security

What It Is and How to Avoid It.

Browser hijacking is one of the Web’s ever present dangers. It’s a type of online fraud that’s generally used to force hits to certain sites of a hijacker’s choosing. Chances are high that most internet users will be subjected to this practice in some form. A hijacker uses malicious software to change your internet security and registry settings to gain control over what and how your browser displays web content. Combating it can be tricky because it’s not necessarily a virus or adware, so software monitoring programs will not always suffice.

Signs that your browser might be hijacked…

  • Home Page has changed unexpectedly
  • Internet settings have changed and you can’t seem to reset them manually
  • New or unrecognizable links in your Favorites
  • Inability to navigate to certain websites such as anti-spyware and other security software sites
  • A new toolbar appears in your browser
  • An endless barrage of pop-up ads
  • Rerouting of URLs to other dubious websites

Precautionary measures you can take…

  • Use common sense. If a pop-up ad asks your permission to install an executable file, don’t accept it unless you’re absolutely certain of what that program entails. Make sure you have all the latest security packs and patches from Microsoft.
  • Run your anti-virus program regularly and set it to auto-protection. Heighten your internet security settings and add the sites you regularly visit to the list of ‘Trusted Sites’ so they aren’t affected. Consider changing your browser; many of these malicious programs are specifically designed for Internet Explorer and won’t execute on other browsers such as Mozilla.
  • Prepare an ‘emergency kit’. Free utility programs like Hijackthis or CWShredder are effective at removing malicious code while other programs like Ad-aware and Spybot remove Trojans and can help you recover your system.

GCInfotech can help you take the appropriate preventative measures to protect yourself from the dangers of browser hijacking.

GCInfotech is your total business IT solutions resource for your Mobile Workforce

How Smart is your Smartphone?

The smartphone continues to revolutionize the business world as new and innovative phones flood the market and slick apps make it easier to do business around the clock, from anywhere. From a profitability and productivity standpoint, the business enhancing affects are unquestionable. But with this rapid progression in smartphone technology come new mobile security challenges that not only CIOs and IT staff need to think about, but also small business owners and managers. Smart phones can be open portals to sensitive personal information and your corporate network making it absolutely crucial to understand the mobile security risks and how to maintain the integrity of your data.

GCInfotech’s Cory Visi adds, “Like laptops, smartphones are an extension of your corporation’s network not only containing sensitive or confidential data, but through VPN capabilities it can allow direct connectivity to the heart of your company’s business. It is imperative for the network administrator to view smartphones the same as employee laptops, and to apply the same (if not greater) precautions and access levels restricting access to the corporate network.”

36% of business network attacks originate from end-user devices, and according to the 2010 Data Breach study
28% of attacks occur through the various social networks that employees enjoy on their smartphones

Monitoring these types of activities and deploying a mobile device use policy will go a long way in securing sensitive company data that travels between the company network and employee smartphones. With volume of apps available, and with the rate at which they enter the market, it’s understandable that not all apps are vetted before they’re available for download. This is a huge source of vulnerability and an increasingly inviting platform for malicious criminal activity that can have devastating effects on your business. Policy should define and restrict which smartphones may be used on a corporate network.  If the phone does not support features such as password protection, or remote-wipe (ability to remotely erase the phone if lost) for example, it should not be allowed to access company data.

If you already have one or plan to deploy a business smartphone to your workforce, give some thought to the following:

  • Education. Make your employees aware of how their smartphone interacts with your network.
  • Create and strictly enforce a use policy, and ensure that security apps are included in said policy.
  • Understand that not all smartphones operate on the same platform. Phone software packages have holes and no carrier is immune to malware and viruses. Learn about the various vulnerabilities and safeguards of the smartphone options you’re considering.
  • Require employees to sync their phones regularly, keeping sensitive data off of their phones.
  • Maintain a corporate firewall and regularly monitor all server activity.
  • Limit employee permissions to only what they need to get their job done.
  • Have authentication protocols in place for accessing corporate networks.
  • Keep malware definitions up to date and running on all security software.

GCInfotech will help you maintain the integrity of your corporate network and mission-critical data. If you have any questions or concerns regarding how to develop a strategy for mobile phone security in your company, give us a call.

security

Password security is an increasingly important matter among technology experts as they debate the issue over usability, security and privacy. Ideally the three fields would work more compatibly, providing us with easier systems to use while still maintaining that rock solid security we need. There may always be a degree of inconvenience to the end-user when it comes to creating new passwords and upholding the expectations we set for impenetrable security.

Perhaps a little inconvenience is worth it– as Cory Visi, Managing Partner at GCInfotech, points out, “Millions of computers all over the internet (some hacked, some not) are running programs that scan other computers and servers for weak and empty passwords 24 hours a day, 365 days a year. If your password is simple and short, your account is likely to be hacked.”

It’s a dangerous world out there, one where technology experts have to battle the savvy hacker looking to gain access to your personal or company data while still considering that the legitimate user, you, demands accessibility with nothing more than a few keystrokes. It’s striking that balance between security and usability that ultimately determines how reasonable password requirements really are, and our willingness to comply with them.

It begs a couple of key questions– the more security measures we introduce, the harder it is to use a system? The more security a system has, the less secure it actually becomes? Fundamentally, people understand the need for security and are typically willing to comply because it seems necessary, but it’s really about the effort required to comply that make security measures successful or not. If a system is unusable because of overbearing security protocol, people will invariably create the necessary workarounds in order to get their job done. However this occurs, whether it’s posting a sticky note on the monitor or using “password” as your password – it all boils down to the fact that you just may be sacrificing security for convenience.

Overly restrictive password requirements could in fact decrease security and even increase your costs. Decreased security due to the methods people employ to recall a password, and increased costs due to the resources you may have to redirect toward helping users when they get locked out of their systems recurrently. In essence, the good guys are kept out while the bad guys aren’t affected, because, after all, they have other ways for penetrating your system, including phishing scams and key logging for example.

It’s very important that you have someone, if not the entire IT staff, who understands the intricacies between the systems you run, any new developments that exist for enhancing security measures, the needs of your end-users, and the psychology of illegitimate users. These factors will indeed play a meaningful role in securing your systems. And, of course, engage a mandatory password change policy for your employees.

Cory Visi further explains the need for such a policy by saying, “Even the owners and partners should comply. Password security policies should balance the frequency of changes with the complexity of the password. Passwords that are changed more often don’t have to be as complex. However, high security passwords should always be complex.”

Experts may provide different parameters for password creation, but always remember that the best password is both highly secure and easily recalled by memory. Here are some helpful tips:

  • Use long, non-word combinations
  • Don’t use personal info or follow any discernible patterns
  • Use different character types (i.e. symbols, numbers, upper and lower case letters if permitted by the system)
  • Use a passphrase (i.e. “I Love to eat Carrots and Dip 4 Snack!” = ILteCaD4S!)
  • Use a password management tool
  • Use different passwords for different sites, especially for those you want to keep secure
  • Change your passwords frequently and don’t reuse them for at least a year

If you don’t have a comprehensive plan of action for ensuring the maximum security for your systems, it’s time to have that discussion with your IT consultant. If you need help understanding what options are available or need to know more about password and system security, one of our expert technicians at GCInfotech can help you.