Blog

November 12th, 2013

2013Nov12_Security_BThe security of your business networks and computers is likely something you have worried about before. Chances are high that you have installed anti-virus scanners and maybe even other security measures, with the goal of eliminating malware infections. While this is a recommended first-line of defense, chances are that malware may still be getting into your systems - the question is how?

There are several ways in which malware can be introduced to your systems, even those protected by anti-virus scanners or other security measures. Here are three you might need to know about::

1. Attacking remote users

Traditionally, business was  carried out in a physical office. This means that companies only had to protect internal networks and systems. However, businesses are increasingly going mobile and relying on off-site workers. Problems can arise though when steps are not taken to ensure the security of these endpoints - laptops, tablets, mobile devices, etc.

Attackers know this, and have started to attack remote workers who may not be as secure as the company's internal systems. This becomes an even bigger issue when the infected device is brought back to the office and connected to the network - thus likely introducing the malware into your systems. It's necessary to ensure that all remote employees and devices are secure in order to protect your core systems and that they are also following the same security protocols used on-site and in-house..

2. USB infections

The majority of malware is introduced to systems via the Internet and websites. This is the reason why almost all virus-scanners focus on web-based intrusions. To a large extent, these scanners do what they are supposed to and keep companies secure. Hackers are always looking for new ways to attack systems though, and one avenue is through USB drives.

Some of the more popular USB-based malware takes advantage of Auto-Run - when an external hard drive, or USB flash drive is plugged in, this feature automatically opens the drive. The malware on the drive is configured to install itself when the drive boots up and is accessed, thus infecting systems.

To limit the chances of being infected by malware you should either provide drives for your employees to use, or approve drives that come in from outside sources. If you use USB drives to transfer files or share files between computers, try looking into other options like cloud storage drives. Finally, disabling Auto-Run and scanning drives with a virus-scanner, (many programs can actually do this), could go a long way toward deterring infections.

3. Anti-virus misses malware

While many companies have anti-virus scanners and software to deter malware infections, in order for these programs to work they often require daily or weekly updates. These updates contain information about new forms of malware discovered, along with detection and handling rules.

However, many companies may not be allowing the virus scanners to update. Because of this, systems are at an increased risk of being infected by newer malware. Therefore, ensure that your anti-virus scanners are not only up-to-date but are set to scan on regular intervals.

Beyond this, it is important to know that while anti-virus scanners will go a long way in preventing infections, they are often a step behind the newest malware. Taking steps to prevent malware, such as limiting downloads, educating employees and establishing a security policy can also help.

Finally, if you are worried about the security of your systems, working with an IT partner can prove to be one of the most successful ways of minimizing security threats that could harm your organization. IT partners can implement a plan to lower infection rates and employ experts who are able to work with you to restore your systems quickly should they become affected.

If you are looking to make your business more secure, get in touch with us today.


Published with permission from TechAdvisory.org. Source.

Topic Security
November 6th, 2013

Security_Nov05_BOver the past three weeks a new and potentially harmful piece of malware has come to light. The CryptoLocker virus can lock files and will hold them for ransom. If you don't pay, your files will be deleted. It's highly likely that this is the most destructive piece of malware of the year, and has many understandably worried. One way to limit the chances of being infected by viruses like this is to educate yourself and your employees on how to minimize malware infections.

Here are five tips you can share with your employees about how to keep systems free from malware.

1. Don't turn off or stop your anti-virus scanner There is little doubt as to the usefulness of your anti-virus scanners. These are installed specifically by companies and IT departments the world over in an effort to keep systems free from viruses and malware. Because there are always new pieces of malware being developed and released, the companies that run the antivirus scanners often keep an up-to-date as possible database that is consulted when the scanner is running.

It is these databases that companies push to you in weekly, or daily updates. Therefore, it's a good idea to not only keep your virus-scanner on, but also up-to-date, as the chances of it picking up newer and more serious malware are higher.

If your scanner attempts to run during business hours, some systems may slow down. Why not change the time this scan runs to when you aren't at your desk, say after 5:00 pm, or early in the morning. Working with an IT partner to schedule this could really help.

An important factor to remember is: If you don't run your anti-virus scanner, or turn off your scanner, the chances of your computers being infected increases exponentially.

2. Watch what you download One of the more common ways malicious software makes it onto computers is through downloaded files. That Facebook toolbar that a website is advertising as a must-have, or the file that must be downloaded in order to watch a movie online may actually be teeming with viruses.

Therefore, you should only download files from websites that you know are secure and offer legitimate files. And, before you download anything ask yourself, "Do I really need this, and will I really use it?" If you are unsure, check with a colleague, or reach out to your IT partner.

3. Study email attachments closely Another common way malicious software and viruses spread is through email attachments. Sometimes an email account has been compromised and a hacker is sending emails to users with the virus attached, or the host system has been infected and the virus is essentially sending itself. Regardless of how the email is being sent, you should be wary of all email attachments.

Before you open ANY attachment, verify that it is actually referenced in the email, it is the file referenced, and the name is logical. If you see an email that states a document or file is attached, take a look at the name of the attached file. If it ends in .exe or .dmg, this is a program and likely a virus, and should not be opened. You should also look at who is sending the email too. If you don't know the person it is recommended that you do not open the attachment. If you are unsure, try contacting the sender in another email.

4. Avoid using shared disks when possible While external hard drives and thumb drives may be incredibly useful, viruses can actually be spread by them. For example, if an infected file is on a USB drive and is plugged into a system, this can actually infect the system when the file is opened.

If you do use these drives, many virus scanners can check them. So, when you plug in a drive, before you open any files or the drive itself, right click on it and you should see an option to scan the drive with your virus scanner. If not, you can likely do this from the virus scanner itself. This could take time, but it will help keep your systems secure.

5. Ask yourself whether you really need to have an administrator account for Windows On many systems, when you set up a new user, you can set an account to be the administrator of that system. Administrators automatically have the ability to install programs, change settings and even create new accounts. If you don't need to change your computer's settings, or install programs then you likely don't need to have an administrator account.

This could be a great way to minimize virus infections simply because these viruses need to first be installed. If you can't install programs or even download them, then your chances of being infected are lower.

Looking to learn more about how you can protect your computers? Contact us today as we may have the perfect solution that will not only keep your systems secure, but also free from any malicious software.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 28th, 2013

Security_Oct30_BOne of the biggest threats to the security of any business network is malware. There are many different forms of malware out there that can infect systems in a nearly unlimited number of ways. In the past few weeks there have been numerous stories about CryptoLocker - a new form of ransomware that is proving to be a problem for many companies.

Knowledge is power so finding out more about CryptoLocker is recommended, as well as how you can take steps to protect your systems.

What is CryptoLocker? Ransomware is a virus that locks important files or systems and requests that users pay a ransom to unlock them. This is not a new form of malware, but there has been a recent resurgence and CryptoLocker is leading the way.

This particularly nasty piece of malware infects user systems and locks files, threatening to delete them unless the hacker is paid. It is being spread four different ways:

  1. As an email sent to company addresses pretending to be from customer support from FedEx, UPS, DHL, etc. The virus is attached to the email, usually labeled as a tracking number.
  2. In PDF documents that are attached to emails.
  3. Via hacked websites that can exploit computer vulnerabilities to install the infection.
  4. Through trojans that pretend to be programs you need to download in order to watch videos online.
CryptoLocker installs itself to the Documents and Settings folder on your system and then proceeds to search for specific file types like Microsoft Word Docs or Adobe PDFs. It applies an asymmetric encryption which requires both a public and private key to unlock. The public key is stored in the virus itself and is used to encrypt the files. The private key is hosted on the hacker's server.

What happens if I get infected? If your system is infected your files will be encrypted and a pop-up message displayed informing you that your personal files have been encrypted and that in order to get the key to unlock them (the private key) you need to pay up to USD$300, or a similar amount in another currency. This amount seems to change and has increased, with older versions asking for USD$100.

You will also see a timer counting down from 100 hours. If this reaches zero, your encrypted data will be deleted with a very slim chance of the files being recoverable. The preferred method of payment is in BitCoins - a digital currency. The pop-up window has instructions on how to submit the payment - usually through an online payment method like Green Dot - MoneyPak.

The good news is, once you submit the payment, you will receive a key you can enter to unlock your files. The hackers have said that they won't re-infect systems, and network security companies have confirmed that so far, this has been the case.

While many up-to-date virus and security scanners will pick up CryptoLocker, most won't be able to recover or decrypt files even if the malware itself is deleted. If you see the pop-up window, it's probably too late.

How do I prevent CryptoLocker from infecting my systems? This is a serious piece of malware that should not be taken lightly. If you are worried about your systems being infected, here are five things you can do to prevent that from happening:

  1. Be proactive - It is a good idea to educate yourself and your staff about this piece of malware and even implement and reinforce a no installing your own software rule. Also, having a backup and disaster recovery plan in place and functioning will go a long way in limiting the damage this program can do.
  2. Check your emails closely - Closely look at every email that comes into your inbox. Pay attention to who sent it, the body text and even the subject line. If you see a slight spelling mistake in the name or even in the address e.g., customersupport@fedx.com, you should be careful or maybe just immediately delete the email.
  3. Beware of attachments - Always look at your attachments. If you get an email with an attachment from any sender you don't personally know don't open it. If you get an attachment from people you do know, but it isn't something they would normally send, don't open it. For all other attachments, try confirming that the file attached is in fact legitimate by asking the sender.
  4. Backup your data - Be sure to always backup your data on a regular basis. If you backup files on a daily or even weekly basis and are infected, you can easily wipe your hard drives and start again without losing much in the way of data.
  5. Know what to do if infected - If you are infected the first thing you should do is disconnect from the network to limit the chance of the virus spreading to other systems. If you have backed up your system and data, you can probably revert your system. If not, your best plan of attack would be to contact us to see if we can help, as we may be able to get around the encryption or even delete it.
Looking to learn more about CryptoLocker and how you can keep your systems safe from it? Contact us today.
Published with permission from TechAdvisory.org. Source.

Topic Security
October 18th, 2013

Security_Oct16_BSecurity of a company's systems should be important to all company owners and to raise awareness, October was named as National Cyber Security month in the US. Regardless of your location, it is a good idea to look into the security of the systems in your company. One important system that many gloss over centers around mobile devices. Believe it or not, these are increasingly being targeted and it is worthwhile ensuring they are secure.

Here are five questions to ask if you want to properly protect your devices.

1. What do I know about Wi-Fi hotspots? With a tablet or phone it can be easy and tempting to check in with the office, write a few emails or even do your finances on the go. This usually means connecting to the Internet, and because so many mobile plans limit the amount of data you can use, you will likely use Wi-Fi.

The thing is, many of these Wi-Fi hotspots found in airports, coffee shops and even in public transport zones are open. This means that anyone with the tools and knowledge could gain access to devices connected to this network. Simply put: Connecting to a public Wi-Fi network or hotspot could put your data and device at risk.

You should take steps to limit that amount of important business oriented tasks you do while connected to these networks. At the very least, you should not allow your device to connect automatically to open or unsecured Wi-Fi networks. By physically signing into networks or choosing what networks you connect to, you can somewhat control or limit security issues that stem from Wi-Fi connections.

2. Do I want a stranger to see what's on my phone? There seems to be this view that whatever you are looking at on your phone or tablet can't be physically seen by other people. While your device is relatively small, many are large enough to allow strangers to see what you are looking at and even typing.

If you are sending or reading confidential info on your phone or tablet be sure to check that people aren't looking over your shoulder or watching you type PINs or passwords. In fact, it would be best to read or type this type of information in private, where other people aren't likely to be looking over your shoulder and privy to private data.

3. Is my phone secure? Security is a big issue for many businesses. You want to ensure that your information, files and systems are secure from intrusions and threats, and likely implement measures to keep them so. However, few users pause to think about their mobile devices.

Take for example Android's marketplace Google Play. While the vast majority of apps are legitimate, some are fake and contain malware that could harm your device. Beyond that, hackers are increasingly targeting mobile devices by placing fake apps online or even malware on sites that will automatically be downloaded if users visit the page or click on a link. To combat this you can download a virus or malware scanner for your device and run it on a regular basis. When downloading apps be sure to verify the publisher and source of the app.

Securing your device with a password or pin makes it harder for third parties to gain access should they pick up a lost device or try to get in when you aren't looking.

4. What info is stored on my phone? Stop for a minute and think about the information you have stored on your device. Many users keep records of their passwords, important documents and even private information. The thing is, many devices are easy to hack, and also lose. If you lose your device, your valuable information could also be lost and potentially stolen.

You should take a look through your information and ensure that nothing incredibly important is stored on your device and if there is, back it up or remove it.

5. Is it necessary for apps to know my location? Geo-location has become a popular feature of many apps. The truth is, many of these apps probably don't need this information, instead requesting it to provide a slightly better service or more personalized experience.

However, this information about you and your phone could be stolen so you might want to think about limiting how much a third party can see about you. Both Android and Apple's iOS have apps that allow you to select what programs are allowed to gather and send your location-based information to developers, with iOS actually allowing you to shut down location-based services from the Settings menu.

If you would like to learn more about mobile security, contact us today as we may have a solution that will work with your business.

Published with permission from TechAdvisory.org. Source.

Topic Security
October 17th, 2013

News of the latest threat to your data files is spreading almost as rapidly as the threat itself – ransomware.

Named “Cryptolocker”, this ransomware relies on something antivirus software can’t stop – human curiosity. The attack is initiated via either an attachment to an email, a pop-up on a compromised website or as a download on a compromised website. As soon as you open the file the attack is launched, with your data files being the primary target.

Cryptolocker looks for certain files (documents, spreadsheets, pictures, music files, presentations etc) and encrypts them using a code that you don’t know, and most likely never will. The infected computer receives a popup message advising the user that a ransom must be paid in order to get the decryption code, however there is no guarantee this code will ever be provided.

xcryptolocker-virus

This means you could lose access to your files and never get them back!

This is not the first time this type of attack has been seen, however this time around it’s making victims of many more people and businesses. There’s plenty of information around detailing the symptoms of this problem so rather than duplicate that we really want to get some simple messages out there for people to take notice of, understand, and share with others so they too can be better informed and protected.

So – here’s some simple steps to improving your computer security:

  1. Don’t open email attachments you’re not expecting to receive, particularly those with unusual names.
  2. Don’t open email attachments  to messages from people from whom you don’t normally receive messages – examples include government departments, banks, Microsoft, Norton Security or long lost boy/girl friends
  3. Make sure you are running real anti-virus software. This means you’re not relying on the protection of something that’s free – stick to a proper paid-for licence from a reputable vendor like Trend MicroMcAfeeSymantec/NortonKaspersky
  4. Keep your operating system software up to date – if you’re running Windows XP or Vista you need to seriously consider changing to Windows 7, Windows 8 or now Windows 8.1 as a matter of urgency
  5. Just because you may have some security software on your computer that doesn’t mean you can visit any website you wish and assume you’ll be safe – there are new exploits and vulnerabilities found every day. Having antivirus software doesn’t mean you’ll never get an infection, in the same way that having seatbelts, anti-lock brakes and airbags in your car doesn’t mean you can’t get hurt in an accident
  6. If you see something that looks too good to be true then it’s probably too bad to be looked at and should be avoided
  7. Ensure you take regular backups of your data, onto multiple backup devices, and test these backups. And don’t forget the backups need to be taken offsite too!
  8. Just because you’re not running Windows that doesn’t mean you’re safe from any attacks – there’s malware and viruses for Macs and Linux too
  9. Don’t assume it can’t happen to you – it can and most likely will, it’s simply a matter of time
  10. If in doubt, ask for help

We also have additional software available to provide improved protection against these attacks, but remember no software package will ever be able to provide 100% guaranteed protection against all threats. You can, however, greatly improve your chances of avoiding an infection.

There are many articles on our blog that are there to help inform and protect you. Take a read of this very popular article on cyber security.

If you want to subscribe to our monthly newsletter simply visit the blog page and enter your email address at the bottom so you can be kept up to date, and don’t forget to share this with others so they too can keep informed.

Please drive carefully when venturing onto the information superhighway. We don’t want you to get hurt, but if you do we’re here to help as best we can. We’re only an email or phone call away.

October 3rd, 2013

Security_Sep30_BSmall business owners often have a tough job. As the face of the business you will be held largely accountable for anything your business does, or anything that happens to your business. If there is a security breach of your systems and personal information is stolen, you will asked questions as to why. Therefore, it is in your best interest to take steps to protect personal information stored on your systems.

As October is Cyber Security month in the US, it's the perfect time to take a look into ways you can make your business and systems more secure. One of the best places to start is to look at how your company stores and protects personal information. Here are five tips that can help you protect personal information in your company.

1. Change your passwords One of the weakest links, in terms of security, is not the programs, networks, or systems, it's actually the passwords used to access these. You should ensure that your passwords are strong - at the very least use a mixture of capital and lowercase letters, numbers and special characters like ! or @. This makes passwords harder to crack.

It is a good idea to change your passwords on a regular basis. You should change them at least once a year, but far preferable is to change these every 90 days. This will minimize the chances of your password being hacked and likely increase overall security.

2. One password shouldn't rule them all The number of password protected systems and sites that we use on a daily basis is increasing and it can be tempting to have one or two passwords for all of these systems. This is not a good idea though because if one password is compromised, a hacker could gain access to all of your systems and the personal information stored on them.

The best solution is to have a unique password for each system and one that is as different as possible. Using a password manager like Dashline or LastPass might be worth looking into but just be sure to use a separate password to access to this system as well!

3. Don't keep everything While passwords are a common way hackers can access systems, another popular way they get in is through malicious links in email, social media posts or online advertising. These links can be viruses and trojans that install backdoors to systems, allowing hackers access to files and potentially sensitive information.

In order to maximize security, you should look at every link and ensure it is legitimate before you click on it. The best way to do this is to look at the sender's email address and ensure there are no spelling mistakes or weird characters. Look for any strange spelling, and if possible check there is https:// at the beginning of all links. This indicates that the page is legitimate. If a link seems even remotely suspicious, simply delete it.

4. Don't react immediately Communications, especially in online ads and emails, often urge you to click immediately. Pause for a moment, inspect the email or links and try to verify them. As a rule of thumb, if it sounds too good to be true, it is. Therefore, think first and don't click the link.

5. Develop policies In order to secure your systems and protect information stored within, you should develop a policy for all staff to follow. Be sure to look at how you plan to protect information, where it is stored and how it is stored, as well as who has access to it, how can it be accessed, and what happens when the policy is breached. How do mobile devices/devices brought in by employees fit into the plan?

Once you have developed a policy, communicating it to your employees and ensuring that they are all on the same page in following it is essential. We know it can be challenging to develop an effective policy, so why not contact us? We may be able to help not only secure your private information but also develop a sound policy that is workable.

Published with permission from TechAdvisory.org. Source.

Topic Security
September 19th, 2013

Security_Sep16_BWhile email certainly has become one of the most essential communication tools for every business, it still isn't perfect. One of the more common shortfalls is that it isn't the most secure of systems. In order to make it more secure, companies need to employ scanners and filters that search for malicious content, spam, etc. The problem is, these can be expensive. One solution might be managed email security.

What are managed email security services? The key to understanding what this type of service is, is to think of it as outsourcing. There is little doubt that companies need to secure their email but many small to medium businesses lack the staff and expertise to actually do this in reality. One way to secure your email is to simply outsource it to your IT partner.

An IT partner can work with you to establish and secure your email, by intercepting all email destined for your email addresses or domain. Many IT specialists employ advanced scanning software that looks for malicious software, images or even content that contains keywords deemed unsafe. The software then filters out these emails and sends the safe ones to your email servers or inbox.

These services typically allow you to establish and manage filters and black or white lists (black lists are a list of words or email addresses that you do not want to receive emails from). Because the companies that run these services are usually security oriented, they can work with you to ensure that emails coming in, and going out of your organization are secure, and free from malicious content.

Why would companies use them? There are many reasons as to why companies would use a service like this. Here are four of the most common:

  1. They operate in an industry with strict email regulations - Many industries, like the healthcare, legal and financial sectors, have strict regulations regarding security of communication. Companies have little to no choice, and must meet security regulations, or face heavy fines. A managed email security provider can help companies understand and meet these requirements.
  2. They lack an in-house IT department - The vast majority of small to medium businesses have thinly stretched IT staff, if any at all, who don't have the time to constantly monitor email security. By working with an IT partner, you can free up existing resources and allow your IT staff to focus on other areas of your business.
  3. They can't afford regular solutions - Small businesses run on razor-thin margins. Implementing an off-the-shelf solution takes time and money, both of which are likely non-existent. Because this is a managed service, you will likely pay a flat rate which is far more affordable than other solutions.
  4. They need a reliable system - In order to operate at maximum efficiency, companies need to be sure that their email system is not only working but will not suffer from downtime related to malicious software or other content in emails. Because these emails are filtered before they get to your system, companies will often see nearly 100% uptime of their email systems when they utilize an IT partner for email security.
What makes a good managed email security provider? If you are looking for a managed email security provider, there are a number of services that good providers should offer. Here are six.
  1. They should offer both spam and malware or virus scanning.
  2. They should have a Service Level Agreement with a guarantee stating how secure their systems are. Ideally, no malicious content should make it through.
  3. Do they offer the scanning and security of emails going both into and out of your systems?
  4. The security system should be adjustable to meet your specific needs.
  5. The system offered should be easily scalable to meet the growth of your company.
  6. Ideally, the system provider should have experience with the industry that you work in. This will increase security, while also going further to ensure that systems are secure and meet regulatory standards where necessary.
If you are looking for a better email security system, why not contact us? We may have a solution that will work for you.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 5th, 2013

Security_Sep02_BPause and think for a moment: When you finish work at the end of the day, do you turn your computer off or leave it on? What about at home or if you have a home office? If you ask 10 different people what you should do then you can be sure you'll get 10 different answers. Whether to leave a computer on all night is a common question we get too, and the answer is not as straightforward as one might think.

So, let's take a look into whether you should shut your computer down at night or not. The first thing we should do is look at three myths that surround this topic.

Myth 1 - My computer is safe from power surges if I turn it off If you live in an area that has an unstable power grid, or is prone to random blackouts, you may be worried about power surges. In truth, if one reaches your computer when it's off, it will do almost exactly the same amount of damage as if it was on. Therefore, you should ensure that your computer is plugged into a surge protector, even if it's switched off.

Myth 2 - Leaving a computer on will cause it to overheat This isn't quite true. Both laptops and desktops have fans and heat sinks that are designed to cool a computer efficiently while it operates. If your computer has a working fan, leaving it on overnight will not cause it to overheat. On the other hand, if the fan isn't working properly there is a high chance it could overheat. In other words, if the fan isn't working, you should get it fixed before damage is done.

Myth 3 - Turning a computer on and off, or leaving it on will cause parts to wear out quicker In theory, this is actually true. When a computer runs, it gets hot - high end video cards can run as hot as 180 F - and when it is shut down, the parts cool quickly. Anyone with a basic understanding of science knows that many substances contract when cooled and expand when hot. Therefore turning your computer off and on will cause wear from expansion and contraction. . Well, in truth, it really makes little difference. Think about other similar electronic devices like your monitor, TV or even phone. You no doubt turn these off and on all the time with no problem. Most computer components are designed for this too. In fact, many are designed to outlast the expected time you will use the computer. This means that the vast majority of people won't notice a difference.

The truth behind these myths shows that there will be little outright harm to your computer if you turn it off, or leave it on. But the question about which is best to do still remains.

Reasons you should turn your computer off at night There are four main reasons as to why you should turn your computer off at night:

  1. You can save money. Did you know that the average electricity bill to run a computer 24/7 for a year can be from USD$100 to USD$300? Multiply this by the number of computers in your company, and that can add up to a fair chunk of change. If the computers were to be turned off for the night, you could see your electricity bills drop drastically.
  2. It serves to refresh your computer. You may notice that if you leave your computer on for an extended period, it will start to get slower and slower, and more programs will crash. Restarting your computer serves to refresh it, making your programs run noticeably faster and with fewer errors. Turning your computer off at night is the same thing as a reboot.
  3. Important security updates will be installed. Most operating systems can be configured to download security updates while the computer is on, but usually require a system restart to fully install or update. Therefore, if you download updates, you can wait until the end of the day, turn your system off and when you turn it on in the morning, these will be installed.
  4. It minimizes the chances of security breaches. When you turn your system off at night, it will be disconnected from the Internet. That means if there are any worms infecting other systems, your system won't be infected (as long as it remains switched off). Viruses or trojans trying to send information and data out of the network from your computer will also not be able to do so.
Reasons you should leave your system on at night There are three main reasons as to why you would want to leave your system on at night:
  1. The computer can perform scheduled maintenance. Many programs like Antivirus, Windows updates and Defrag can be scheduled to run/scan when you aren't using your system - which is at night, most of the time.
  2. You work with network administrators. If you work with network administrators or an IT Partner who uses the time when you aren't in the office to install updates, run scans and perform maintenance, you will likely be asked to leave your computers on at night.
  3. Your computer acts as a server. If you use software to access your computer from home, some require that the computer be switched on. Therefore you would need to leave it on. The same can be said if your machine works as a server - say file host or Web server. It will need to be on 24/7.
So, which is better? In truth, it really comes down to preference and how you work. If you work with an IT partner who manages your systems, it is a good idea to ask them what they would recommend.

If you just use the computer while you are at work, or are worried about potential security threats, then you can probably shut it down at the end of the day. That being said, if you do shut your system down, it is a good idea to run security scans on a regular basis while your system is on to ensure maximum protection.

At the same time, if you leave your system on, it is a good idea to periodically reboot it so important security and program updates can be installed and your computer can be refreshed.

Still not too sure what you should be doing? Why not give us a call to see how we can help keep your systems running and secure.

Published with permission from TechAdvisory.org. Source.

Topic Security
August 22nd, 2013

Security_Aug19_BIn the era of cloud computing, security has become a hot button issue. It seems like almost weekly there is some announcement of a system being hacked or information being leaked. In truth, this will never disappear and may only get worse unless you take steps to ensure that the cloud system you use and the files or information stored within are secure.

Here are four tips on how you can keep data stored in the cloud safe.

1. Cloud encryption is key When you store files in the cloud, they are actually stored on a server somewhere. It would be a good idea to check with your provider what encryption they use on their servers. In case you were wondering, encryption is the conversion of data and messages into a form that can't be easily read by unintended parties. With most digital systems, encryption will make files unreadable without the proper key to essentially decode the information and turn it into something we can read.

Checking with the different services you use can go a long way in helping you decide what to store and where. For example Google doesn't doesn't currently encrypt files stored on Drive. The same goes for Evernote and the free version of Dropbox. There is rumor that these companies especially Google are working on establishing encryption for all files but this may not happen for a while. Some providers like SugarSync do use encryption but it may not be enough. To ensure maximum security, look for providers that offer at least 128-bit AES encryption. Anything higher will obviously be better.

2. Secure files before they go online All encryption can be broken and some forms just take longer. To add another level of security, it would be a good idea to encrypt or secure your files before they are uploaded to the cloud. Did you know that popular programs like Office and Adobe Acrobat allow users to encrypt documents with a password?

Another option is to add a password for access before the files are uploaded. There are other options as well, including using a program like boxcryptor that creates an encrypted folder on your hard drive and links to various cloud storage services. When you place a file into the boxcryptor folder, it will be synced with the related service and automatically encrypted.

3. Ensure files are secure when being moved One of the weakest links of almost all cloud solutions happens when information is being uploaded or synced from your computer to the cloud. Some solutions will send information unencrypted which means hackers will be able to capture the information as it leaves or enters your network or the solution's network.

You should make sure that the solutions you use encrypt data while it is being uploaded. In truth, almost all of the cloud services do but it would be worth it to check again.

4. Lock down your accounts This can be a bit of a hassle but it will help keep your account and all of the important information/files stored on the cloud service secure. What do we mean by 'lock down'? For the most part it means follow standard security protocol: Use a different password for every site and service, change passwords on a regular basis, don't give passwords away and enable dual authentication if possible.

Services like Google Drive and DropBox offer two-factor (dual) authentication. What this means is that if you enable it, you will need to do another step before gaining access to your files. This usually means entering a code sent in a text message to your phone or answering a security question.

If you take these steps to ensure that your files and systems are secure, there should be little to no chance of having files or information stolen. We do have to warn you however that nothing is 100% secure but the more steps you take will definitely increase the security of your information. And if you’re looking for a cloud storage solution that offers the highest level of security, you can always contact us to see how we can help.

Published with permission from TechAdvisory.org. Source.

Topic Security
August 8th, 2013

Security_Aug05_BOne of the major setbacks to the exciting evolution of technology is that exciting developments mean there are always security issues cropping up. It can be a seemingly uphill battle to keep your systems secure. One of the best ways to ensure that your systems are not breached is to keep yourself educated about security threats, as well as adopt specialist help from a trusted IT source. Did you know that there is a new threat that capitalizes on USB ports that could be infecting your system?

While USB threats aren't anything new - USB thumb drives are well known to be used by some employees to copy and take important files with them when they leave the office - this latest threat is a little different. Hackers have developed a USB stick that can bypass Windows Autorun features and infect your system.

How do these drives work? As you may have noticed, when you connect a device like an external hard drive to your computer via the USB port, Windows will not run, or open the drive. Instead, you will get a window with a number of options, including: Open folder to view files, Download pictures, Play files, etc. The reason for this is because hackers figured out a number of years ago how to put a virus on a USB stick, which when plugged into the computer, would be auto run (started up) by Windows and infect the system.

Hackers have recently figured out how to trick this feature. What they have done is create a flash drive that looks like a USB memory stick. Only, when you plug it into a computer, Windows thinks it's a plug-and-play peripheral like a keyboard, and will allow it to run. There is memory on the stick, where hackers can write and store a virus or infection, which will then run, infecting the system.

There are four things to be aware of with these drives:

  1. They are cheap (ish) - These drives can be found on the Internet for less than USD$65, with some being as cheap as USD$40.
  2. They are fast - Some of these devices are able to run a script and infect a system in 50 seconds, and if they are re-mounted in the same system, could run a script within 30 seconds.
  3. They are multi system compatible - A few of these devices are advertised as being able to infect almost any system - Windows, Mac and Linux.
  4. They aren't easy to find - yet. While there are websites online advertising these drives, most users won't be able to find them. Experienced hackers on the other hand can do. Of course, anyone with enough patience can probably find them.
What does this mean for my company? Because these devices are nearly indistinguishable from real memory drives, it is nearly impossible to spot and therefore stop them from infecting systems. Because these drives are currently hard to find and infection rates are generally low, many companies probably don't have to worry too much. However, you can bet that these drives will probably become more popular in the near future.

This doesn't mean that you don't have to be aware of this risk and understand that these drives exist. Some companies have started to take action by disabling USB drives, monitoring what employees plug into their drives and even providing employees with tamper-proof USB drives.

One thing you might have to concern yourself with is if you allow employees to bring in their own drives. In general, if you take steps to ensure that the drives being used are legitimate and approved by the company, this shouldn't be much of a problem. Of course, keeping your security systems and anti-virus scanners up to date and functioning is always a good idea.

If you would like to learn more about this security threat and what you can do to stop it, including how we can help minimize risks, please contact us today to see how our systems can help you.

Published with permission from TechAdvisory.org. Source.

Topic Security