GCInfotech is your total business IT solutions resource for your Mobile Workforce

How important is smart device security?

Convenience is at the forefront of our lives. For businesses, this means a rapidly evolving security landscape that’s leaving many companies, and their IT departments, overwhelmed and scrambling. Smartphones and tablets and other embedded devices like printers and scanners utilize ingenious technology and provide significant benefit to how we do business, but they call into question the very serious issue of usability versus security.

Recent polls of management level employees suggest that upwards of 50% of them don’t know how their organizations identify compromised devices on their network. Additionally, polls of IT professionals show that data security threats at the office frequently go unmanaged due to insufficient resources or in some cases a lack of awareness that a situation even exists. Device manufacturers tend to focus on usability and place little emphasis on built-in software protections, contributing to data and network vulnerabilities. The challenge for device engineers is compressing large and slow software into a tiny space, which makes creating operating systems and software to run on these devices extremely difficult. Decisions invariably must be made regarding what features to include– if richness of features is forsaken for security measures, then how useful is the device in the first place?

Many of us may not even realize which office devices can pose a significant security threat. Here’s a list of culprits and the backend attacks they are susceptible to:

  • Printers – Remote reconfiguration or access to previously printed documents
  • Timeclocks – Access to employee information and payroll
  • Photocopiers – Retrieve documents over the web
  • Scanners – Remote operation or access to hard drive of previously scanned documents
  • Telephone Systems – Eavesdropping
  • Webcams – Hijack and enable without the owner’s knowledge

Best practice begins with two essential steps– first, a comprehensive IT policy that integrates and safeguards all office equipment, including those often forgotten about embedded devices; and second, an employee education program that’s clear, concise and tailored to your company. GCInfotech can assist you with a security evaluation of your office equipment as well as help you devise an employee education plan that’s appropriate for today’s security landscape.

GCINFOTECH

One of the most frequent threats on the Web today.

Since we wrote an article on the imminent threat posed by rogue security software (scareware) and cyber criminals, we have received numerous inquiries requesting more information on how to protect computers and networks from these elusive intruders. We would like to share notable examples of fraudulent system alerts and expand on a few known malware manifestations in order to help you better identify security risks. 

Critical Security Measures

  • Keep Java & .NET up-to-date, as both are used in almost all platforms.
  • Schedule Windows Updates to install automatically, or periodically check your system to ensure there are no critical patches requiring action (Start Menu/ Control Panel/ Windows Update).
  • Maintain Anti-Virus & Malware protection.
  • Install a firewall and keep it turned on.
  • Use caution when you click links in email, on social networking websites, or on pop-ups.
  • Make sure you and your fellow co-workers are familiar with common phishing scams.

Fake Virus AlertCiti Phishing Scam

Windows Security Alert  This fake security alert is deceptively similar in appearance to a legitimate system alert, though pay close attention to its language. Are words misspelled? Are there errors with basic grammar? It’s important to examine these alerts for telltale signs of fraud.

Citi Email Phishing  Common phishing scams frequently appear to come from financial institutions and can be difficult to identify especially if you happen to have an account with that institution. Again, look for language inconsistencies and examine the link provided to determine where it actually goes. As a general rule, banks will never ask for personal information in an email, so the best defense is to use common sense.

Spyware Software WarningFake task bar security alert

Common fake task bar alerts  Learn what security software you have installed on your computer. This will help you determine the validity of pop-up alerts warning you of infections on your system. Remember, they’re designed to scare and lure you into a fraudulent scheme that ends with you inputting your credit card or other personal information.

If you have any questions or concerns regarding the safety of your computers and networks, or scareware in general,  do not hesitate to give GCInfotech a call today and one of our technical consultants will be happy to assist you.

GCINFOTECH

Beware of Scareware

Fake Anti-Virus and Rogue Security Software – One of the most frequent threats on the Web today.

Have you ever experienced a random pop-up on your computer warning you of an egregious security risk to your system? It may even appear disguised as one of the legitimate Windows security updates that you’re accustomed to seeing. That’s exactly the illusion that cyber criminals intend to create.

What is fake anti-virus?
Also known as scareware or rogue security software, fake anti-virus is a form of social engineering that lures users to malicious sites and scares them into purchasing fake threat removal tools. This brand of trickery garners big bucks for cyber criminals. Once your system is infected, common manifestations include incessant displays of false alert messages that won’t cease until payment is made or the malware is removed, fake Facebook application invitations, 9/11 scams, and ads for fake comprehensive anti-virus packages. In most cases, the malware pretends to find dangerous security threats on your system and offers a free scan while simultaneously compiling folders of junk on your hard drive that the scan can then detect. From the authentic looking pop-up warning to the professionally crafted website it directs you to, it’s an elaborate ruse to scare you into purchasing a fake anti-virus software.

What can it do to my computer?
Malware authors program certain behaviors to make your system errors seem real and believable, which increases the likelihood that you will purchase a fake anti-virus program. Some of those behaviors include:
  • Prevent anti-malware programs from running
  • Disable automatic system software updates
  • Block access to websites of anti-malware vendors
  • Download other types of malware, like banking trojans
  • Interfere with or corrupt normal system activity and critical processes
  • Disable the task manager and make use of the registry editor
  • Redirect web requests from legitimate websites to error pages or malicious websites
  • Deny access to certain programs
  • Disable parts of the system to prevent an uninstall

How can I protect myself?
Cyber criminals employ a huge variety of tactics to compromise your system– to name a few, SEO poisoning, imbedding code in legitimate websites and advertising feeds, and email spam campaigns (i.e. “you have received an e-card”, account suspension and password reset scams). According to a 2010 study by Google, 11,000 domains hosting fake anti-virus software were found, which accounts for 50% of all malware that’s delivered via internet advertising. These lucrative criminal networks grow daily and their contrivances will only continue with time.

Protection begins with a comprehensive and layered security solution. Whether you’re an individual user or a network of users, always adhere to internet use best practices. Keep your browsers and version of Windows up-to-date. Configure your pop-up blockers and familiarize yourself with what anti-virus solution you have installed so you’re able to recognize inconsistencies.

Information Technology Services

Clean up your IT strategy.  Spring is a perfect time to revisit your plans for those critical IT systems you use to keep your business data safe and secure. Review key procedures and plans like network failover testing, disaster recovery, business continuity, and data backup. Loss of data interrupts your business continuity and can be very costly. Studies show that 1MB of data is worth approximately $10,000 and the cost of having to rebuild 20MB of data could be more than $17,000 and could take up to three weeks to complete (For an integrated, online backup, storage and sharing application, tryIBackup). For those of you with an on-site backup solution, now is the perfect time to run those backups with a test recovery.

Clean up your data storage.  Consider adopting a plan utilizing Data Lifecycle Management (DLM) to remove the day-to-day and budgetary headaches:

  • DLM is the comprehensive approach that organizations use to deal with data throughout its lifecycle, from creation and initial storage to eventual archival or disposal.
  • Options vary depending on need, but some useful storage systems to consider include Storage Area Networks (SAN), Network Attached Storage (NAS) and Hierarchical Storage Management.


Clean out the bugs. 
To be sure  your computers, tablets and smartphones are protected, optimize your security this spring with new or updated Anti-virus, Spyware and Malware software. (For an easy-to-use, simple, and effective anti-malware application, try Malwarebytes)

Clean out your Email. Email mismanagement costs you money. Email is the 3rd largest culprit of workplace interruptions, which cost the U.S. economy $900 billion per year. Take charge and clean up that clutter!

Clean your keyboard. Get yourself an ozone-friendly compressed gas duster and give your keyboard the deluxe treatment it so desperately needs. (Warning: Keyboards are not dishwasher safe.) Your mouse and phone handset can be cleaned with a paper towel and some window cleaner!

 

security

Cyber thieves target SMBs….are you safe?

  • It’s estimated that small businesses have lost $250 million due to various forms of cyber attacks.
  • A 2010 survey by Symantec Corp. of small and medium-size companies showed that about 73% of businesses reported they had been targets of cyber attacks in the last year.
  • 63% of data breaches reported in 2010 were at companies with 100 or fewer employees.
  • 95% of credit card breaches that Visa has discovered have been hits on small businesses.
  • Less than 50% of small businesses are estimated to assess and test their security safeguards.

The facts don’t lie, friends. The myth that any business is too small to get hit, is just that – a myth. Cyber security is not just for big businesses anymore. Hackers can steal data from at least a dozen small businesses in the same time that it takes for them to hack into one large corporation. And experts believe that the situation will only get worse before it gets better.

As more businesses hook into high speed internet, hackers are able to expand their target base and take advantage of small businesses that have weak security safeguards. Cyber criminals are taking notice– companies that store data in electronic form, or rely on computerized systems and digital records as many companies are now doing, are putting themselves at great risk. Cyber thieves are no longer discriminating, making it ever more important to take precautions to protect your business from online intruders.

How are they getting into your system?  

Though a broadband connection offers blazing internet speed, it can also mean greater susceptibility to cyber attack. Broadband is a direct connection to the internet that is always on, so because broadband usually has a static IP address with open, unprotected ports, a browser or your email does not have to be up in order for a hacker to enter your system. Hackers can locate these unprotected ports through a port scan, after which there’s no telling what they can do. This is particularly critical for businesses that do credit card transactions, as hackers can get their hands on the private financial information of customers.
Another way they might enter your system is through attachments or links sent to employees that implant computer code onto your computer. Once in, they can use your systems and your bandwidth to launch attacks on other businesses. The banks do in fact have security measures in place to help you protect against these types of cyber intrusion, but unfortunately due to inadequate regulations many banks are skirting this legal responsibility and only providing a bare minimum of protection, leaving many businesses open to fraud. For a growing number of small businesses, this system vulnerability often leads to significant financial loss, as most lawsuit complaints never even go to trial or only reproduce pennies on the dollar to make up for stolen money.

What can you do about it?

  • Make yourself invisible to the bad guys by installing and regularly updating an electronic firewall.
  • Don’t rely solely on your anti-virus software. It’s helpful, but not fail-proof.
  • Audit the data on your network, especially financial information.
  • Implement and explain an acceptable use policy for web browsing.
  • Educate your users on the dangers of open surfing while connected to the company network.
  • Remember basic security measures such as changing default passwords and creating secure passwords! Your last name, birthday, or 1234567 are NOT going to keep cyber criminals out!

Bottom line, cyber thieves are constantly on the prowl for the weakest link. Data security is not just important, it’s absolutely essential to the sustainability of your business. Give GCInfotech a call today to discuss how we can help you take the necessary precautions to keep your business data safe and secure!