Chinese Hackers Exploit IE Vulnerability in a Concerted Attack – Make Sure your Browser is Protected

Early January, Google released a report detailing attacks on its infrastructure which it claimed to have originated from China. In the wake of its announcement, another report came out detailing what is purported to be an “organized espionage operation” originating from China. Known as “Operation Aurora”, the attack attempted to siphon information from 33 companies in the US, including Google. The attackers are believed to have exploited a vulnerability in Internet Explorer (IE). The vulnerability affect IE 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and IE 6, IE 7, and IE 8 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. In the wake of the attacks Microsoft released a patch to address the vulnerability. If you are unsure if this patch has been applied to your systems, contact us for help. Related links: More Security Flaws Found in Internet Explorer (Mashable)

RealPlayer Users Beware

RealNetworks , developers of RealPlayer, a popular real-time streaming media player, recently released an advisory about vulnerabilities that when exploited could trigger remote code execution attacks. The firm reports at least 11 critical vulnerabilities that expose Windows, Mac, and Linux users to malicious hacker attacks. RealPlayer is a favorite target for malware and fraudware writers, and users are advised to download the latest software update. If you don’t use RealPlayer, you’re best advised to uninstall it immediately. Need help in making sure your applications are safe to use? Contact us today. Related links: Bogus IQ test with destructive payload in the wild (zdnet) Tor project suffers hack attack (zdnet) RealPlayer Exploit Infecting Windows Machines (eweek)

Cloud Computing 101

With more and more people and organizations accessing the Internet, and as the potential uses of the web grows, the way business is done is naturally evolving as well. One example of this is the emergence of cloud computing services. In essence, this is the outsourcing of an organization’s IT services to a different company. Everything is managed through the Internet – through “the cloud”, hence the term. There are three things that make cloud computing services different from usual hosting services: The company only pays for the resources they use. Subscribers can adjust the amount of service they get based on their need. The service is completely managed by the service provider. Cloud computing services also include providing virtual data storage – meaning you store your data off site on the cloud service provider’s secure servers. You can, however, still access your data through the Internet. There are both private and public cloud services. A public cloud service is available to everyone on the Internet, while private services are only available to specific clientèle. Some cloud services use public clouds to provide private service, making them a virtual private cloud computing service. The increasing use of the web in our personal and social lives as well as in business gives the trend of cloud computing services vast potential. However, this service is not for everyone – for instance, if you have reservations about keeping sensitive information in a location outside your organization, you might want to pass. Want to learn the pros and cons of cloud computing services for your business model? Give us a call – we’d be happy to discuss a possible cloud computing road map with you.

Five Reasons to Consider Managed Services

Managed IT services are the technology solution of choice for large businesses, but many small and medium businesses remain resistant to considering this approach. Below are five reasons you may want to change your mind. Reason #1:  You need to control costs. In today’s economic environment, IT budgets have been slashed – but a cut in IT spending doesn’t come with a cut in demand for IT services. As a result, you have to do the same amount of work with fewer resources. Although managed services might cost more in the short-term, they cost far less in the long term once you account for the domino effect of lost productivity and customer dissatisfaction. Reason #2:  IT complexity is increasing. The breadth of information technology a company requires places small- to mid-sized businesses at a distinct disadvantage. Equipment is constantly upgraded in the market, and new IT-related specialties are emerging in a variety of areas, from telephony to networking. It’s difficult for small businesses to maintain the expertise necessary to properly manage these new technologies. Reason #3:  You’re more dependent than ever on IT. At the same time, companies have become dramatically more dependent on IT in the past few years—and increased use of IT leads to increased outages and greater loss of productivity. Reason #4:  Your existing solutions are inefficient. In today’s world, a one- or-two person in-house IT department or consultancy simply cannot handle the occasional IT breakdowns that are bound to occur. In many cases, employees have to wait in line to receive help. As a result, not only are your employees less productive, their morale is also decreased—and unhappy employees are less productive employees. Reason #5:  You need to maintain compliance. More and more companies are finding themselves subject to regulatory compliance, from Sarbanes-Oxley to the Health Insurance Portability and Accountability Act (HIPAA)—and most small businesses don’t have the resources to fully understand the requirements of these regulations, let alone comply with them. Of course, the best reason to consider managed IT services may be that IT isn’t your specialty. If managing IT infrastructure has absolutely nothing to do with your core competency, why wouldn’t you outsource it to an expert? By implementing managed services, you can utilize your internal IT resources for other purposes, such as supporting your strategic business objectives.

Backup, Disaster Recovery and Business Continuity: 3 plans you can’t afford NOT to have

Small and medium-sized companies sometimes think that disaster planning is only for larger corporations, but recent changes in technology make such planning affordable for almost all business sizes. In fact, small businesses today can’t afford to be without such planning. As a small business owner, you should have three goals when it comes to disaster planning: ensuring that you never lose critical data, minimizing downtime, and recovering as quickly as possible in the event of a disaster. Those actions fall into three different categories: backups, disaster recovery, and business continuity. What’s the difference? Backing up is the process of safeguarding your data by copying it to a safe medium for recovery in the event of loss. Disaster recovery is the process of restoring operations that are critical to your business after a disaster occurs. Business continuity is the creation of a plan that details how your organization will recover and restore interrupted functions after a disaster. Business continuity is the most comprehensive of these three functions, because it involves much more than just a discussion of IT issues – it’s a detailed action plan. Certainly, you need to consider how you protect your IT infrastructure and data, but you also need to consider what you and your employees should do if a disaster occurs. Do your employees know where to meet in the event of a building evacuation? Do you have a plan for reaching out to all employees and their emergency contacts to communicate critical information? Do you have a way to communicate to customers when and how you’ll resume providing products or services? What will you do if one of your major suppliers experiences a disaster? It’s hard to underestimate the importance of these three plans, but many small and medium businesses do. That’s because when most people think of disaster, they think of floods, earthquakes, and fires. They may even consider equipment failures. But there are human-induced disasters as well—for example, disgruntled or incompetent employees who delete critical information, or hackers. It could easily happen to you. Perhaps you have a backup system in place. Maybe you even have backup, disaster recovery, and business continuity plans. But because business goals and environments change, any plan needs to be re-evaluated from time to time to make sure it’s still meeting all of your needs. We can help you evaluate your current plans, or sort through the options if you don’t yet have plans. Contact us for today for details.

Despite bad weather, the show must go on

The prevailing bad weather in the United States and Europe has caused varying degrees of production delays in all sorts of industries and business. In circumstances like these, communication is especially important – when all members of the organization need to stay connected to keep operations coordinated and moving forward. Bad weather or not, there has been an increased demand to maintain constant communication and continue productivity outside the office. With remote and mobile accessibility between all links in a company, efficiency can be maintained through working from remote locations. Your company’s employees – from the worker-bees out in field to supervisors, managers, and CXOs – no longer need to be limited by dependence on in-office resources. Our services provide solutions that allow people to maintain communication regardless of the weather and other productivity-stalling circumstances. We realize the importance of being able to keep in touch, especially in critical situations such as the current weather conditions. Please contact us to learn more about our communications solutions.

Assessing and Documenting Your IT Needs

You expect your computer to work when you turn it on. The last thing you want is to waste valuable time trying to get your email running or wrestling with a web browser that won’t load. These are frustrations you surely have experienced, and chances are you will again. But you don’t have to. Or, at the very least, you can make them as rare as your refrigerator breaking down or your car battery dying. To get there, you need to understand how well your IT environment is running. No, we’re not suggesting that you look under the hood to figure out what does what and how. Leave that to the IT people. What we’re proposing is a comprehensive endeavor to document all your IT processes and inventory your IT assets. Identify your best practices – those processes and functions that experience has proven to run efficiently and produce the most desirable results – and document them as part of your overall business practices. During the process of documenting your IT processes and functions, you’re bound to discover your IT environment isn’t as efficient as it should be – hence, your computer-borne frustrations. You’ll also identify needs that you weren’t aware of. Left unaddressed, these needs cut into productivity (and therefore profits), and can sometimes lead to costly IT network emergencies that would have been a lot less expensive with the right technology and proper maintenance in place. Let us help assess your needs through this documentation process, and identify solutions that will bring you peace of mind. Some common solutions include outsourcing some of your network functions such as security, backup and recovery, or email, so that they are maintained and updated to keep them running smoothly and prevent costly downtime. You expect your computer to work when you turn it on – and that is what we want to make sure happens.

New Study Reveals Extent of Losses Due to Phishing Attacks

Trusteer , a security solutions vendor, recently released the results of their study which shows how successful phishing attacks are, how many users respond to phishing attacks, and how many users submit their login information to criminal websites. The results are alarming. Among them: Each phishing attack involves a very small percentage of customers (0.000564%), but due to the large number of phishing attacks, the aggregated number is significant 45% of bank customers redirected to a phishing site divulge their personal credentials 0.47% of bank customers fall victim to phishing attacks each year, translating to $2.4M-$9.4M in annual fraud losses per one million clients Each financial institution was targeted, on average, by 16 phishing websites per week, translating to 832 phishing attacks per year per bank brand Despite efforts by browser developers and security vendors to protect users from phishing attacks, a small number apparently are still able to bypass anti-spam/phishing protection – and when they do, the results can be damaging. Let us help you protect yourself from phishing attacks. To find out more contact us today. Related articles: Garlik’s UK Cybercrime Report 2009 Released ( Chat In the Middle Online Banking Threat ( PC Users Targeted As Online Fraud Soars ( Less than 0.5% of online banking clients fall for phishing scams each year, report says (