GCInfotech is your total business IT solutions resource for your Mobile Workforce

How important is smart device security?

Convenience is at the forefront of our lives. For businesses, this means a rapidly evolving security landscape that’s leaving many companies, and their IT departments, overwhelmed and scrambling. Smartphones and tablets and other embedded devices like printers and scanners utilize ingenious technology and provide significant benefit to how we do business, but they call into question the very serious issue of usability versus security.

Recent polls of management level employees suggest that upwards of 50% of them don’t know how their organizations identify compromised devices on their network. Additionally, polls of IT professionals show that data security threats at the office frequently go unmanaged due to insufficient resources or in some cases a lack of awareness that a situation even exists. Device manufacturers tend to focus on usability and place little emphasis on built-in software protections, contributing to data and network vulnerabilities. The challenge for device engineers is compressing large and slow software into a tiny space, which makes creating operating systems and software to run on these devices extremely difficult. Decisions invariably must be made regarding what features to include– if richness of features is forsaken for security measures, then how useful is the device in the first place?

Many of us may not even realize which office devices can pose a significant security threat. Here’s a list of culprits and the backend attacks they are susceptible to:

  • Printers – Remote reconfiguration or access to previously printed documents
  • Timeclocks – Access to employee information and payroll
  • Photocopiers – Retrieve documents over the web
  • Scanners – Remote operation or access to hard drive of previously scanned documents
  • Telephone Systems – Eavesdropping
  • Webcams – Hijack and enable without the owner’s knowledge

Best practice begins with two essential steps– first, a comprehensive IT policy that integrates and safeguards all office equipment, including those often forgotten about embedded devices; and second, an employee education program that’s clear, concise and tailored to your company. GCInfotech can assist you with a security evaluation of your office equipment as well as help you devise an employee education plan that’s appropriate for today’s security landscape.

GCINFOTECH

One of the most frequent threats on the Web today.

Since we wrote an article on the imminent threat posed by rogue security software (scareware) and cyber criminals, we have received numerous inquiries requesting more information on how to protect computers and networks from these elusive intruders. We would like to share notable examples of fraudulent system alerts and expand on a few known malware manifestations in order to help you better identify security risks. 

Critical Security Measures

  • Keep Java & .NET up-to-date, as both are used in almost all platforms.
  • Schedule Windows Updates to install automatically, or periodically check your system to ensure there are no critical patches requiring action (Start Menu/ Control Panel/ Windows Update).
  • Maintain Anti-Virus & Malware protection.
  • Install a firewall and keep it turned on.
  • Use caution when you click links in email, on social networking websites, or on pop-ups.
  • Make sure you and your fellow co-workers are familiar with common phishing scams.

Fake Virus AlertCiti Phishing Scam

Windows Security Alert  This fake security alert is deceptively similar in appearance to a legitimate system alert, though pay close attention to its language. Are words misspelled? Are there errors with basic grammar? It’s important to examine these alerts for telltale signs of fraud.

Citi Email Phishing  Common phishing scams frequently appear to come from financial institutions and can be difficult to identify especially if you happen to have an account with that institution. Again, look for language inconsistencies and examine the link provided to determine where it actually goes. As a general rule, banks will never ask for personal information in an email, so the best defense is to use common sense.

Spyware Software WarningFake task bar security alert

Common fake task bar alerts  Learn what security software you have installed on your computer. This will help you determine the validity of pop-up alerts warning you of infections on your system. Remember, they’re designed to scare and lure you into a fraudulent scheme that ends with you inputting your credit card or other personal information.

If you have any questions or concerns regarding the safety of your computers and networks, or scareware in general,  do not hesitate to give GCInfotech a call today and one of our technical consultants will be happy to assist you.

GCINFOTECH

Beware of Scareware

Fake Anti-Virus and Rogue Security Software – One of the most frequent threats on the Web today.

Have you ever experienced a random pop-up on your computer warning you of an egregious security risk to your system? It may even appear disguised as one of the legitimate Windows security updates that you’re accustomed to seeing. That’s exactly the illusion that cyber criminals intend to create.

What is fake anti-virus?
Also known as scareware or rogue security software, fake anti-virus is a form of social engineering that lures users to malicious sites and scares them into purchasing fake threat removal tools. This brand of trickery garners big bucks for cyber criminals. Once your system is infected, common manifestations include incessant displays of false alert messages that won’t cease until payment is made or the malware is removed, fake Facebook application invitations, 9/11 scams, and ads for fake comprehensive anti-virus packages. In most cases, the malware pretends to find dangerous security threats on your system and offers a free scan while simultaneously compiling folders of junk on your hard drive that the scan can then detect. From the authentic looking pop-up warning to the professionally crafted website it directs you to, it’s an elaborate ruse to scare you into purchasing a fake anti-virus software.

What can it do to my computer?
Malware authors program certain behaviors to make your system errors seem real and believable, which increases the likelihood that you will purchase a fake anti-virus program. Some of those behaviors include:
  • Prevent anti-malware programs from running
  • Disable automatic system software updates
  • Block access to websites of anti-malware vendors
  • Download other types of malware, like banking trojans
  • Interfere with or corrupt normal system activity and critical processes
  • Disable the task manager and make use of the registry editor
  • Redirect web requests from legitimate websites to error pages or malicious websites
  • Deny access to certain programs
  • Disable parts of the system to prevent an uninstall

How can I protect myself?
Cyber criminals employ a huge variety of tactics to compromise your system– to name a few, SEO poisoning, imbedding code in legitimate websites and advertising feeds, and email spam campaigns (i.e. “you have received an e-card”, account suspension and password reset scams). According to a 2010 study by Google, 11,000 domains hosting fake anti-virus software were found, which accounts for 50% of all malware that’s delivered via internet advertising. These lucrative criminal networks grow daily and their contrivances will only continue with time.

Protection begins with a comprehensive and layered security solution. Whether you’re an individual user or a network of users, always adhere to internet use best practices. Keep your browsers and version of Windows up-to-date. Configure your pop-up blockers and familiarize yourself with what anti-virus solution you have installed so you’re able to recognize inconsistencies.

security

Cyber thieves target SMBs….are you safe?

  • It’s estimated that small businesses have lost $250 million due to various forms of cyber attacks.
  • A 2010 survey by Symantec Corp. of small and medium-size companies showed that about 73% of businesses reported they had been targets of cyber attacks in the last year.
  • 63% of data breaches reported in 2010 were at companies with 100 or fewer employees.
  • 95% of credit card breaches that Visa has discovered have been hits on small businesses.
  • Less than 50% of small businesses are estimated to assess and test their security safeguards.

The facts don’t lie, friends. The myth that any business is too small to get hit, is just that – a myth. Cyber security is not just for big businesses anymore. Hackers can steal data from at least a dozen small businesses in the same time that it takes for them to hack into one large corporation. And experts believe that the situation will only get worse before it gets better.

As more businesses hook into high speed internet, hackers are able to expand their target base and take advantage of small businesses that have weak security safeguards. Cyber criminals are taking notice– companies that store data in electronic form, or rely on computerized systems and digital records as many companies are now doing, are putting themselves at great risk. Cyber thieves are no longer discriminating, making it ever more important to take precautions to protect your business from online intruders.

How are they getting into your system?  

Though a broadband connection offers blazing internet speed, it can also mean greater susceptibility to cyber attack. Broadband is a direct connection to the internet that is always on, so because broadband usually has a static IP address with open, unprotected ports, a browser or your email does not have to be up in order for a hacker to enter your system. Hackers can locate these unprotected ports through a port scan, after which there’s no telling what they can do. This is particularly critical for businesses that do credit card transactions, as hackers can get their hands on the private financial information of customers.
Another way they might enter your system is through attachments or links sent to employees that implant computer code onto your computer. Once in, they can use your systems and your bandwidth to launch attacks on other businesses. The banks do in fact have security measures in place to help you protect against these types of cyber intrusion, but unfortunately due to inadequate regulations many banks are skirting this legal responsibility and only providing a bare minimum of protection, leaving many businesses open to fraud. For a growing number of small businesses, this system vulnerability often leads to significant financial loss, as most lawsuit complaints never even go to trial or only reproduce pennies on the dollar to make up for stolen money.

What can you do about it?

  • Make yourself invisible to the bad guys by installing and regularly updating an electronic firewall.
  • Don’t rely solely on your anti-virus software. It’s helpful, but not fail-proof.
  • Audit the data on your network, especially financial information.
  • Implement and explain an acceptable use policy for web browsing.
  • Educate your users on the dangers of open surfing while connected to the company network.
  • Remember basic security measures such as changing default passwords and creating secure passwords! Your last name, birthday, or 1234567 are NOT going to keep cyber criminals out!

Bottom line, cyber thieves are constantly on the prowl for the weakest link. Data security is not just important, it’s absolutely essential to the sustainability of your business. Give GCInfotech a call today to discuss how we can help you take the necessary precautions to keep your business data safe and secure!

GCInfotech is your total business IT solutions resource for your Mobile Workforce

Every year in the US alone over 100 million cell phones are retired, disposed and/or replaced. It’s estimated that Americans swap cell phones every 18 months on average, tossing their old cell phones into a drawer or worse yet, into the waste stream. Aside from the imminent risk of identity theft or private information going public, cell phones contain many hazardous materials that if improperly disposed can be harmful to the environment.

Consider two environmentally responsible and humanitarian alternatives for cell phone disposal: recycle or donate. The EPA claims that for every million cell phones recycled, we can recover 35 thousand pounds of copper, 772 pounds of silver, 75 pounds of gold, and 33 pounds of palladium. If not recycle, then donate to one of the numerous organizations that exist for refurbishment and redistribution that offer a potential second life before disposal (see below for a list of donation programs). For years, GCInfotech accepted old phones and made donations on behalf of its clients to organizations such as Cell Phones for Soldiers.

It’s extremely important to take proper precautions to wipe your phone of data and restore it to its factory settings before recycling or donating. Manually deleting text messages, call records and contact lists isn’t nearly enough to combat unauthorized use or protect your personal information once the phone is gone. Wiping it clean of all data may be harder than you think.

Here are details for how to do it:

  1. Remove SIM card
  2. Remove memory card
  3. Perform a master reset, often referred to in the phone’s settings as “Factory data reset” or “Wipe Handheld” (Check the phone’s manual or the internet for specific instructions regarding your phone’s make and model. The reset process is not the same for all phones.)
  4. Check with your carrier to make sure your account has been terminated. If not, others may still be able to use the device, and on your dollar. If you’re maintaining the same account, activating a new device and deactivating the old one, check your bill carefully to determine that the old device is not somehow still using that account.

Contact GCInfotech today if you have any questions about what to do with your old cell phones, or if you have any other technology concerns that we may help you with.

Cell Phone Donation Programs:

American Cellular Donation Organization Cell Phones for Soldiers
Charitable Recycling Program CollectiveGood
Donate a Phone Call to Protect Good Deed Foundation
Recellular Inc. Recycle for Breast Cancer
RMS Communications Group, Inc. Wireless Foundation
Earth911 Sprint Project Connect
Verizon Wireless HopeLine AT&T Wireless
GCInfotech is your total business IT solutions resource for your Mobile Workforce

How Smart is your Smartphone?

The smartphone continues to revolutionize the business world as new and innovative phones flood the market and slick apps make it easier to do business around the clock, from anywhere. From a profitability and productivity standpoint, the business enhancing affects are unquestionable. But with this rapid progression in smartphone technology come new mobile security challenges that not only CIOs and IT staff need to think about, but also small business owners and managers. Smart phones can be open portals to sensitive personal information and your corporate network making it absolutely crucial to understand the mobile security risks and how to maintain the integrity of your data.

GCInfotech’s Cory Visi adds, “Like laptops, smartphones are an extension of your corporation’s network not only containing sensitive or confidential data, but through VPN capabilities it can allow direct connectivity to the heart of your company’s business. It is imperative for the network administrator to view smartphones the same as employee laptops, and to apply the same (if not greater) precautions and access levels restricting access to the corporate network.”

36% of business network attacks originate from end-user devices, and according to the 2010 Data Breach study
28% of attacks occur through the various social networks that employees enjoy on their smartphones

Monitoring these types of activities and deploying a mobile device use policy will go a long way in securing sensitive company data that travels between the company network and employee smartphones. With volume of apps available, and with the rate at which they enter the market, it’s understandable that not all apps are vetted before they’re available for download. This is a huge source of vulnerability and an increasingly inviting platform for malicious criminal activity that can have devastating effects on your business. Policy should define and restrict which smartphones may be used on a corporate network.  If the phone does not support features such as password protection, or remote-wipe (ability to remotely erase the phone if lost) for example, it should not be allowed to access company data.

If you already have one or plan to deploy a business smartphone to your workforce, give some thought to the following:

  • Education. Make your employees aware of how their smartphone interacts with your network.
  • Create and strictly enforce a use policy, and ensure that security apps are included in said policy.
  • Understand that not all smartphones operate on the same platform. Phone software packages have holes and no carrier is immune to malware and viruses. Learn about the various vulnerabilities and safeguards of the smartphone options you’re considering.
  • Require employees to sync their phones regularly, keeping sensitive data off of their phones.
  • Maintain a corporate firewall and regularly monitor all server activity.
  • Limit employee permissions to only what they need to get their job done.
  • Have authentication protocols in place for accessing corporate networks.
  • Keep malware definitions up to date and running on all security software.

GCInfotech will help you maintain the integrity of your corporate network and mission-critical data. If you have any questions or concerns regarding how to develop a strategy for mobile phone security in your company, give us a call.