Archive for the ‘Security’ Category

The Benefits of the Hybrid Cloud

Friday, April 20th, 2012

Cloud computing is very popular these days. The cloud is essentially a group of remote servers where people can store and access their data. People can store music, powerful programs, and important files in the cloud. As information kept in the cloud isn’t stored on personal computers this saves tons of computer memory. The result of this is that people gain access to more data without having to use up space on their computer, which often can slow it down.

Not All Clouds are the Same

However, not all clouds are the same. There is the public cloud, the one with which we are most familiarized. But then there’s the hybrid cloud as well. As its name implies, the hybrid cloud is a combination of two different types of clouds, the public cloud and a private cloud.

To provide a hybrid cloud, an organization may store some of their client’s more important or current data in-house and store older, archived, and less crucial files in the public cloud. They may also use the public cloud to store huge programs while keeping confidential information in-house.

The Hybrid Cloud Approach Makes Sense

Taking a hybrid cloud approach to data storage permits businesses to take advantage of the space-saving features of the public cloud without also exposing their sensitive current data to third-party providers. Put simply, the hybrid cloud provides businesses with protection, cost-savings, and efficiency.

It’s little wonder, then, that a great number of organizations today are moving toward a hybrid cloud approach. There is way too much data floating around today for smaller businesses to properly store. At the same time, businesses in today’s competitive environment don’t want to expose company secrets and sensitive consumer data to either their competition or hackers. The hybrid cloud could allow businesses to accomplish both feats.

If I were to be totally honest, I’d have to admit to an internal struggle about wrapping this article up on such a simple note.  The cloud is a complex suite of options that offers an almost infinite number of options, and even this explanation of a Hybrid Cloud is extremely simplistic.  But, in an effort to keep things simple and keep this article short, let’s stick with this description.  If you’d like to discuss this further, please call the number at the top of the page and we’ll talk.  Or, simply post your questions/comments here and we can delve deeper.

Posted in Connectivity and Acess, Security, Technology and How it's Used | No Comments »

Protect Your Data by Being Aware of Security Challenges

Wednesday, April 4th, 2012

Technology is ever changing, and cyber-criminals will be ever adjusting to it. Recently, MIT’s Technology Review published an article concerning technology security threats that we should be aware of in 2012. As many of us devote a significant amount of time online, being familiar with these threats can help protect valuable data.

Stolen, Spoofed Certificates

One problem that the article mentioned is stolen or faked certificates. When you log into a website, your bank for instance, the traffic is encrypted with a “certificate”. This proves that the site can be trusted. The faking and stealing of these certificates was a popular strategy used by cyber-criminals in 2011. This can give them access to confidential information.

A Common Security Mechanism in Trouble?

Sites use certificates as a security measure more than any other means. If these are no longer viewed as trustworthy it could affect everyone, from the consumer, to the large company that is charged with protecting your information.

Another crucial security challenge that we should be aware of is “hacktivism”. “Hacktivism” is the combination of the words activism and hack. Groups like Anonymous and LulzSec target businesses that they feel are either guilty of wrongdoings or just wish to prove the companies have lax security. Whatever the reason, Technology Review says we should expect groups like these to continue their “hacktivism” well into the future.

Home Automation

The growing popularity of home automation also presents security risks in 2012. As Technology Review writes, a growing amount of automation systems connect alarm systems, thermostats, lights, and even the locks to homes’ front doors to the web. Consider the damage that hackers can do if they break into these systems.

All-in-all, the expansion of technological capabilities and our greater consumption of these technologies are creating additional opportunities for others to exploit them.  I make my living, and truly enjoy, using technology and I’m not trying to scare anyone.  But I do want make sure that you are aware of the vulnerabilities and do what you can to protect yourself.  If you need help, call the number above and we’ll see what we can do.

Tags:
Posted in Connectivity and Acess, Security, Technology and How it's Used | No Comments »

Your Small Business and Data Security

Wednesday, February 8th, 2012

When it comes to data security, many people think they have an abundance of systems and precautions in place to keep their data secure. Sure, you will have antivirus software and you may even update it regularly. You may also feel that you’re too small of a company to be a target of a hacking attempt. Only big firms that have tens of thousands of clients need to be concerned about cyber criminals, right? Wrong. Hackers and cyber criminals have in fact escalated their focus on small businesses. We would like to help you understand the dangers your small business may be facing.

Small firms: low-hanging fruit

The truth is, hackers have realized that small businesses are easier targets, and therefore are increasingly preying upon them. They are able to infiltrate their systems at a considerably faster rate, and with a better percentage of success as well. This means a cyber criminal can invade multiple targets in the time it would take them to lay siege to a better-guarded system with a higher level of data security. How can it be worth their while to steal from a mom and pop operation? In today’s modern world, practically every business makes use of digital payment processing methods. When your customers pay using a credit card, this data must run through your system to be validated. This represents a goldmine of data for hackers, as they can lift this data without being detected. With your customers’ credit card numbers, addresses and names, they can make fraudulent charges on their accounts.

How hackers gain access to your data

Hackers usually take a multiple-point-of-entry approach when trying to breach your company. Don’t be fooled that email is the only way a hacker will try to infiltrate you. While harmful email attachments are the most widely used tactics that hackers use to mine data from a company, they also use low-tech methods as well. Direct phone calls to lower level employees or even a in-office visit posing as system administrator are among the low-tech ways criminals may target your enterprise. You might believe your employees are impervious to these seemingly evident ploys, but it only takes one error to open your company up to an attack.

The buck stops with you

Many people believe that since credit card companies are usually liable for any deceptive charges that occur from a hacking event, that data security isn’t crucial. While this may be true for a consumer, for a business owner the outcome may be very different. Consumers will hold you accountable personally should their information be stolen. Damage control after an attack can cost a business thousands of dollars and in some cases a single attack can spell the end of business in general.

An ounce of prevention…

Data security is very important and any extra precautions you can take would be wise. Use strong passwords and update your existing security systems often. Educate your staff on safety measures they can take, such as creating strong passwords and never giving out login information. Hiring an outside consultant to help you ensure you and your client’s information is safe is another good idea. Simple measures can give you peace of mind that your systems are safe, and your clients will know you have their best interests at heart.

Tags:
Posted in Security, Uncategorized | No Comments »

Microsoft steps up to take part in the war against cyber crimes

Wednesday, January 25th, 2012

Cyber crimes happen everyday, and everyday IT security companies track and record details around these attacks. Microsoft is upping its game and launching a real-time threat feed so that its fellow partners can study existing threats it finds and learn the best steps to proactively take against them.

Microsoft presently has a process set up to take down dangerous botnets. Microsoft “swallows” the botnets and lets them infect accounts that are highly controlled by Microsoft’s team. Once the botnets infect the accounts, Microsoft learns the way they work and eliminates them as a threat.

Microsoft can now collect threat information and share it with ISPs, government agencies, private companies, and CERTs. The impact of such a move by Microsoft could be significant. Analysts point out that while a real-time threat feed won’t lower the amount of attacks, it will help information security specialists react to these threats faster. This might limit the amount of damage brought on by these attacks.

Another great result a real-time threat feed could have is an increase in overall information sharing between IT security companies. For too long IT companies have been hesitant to share threat information for the fear that it could fuel more attacks. Most experts say this an unsupported fear.  The cyber criminal “community” has already been sharing and gaining knowledge from each other.  It’s only logical therefore that IT security professional share as much information as possible to fight the seemingly endless barrage of new cyber threats.

Let’s hope that security professionals soon understand that sharing information is more valuable than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.

Tags:
Posted in Security, Uncategorized | No Comments »

Is the Cloud Secure? Part 2

Friday, January 20th, 2012

The cloud can be a blessing for small business owners fighting through tough economic times. Rather than purchasing costly enterprise software, business owners can save their dollars by accessing powerful computing programs in the cloud, from high-end word processors and project-management tools to spreadsheets and Photoshop alternatives. But, the cloud isn’t perfect, particularly when it comes to security issues. Entrepreneurs must be aware that their documents, presentations, and marketing materials can be damaged when they’re stored in the cloud.

Password issues

One of the biggest security issues when dealing with the cloud is password protection. This is also one of the greatest security issues outside of the cloud.

You should always carefully select passwords to your projects stored in the cloud. The more complicated your passwords are the more difficult they are to guess. A great way to accomplish this is to use a combination of numbers and letters in your passwords. Also, you shouldn’t share these passwords with many people.

Hacker alert

Hackers, malware, and spyware remain serious issues for cloud environments, just like they are problems that business owners face when logging onto their personal computers everyday. The thing that makes this particularly scary is that individual business owners have little control over how secure cloud services are. The big names — companies like Microsoft and Google — must provide their own security for the data that business owners store in the cloud.

Common sense protection

Protecting yourself from theft in the cloud can be as simple as applying some common sense practices.

First, owners should consider what sort of information they are storing in the cloud. The most sensitive data, data that could damage a company if it is lost or stolen, may not be suitable for cloud storage. Instead, this data may be better preserved on a business owner’s individual computing system and reliably backed up.

Secondly, before giving every employee free access to cloud-stored data, think carefully about which employees actually needs access to that information. People are often careful about protecting their laptops and desktop computers from prying eyes; this attitude should be applied to the cloud as well.

Tags:
Posted in Malware, Security, Uncategorized | No Comments »

Security in the Cloud: Part 1

Wednesday, January 18th, 2012

There are numerous benefits to cloud computing. Backing up important data makes it easily accessible to everyone in your company and frees up space on your servers. You almost certainly have several questions about cloud security and might be pondering if cloud security will protect your client’s data and adhere to HIPAA, PCI or Sarbanes-Oxley regulations.

It can be difficult to tell if your cloud storage solution follows these requirements, as many don’t specify in their privacy policies. To help you navigate these difficult waters, let’s consider this topic in depth below.

Compliance

Cloud security has become an important issue recently, as increasing numbers of companies turn to online storage solutions, looking for greater simplicity, scalability and affordability. However the cost in both money and reputation for improper handling of customer data can be extremely high indeed. If your organization should comply to key regulations associated with patient privacy (HIPAA), credit card security (PCI) or the finance-sector strictures of Sarbanes-Oxley, it can be hard to find out if a service complies with these important restrictions.

Who is responsible

Who’s shoulders does the responsibility fall on? There is no law requiring that cloud service providers disclose the level of security they maintain. While they probably do have a respectable amount of safety protocols set up, the safest option is to take their privacy policy at face value. In this case, if you wish to stay in compliance with HIPAA, PCI or Sarbanes-Oxley, cloud computing may not be for you. That said, if your industry doesn’t require tight regulations, then you could make use of the benefits cloud-computing offers. 

Currently there is no law in place that requires a company to divulge this information. Cloud computing services can save your business money while boosting efficiency, but they could also risk noncompliance with privacy laws. This leaves the risk on your shoulders and it is up to you to weigh the benefits and threats for yourself. The topic of cloud security will probably be one of much debate in coming years. At the moment, the right road to travel is the the one that best meets your company’s specific needs.

Tags:
Posted in Security, Uncategorized | No Comments »

Microsoft Delivers 7 Fixes in January Security Update

Friday, January 13th, 2012

Of the promised, and delivered, seven security updates only one has been deemed “critical,” and the rest were as “important.” The critical fix, bulletin MS12-004, addresses two issues in Windows Media Player that could allow an intruder to carry out a remote code execution attack if a specially designed media file were to be downloaded and opened.

Media players are a favored target of a process called fuzzing: the process of throwing the kitchen sink at an application to find where it breaks.”

Microsoft’s first important item of the month, bulletin MS12-001, is noteworthy for being classified as a “Security Features Bypass”, which represents a first for a Microsoft bulletin. This item blocks a reported problem in which an outsider could bypass the SafeSEH features in Microsoft C++ .NET. If exploited, the flaw could allow an attacker to bypass security protocols and load harmful code on a machine.

Many third-party security experts, including Joshua Talbot, a security intelligence manager at Symantec Security Response, believe that this important item should be put at the top of IT’s “to-do” list.

“Although only rated important, we actually picked the Assembly Execution Vulnerability as the most severe issue this month,” said Talbot. “The vulnerability is due to an oversight that allows an attacker to run malware as soon as a user opens a Word or PowerPoint file. E-mail attachments will probably be the most common attack method in which this vulnerability is exploited.”

Another notable bulletin this month includes a fix for a Secure Socket Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0. flaw (bulletin MS12-006) that could be exploited with a toolkit called BEAST, which was demonstrated last September. According to those demonstrating the flaw, an attacker could have malicious code uploaded and executed on a computer within 10 minutes.

Three of the four remaining important bulletins target two remote code execution vulnerabilities and one elevation of privilege flaw in Windows, while the final bulletin deals with an information disclosure issue in Microsoft’s Anti-Cross Site Scripting (AntiXSS) Library.

With the arrival of Patch Tuesday, it is also a good time to remind many who might have missed it over the holidays of the out-of-band patch released by Microsoft on Dec. 29. This bulletin addressed three issues with Microsoft’s framework for ASP.NET.

If you need help with any of these issued, give us a call at the number listed on this site.

Posted in Security | No Comments »

3 ways to make sure your computer is safe

Friday, December 9th, 2011

Computers are prized possessions, no matter what you use them for. They offer a practical value with regard to the processes they allow us to automate, but there is also an economic value which should be considered. The high cost carried by computers means they are tempting targets for any thief. Here are a few quick tips to consider when beefing up your computer’s security.

Physical Security

The beauty of most personal computers is that they’re portable. Even desktops can be moved easily with a few cord disconnections and a quick pull. To make sure both your laptop and desktop computers are secure inside your home or workplace, consider buying a strong, keyed cable lock. Essentially, they help chain your PC down in a manner that makes them extremely difficult to steal. These items run an average of $40, but they provide a priceless sense of security.  The downside is that they may be cumbersome for your own portability when used on a notebook computer.

Data Security

A computer is a valuable target for a thief, not only due to the material value of the device but also due to the data stored within. Encrypting data is always a good protective measure to help ensure your data is safe, but there is certain data you should never store permanently. Such information includes your credit card information, social security number and checking account. Having your identity stolen will only add insult to injury.

Keeping Track

You’ve probably heard of computer tracking software and services. If a thief steals your computer, especially a laptop, using a computer tracking service lets you track down your lost computer and increases the chances of it being retrieved safely. While these apps can be installed on any computer, it’s important to note that they can be rendered ineffective if your hard drive is wiped clean. However, they are still a valuable safeguard and have been successful in numerous computer theft cases.

While all of these tips are useful in keeping your computer safe, there is no replacement for common sense and reasonable vigilance. Make sure to take good care of your computer; chances are it takes good care of you. If you need more information, or help, with any of these issues, feel free to contact us at the number listed on this site.  Or, simply leave a comment her… we’d love to hear your thoughts.

Posted in Security, Tips and Tricks, Uncategorized | No Comments »