolutely cannot afford to lose.
Perhaps the most disregarded document in history is the user agreement. For cloud storage solutions, however, it’s necessary to wade through them. They contain important information about what your cloud provider offers and what level of protection you’re afforded. If you’d rather not read it, take some time to talk to your provider in-depth about the services. Knowing the details of your cloud service will help you use it better.
Passwords are a respectable security tool when used correctly. Unfortunately, most users insist on using a password they can easily remember and use no other considerations. This makes a password easily hackable. This doesn’t only apply to the cloud, but strong passwords are a must for every online account.
For added cloud security, use encryption on all data stored there. This way, if a third party does gain access to your cloud storage, there will be another layer of security in place to keep them from stealing data. There are a number of ways to encrypt files and some cloud providers will include encryption with your service. There have been cases where cloud providers have decrypted users’ data, however and allowed access to other parties. So, be cautious when choosing a provider and don’t blindly trust encryption services unless you’re the only one holding the key.
These are some basic, general tips for improved security with cloud computing. Research your provider and the services you’re signing up for and make sure you understand how the cloud works and how to best use it.
To find out what the cloud can do for you, call Geek Rescue at 918-369-4335. We offer a variety of cloud services and help you understand how the cloud is best utilized by your business.
December 13th, 2013
An increased IT security budget is a good idea for any business, but it just isn’t always possible. Only about a quarter of respondents in a recent survey reported any type of growth in their security budget for 2013. For those with identical budgets than last year, or decreasing budgets, it’s important to find ways to improve security without spending more. David King of IT Manager Daily suggests three ways to do just that. These tactics will better protect your company without the need to ask for an increased security budget.
There should be security precautions in place across your entire network, but there are likely some areas that need more protection than others. These will be users that have access to more data, all financial documents and applications housing valuable customer data and IT, who has access to critical points. Securing these areas better protects you because they are most likely to be targeted by criminals and would be the most costly if compromised.
It’s important to test all precautions that you’ve put into place so you can learn how to improve them. That goes for both built-in protections and user training. Periodically, launch a test attack against your own system to find out how protected you really are. Send suspicious emails to your users to find out if your training is really paying off. You may find that more training or a tweak to an application is needed to improve security.
It costs nothing to update and patch the applications you’re currently running. But, it makes a huge impact on the effectiveness of your security. Out of date programs contain vulnerabilities with known exploits. This means hackers have discovered security flaws and know how to use them to infiltrate your network. By keeping all applications up to date and patched, you eliminate these vulnerabilities as they’re discovered.
An efficient use of your security budget is important to make your business as secure as possible. For help spending smarter, contact Geek Rescue at 918-369-4335.
December 13th, 2013
One of the biggest fears for any business is downtime. If your website is down, your customer’s can’t find you. If your office network is down, your employees can’t be productive. Tony Kontzer of Network Computing reports that research has shown that distributed-denial-of-service attacks are a rapidly rising cause of downtime for data centers.
DDoS attacks main goal is to shut down networks and make them unavailable to users. To do this, hackers commonly saturate the networks with communication requests, which overloads servers. These spoofed requests make it impossible to respond to the legitimate traffic resulting in a shut down.
In 2010, a survey revealed that only about 2-percent of data center outages were attributed to DDoS attacks. In a recent survey of 67 data centers, 18-percent of outages were reported as caused by DDoS attacks. Unfortunately, as the attacks have become more frequent, they’ve also become more intelligent. Unlike other causes of outages, specialized technology and even forensic experts could be needed to resolve the aftermath.
One of the most common causes of downtime is human error, which costs companies an average of about $380-thousand to overcome. The most expensive cause of downtime if equipment failure, which costs about $959-thousand on average. DDoS attacks are second on that list and cost $822-thousand to mitigate on average. Overall, the average cost of overcoming an outage has risen sharply in the past three years. The average cost to fix any outage is up about 37-percent since 2010.
While costs are up, the length of outages is declining. It now takes about 86-minutes to resolve an outage, compared to 97-minutes in 2010. This can be attributed to companies investing more in IT and advances in technology. It’s also likely that because the cost per minute of downtime is rising each year, businesses are more likely to act quickly to resolve issues.
This research suggests both that companies need to invest in proper security to protect against costly threats like DDoS attacks and that they need the proper plan in place to quickly recover when disaster strikes. For help with both, call Geek Rescue at 918-369-4335. We specialize in security infrastructure for businesses and creating back-up plans and restore procedures to overcome any issues.
November 29th, 2013
Buying a new computer is a great feeling. You get to start fresh with plenty of available storage space and you know there’s no malware or viruses slowing down performance. In order to keep your computer working properly and staying new for as long as possible, there are a few things you need to do as soon as you boot up for the first time. Andy O’Donnell of About lists the initial steps you should take with any new computer to ensure it’s secure and protected.
Your computer may be brand new, but that doesn’t mean the operating system and browser your using are up to date. Chances are there are updates to download and security patches to install. Without installing these, you leave yourself vulnerable to bugs and known holes in security that hackers can easily take advantage of. Your new computer won’t stay new for long if you fail to keep it up to date.
The first thing you should install on any new device is software to help keep it secure. There are a number of antivirus programs available for free, or a small fee. An anti-malware program is also helpful and a firewall is essential. Ideally, you’ll be able to research the best programs available before you boot up your new computer. That way, you’ll be able to download them quickly and you won’t be unprotected for long. As with your OS and other applications, it’s vital that you keep all security software updated and patched to keep it as effective as possible.
Once you’ve put protective measures in place, you’ll want to plan for disaster. Even with security software and updates installed, there are still plenty of ways to lose important data. Hackers, natural disasters and theft are all still possible. So, put a plan in place to regularly back-up your most important data to ensure that, even in a worst case scenario, you’ll be able to restore files as quickly as possible.
For help with any of these important steps with your new device, bring it to Geek Rescue or call us at 918-369-4335. We also fix computers to save you from having to purchase a new one.
November 29th, 2013
There are a number of precautions you need to take in order to stay safe online. From firewalls to updated antivirus software, there are plenty of tools that can prevent a disastrous cyber attack or data breach. These tools still don’t guarantee your safety, however. Even with precautions in place, it’s important to understand where the majority of threats come from and avoid them altogether with safe surfing techniques. Ron Johnson, of Business2Community, listed some of the most common causes of security breaches and how to avoid them.
Open WiFi networks are found nearly everywhere you go, but they’re far from secure. Any data you send over public WiFi is easily intercepted and stolen by a third party. This doesn’t mean you shouldn’t ever connect to public WiFi. It means you need to be extra careful about what sites you access while using this type of unsecured network. Viewing and reading websites likely won’t cause a problem, but don’t log-in to any online accounts or your password could be compromised.
Most users understand the dangers in giving other people their password, but sometimes even the most savvy users give out their log-in information without even thinking about it. For example, if you’re having difficulty with an account, a customer service representative might ask you for your password. This doesn’t necessarily mean they are going to misuse it, but it’s always a good idea to change passwords once you’ve told them to anyone, including a help desk. They might not always be as careful with your information as you would be. It’s also never a good idea to share accounts with others, even friends or family. If you want to allow another individual to access your account, change the password, give them the new log-in information, then change it again once they’re finished.
Downloading anything should be a decision that every user is cautious of. Even seemingly trusted websites can be compromised and a file you download could end up infecting your system with malware. If you’re prompted to download an application, like a media player, go to that player’s official website to download. Be sure to scan every file downloaded with your antivirus program before opening. As for email attachments, don’t download them unless you were expecting a file to be sent to you and you know exactly what it is.
Speaking of email, phishing scams are a popular method for stealing your information and hacking into your online accounts. These scams have grown more sophisticated. Often, an email will appear to be from a legitimate website where you hold an account. It will claim there’s been a problem and you need to log-in immediately, or download software, or even put in credit card information. If you have any questions about the legitimacy of these emails, contact the website or business directly, by phone if possible. There’s never a time when a business will email and need your credit card information.
By learning some of these common hacker tactics, you’ll be able to be smarter about your online habits and avoid potential threats.
If you’d like to improve security at your home or business to further safeguard from malware, phishing scams, hacking and more, contact Geek Rescue at 918-369-4335.
November 22nd, 2013
Cloud computing holds a number of advantages for businesses, but some are still apprehensive citing security concerns. Ricky Ribeiro, of BizTech Magazine, spoke with security expert Kurt Roemer, to uncover how companies can stay secure while using the cloud. Here’s a look at the most compelling information.
In order to properly secure your company’s data using an entirely physical infrastructure, your security budget has to be incredibly large. Because of this, security in the cloud is, in many ways, an improvement because it takes a smaller budget to put necessary security in place. A company needs to diagnose their security needs and speak to a professional cloud provider, who can manage their cloud services and provided the needed security.
A hybrid cloud set-up allows a business to use both a private cloud, which can be organizationally owned or managed by a cloud provider, and public cloud services. Security provisions must be in place in both the private and public cloud to keep sensitive data safe, whether it’s being stored or passed between clouds. To ensure security, connection points between the clouds need to be automated.
- Mistakes of cloud security
While cloud computing offers an alternative to the traditional data center, it can’t be managed the same way. When IT departments view the cloud the same way they’d view physical machines, it seems that private clouds are the only viable option. It’s true that the public cloud isn’t right for every application, but they can be used effectively in some situations to increase the cost-effectiveness of the cloud. Data security needs to be diagnosed to decide what is appropriate for the public cloud and what needs the added safeguards of a private cloud.
The downfall of cloud security comes in many forms that will be familiar to those with experience in traditional data centers. Weak passwords, account sharing and absence of encryption all lead to common security problems in the cloud. There are a number of protection options in the cloud to overcome these concerns, however. Multitenant administration, delegated responsibilities, distributed lifecycle management and security automation can all help you overcome typical user weaknesses.
If your business isn’t using cloud technologies yet, you’re falling behind your competition. To find out how cloud computing helps make your business more efficient, call Geek Rescue at 918-369-4335.