Apr 16, 2014 | SMB Technology
The name Heartbleed OpenSSL Vulnerability (aka Heartbleed bug) is as scary as it sounds. Some reports say up to two thirds of all secure websites (e.g. those with a web address starting with a green https://) are using OpenSSL. It has been reported that Google was first to discover the Heartbleed bug that compromised sites including Yahoo, Tumblr, Flickr, Amazon, and other websites relying on OpenSSL for security. This security breach may provide hackers access to accounts, passwords, and credit card information. Heartbleed and Your Systems Business owners using OpenSSL for their email, website, eCommerce applications, or other web applications should take action to prevent data loss or theft. The fix for the Heartbleed bug should be installed on your operating systems, network appliances, and other software to ensure that confidential information is protected. Consider having your IT professional test your public web servers to determine if they are safe. Heartbleed and Your Employees Your employees may have used websites that were exposed to the Heartbleed bug. This means their username and password combinations may have been compromised by hackers tapping into what was supposed to be encrypted communications. Employees should be reminded to reset passwords within the guidelines established by your company. There are plenty of resources on creating a secure password. Microsoft offers tips for creating a strong password on their website. The Need for IT Security Because the Heartbleed bug is pervasive, most internet users need to change passwords on sites like Gmail, Yahoo, and Facebook. The Heartbleed bug is a wake-up call to the importance of having an IT Security policy that includes strong password...
Apr 9, 2014 | SMB Technology
Many Smartphones and Tablet computers have access to corporate applications and their data through Bring Your Own Device (BYOD) policies and corporate-sponsored mobility strategies. Mobile Security has become a popular topic for good reason. According to CIO Insights, mobile data traffic is expected to increase eleven-fold by 2018. Because of increasing data traffic on mobile devices, some government agencies are looking at legislation to require manufacturers to add a smartphone kill switch to remotely wipe a mobile device if it is lost or stolen. Keeping in mind that a four-digit iPhone passcode could be hacked in minutes, this begs the question: Does your Smartphone Need a Kill Switch? Having a smartphone Kill Switch may give a sense of false security. Adding a kill switch to protect your privacy and corporate information is reactive, rather than proactive. If not done properly, you could wipe your employees’ irreplaceable information, such as family photos. A Kill Switch may also make the phone entirely unrecoverable. This means you will surely need to replace the device once the remote kill switch is invoked. Proactive Mobile Security Before you hit the Kill Switch consider proactive mobile-security measures. Smartphones and Tablets are great innovations that allow your employees to stay in touch and work anywhere. Access to email, operational data, financial information, and customer information through a mobile device can empower your employees and increase their productivity. Access to this information should be password-protected at all times. Additionally, any corporate data should be encrypted in transit and at rest. Only approved applications should be allowed on the mobile device and personal data should be stored in...
Jan 23, 2014 | SMB Technology
Mobile security is top of mind when it comes to concerns for IT Managers. According to the Computing Technology Industry Association (CompTIA) risk of loss is the number one concern related to Mobile security. For the first time last year, more smart phones and tablets shipped than PC desktops. It is no surprise that mobile devices are the target of mobile security threats. Chances are most people in your company have a smartphone, tablet or both. In some cases these devices connect to your company network using WiFi. It is equally likely that these devices access company information via email, mobile applications or file synch to company data. Now that these devices are universal, it is important to have a plan if they are lost or stolen. Keep in mind, your four digit password may be the only thing between an intruder and your data. Here are some additional considerations for mobile security. Mobile Security Policy While you can remotely wipe a Mobile devices when it is lost or stolen, this may not be enough. That four digit passcode can be easily hacked in minutes. It is important that employees know how to report a lost or stolen device immediately. Also consider, there may be personal information on the device that is property of your employee. This data may not be backed up and could be impossible to recover. There may be local laws that prevent you from wiping this type of data from personal devices. If your employees access your corporate systems, be sure they sign and acknowledge your company policy for acceptable use, including policy for reporting...
Jan 10, 2014 | SMB Technology
Target Retailers were just involved in the second largest credit card data breach in United States history. Today Target announced the data breach that occurred over Thanksgiving weekend now exposes upwards of 70 million credit and debit cards. Target also disclosed the privacy data breach compromised names, addresses, phone numbers or email addresses, in addition to credit card information. When businesses are victims of a security breach, loss of revenue is often highlighted in the news. What the media often overlooks is the internal costs of remediation, exposure to privacy breach laws and loss of reputation with their customers. Any Business can be the Target of a Privacy Data Breach While large companies make the news, many small business owners believe their company is too small to be targeted by cyber criminals resulting in privacy data breach. According to Verizon Wireless’s 2012 Data Breach Investigation Study, 71% of data breaches occur in companies with fewer than 100 employees. A privacy data breach can be devastating to a small business. Malware or software used to interrupt a computer’s processing, is a common way of perpetrating these attacks. Small businesses are often unprepared when it comes to these attacks. What a Business Owner do to Avoid a Privacy Breach Action can be taken to protect your small business and your customer’s sensitive information. First, audit your network regularly. Periodically scan your network for unauthorized computers and devices connected to your network directly or via Wi-Fi. Also, update any antivirus or malware software regularly. Check your firewall and security settings. Make sure all your defense mechanisms are up to date and working...
Dec 26, 2013 | SMB Technology
Target Retailers were just involved in the second largest credit card breach in United States history. A cyber security attack occurred over Thanksgiving weekend, which exposed upwards of 40 million credit and debit cards users. Compromised information included credit and debit card information, as well as customer names. When large businesses are victims of a security breach, it often is highlighted in the news. What the media fails to recognize, is the susceptibility of small businesses to cyber attacks. Small Business are Susceptible to Cyber Attacks Many small business owners believe their company is too small to be targeted by cyber crime. According to Verizon Wireless’s 2012 Data Breach Investigation Study, 71% of data breaches occur in companies with fewer than 100 employees. An information breach can be devastating to a small business. Malware, or software used to interrupt a computer’s processing, is the most common way of perpetrating these attacks. Small businesses are often unprepared when it comes to these sorts of attacks. Protecting Data from Cyber Attacks Action should be taken to protect your small business and your customer’s sensitive information. First, audit your network regularly. Periodically scan your network for unauthorized computers and devices connected to your network directly or via Wi-Fi. Also, update any antivirus or malware software regularly. Also check your firewall and security settings. Make sure all your defense mechanisms are up to date and working properly. It is also important that all employee are trained on your policies and procedures for avoiding malware and identifying phishing schemes. It is important to keep a secure network to ensure your customers trust. By keeping...
