The practice of email encryption (turning a message into code before sending it beyond the network) has become standard protocol for the majority of email transactions today. This practice can be seen in both the private and public sectors, but it is especially prevalent within public organizations - where 83% of federal agencies have policies allowing employees to encrypt emails.
Since mobile devices such as tablets and smartphones contain their own native IT security measures, some business leaders and IT managers question the need for the additional security that can be provided by a mobile data management system. The simple answer to this question is that mobile data management programs can serve to both enforce and provision the native security present on handheld devices. A more nuanced answer, however, would point out that MDM products could produce an "integrated security" environment in which mobile devices become not only more secure, but also far more useful to the organization.
With electronic payments now outnumbering cash transactions, the Point-of-sale (PoS) system hack is becoming a more common in the world of cyber crime. In recent years, there have been several high profile cases including the notorious $10 million Subway PoS breach, where at least 150 franchises were targeted, as well as the breach of Barnes & Noble, where credit card readers in 63 stores were compromised. Almost all modern businesses now make use of an electronic PoS systems, and with the hacking of these devices on the increase, it is more important than ever to take appropriate steps to secure your customers’ data.
According to a recent draft of mobile security guidance from the National Institute of Standards and Technology (NIST), businesses should seriously consider the deployment of software that can provide centralized management for mobile devices. This recommendation appears in "Guidelines for Managing and Securing Mobile Devices in the Enterprise," also known as Revision 1 of NIST Special Publication 800-124. The draft guidance goes beyond a mere recommendation of such IT solutions; it also provides detailed suggestions that SMBs can use to help them select a centralized management program for mobile devices, as well as guidance with regard to installing and using such a system.
Internal IT security personnel at SMBs may have their work cut out for them when it comes to integrating the newest version of Microsoft Office into existing security procedures. According to Microsoft, Office 2013 represents a significant departure from the traditional IT risk management paradigm. According to the company's recently released security overview of the product, Office 2013 presents companies with "a fundamental change from computer-centered identity and authentication to user-centered identity and authentication. This shift enables content, resources, most recently used lists, settings, links to communities, and personalization to roam seamlessly with users as they move from desktop, to tablet, to smartphone, or to a shared or public computer."
Firewalls remain a critical component to every business' IT security posture. Much like a firewall in a physical building, they are designed so that if one part of the network is under attack, other systems on the same network are able to remain unharmed. Let's look at some interest facts about firewall protection that give weight to their importance.
Small and medium-sized businesses trying to create and maintain systems that will meet HIPAA standards for privacy and IT security may have their work cut out for them. Initial audits have been conducted this year, with more still scheduled to take place, but according to the audit protocol itself is likely to evolve in response to the findings from the program so far. According to Linda Sanches of the Office for Civil Rights, the protocol itself is a "living document".
Odds are if you aren't one of the million cloud users already, you've figured out that this whole cloud computing trend is probably worth looking into. One of the first things you'll run across when you begin your search for information is the choice between public versus private clouds. Sure, each of these cloud types has its own advantages. But when you look at all the angles and filter each solution using your specific needs, you may reach the same conclusion as many other SMBs; a private cloud computing network is safer and more reliable in the long run than a public one.
Research in Motion, the producer of the BlackBerry smartphone suffered a blow last month when Yahoo! offically switched all employees a new iPhone 5, Samsung Galaxy S3, HTC One X, HTC EVO 4G LTE, or Nokia Lumia 920, including a company-paid data and phone plan. Yahoo! will also discontinue IT support for the BlackBerry.
In the press release announcing the popular decision, new Yahoo! CEO Marissa Meyer wrote, "We'd like our employees to have devices similar to our users, so we can think and work as the majority of our users do."
Most Yahoo! employees are happy with the switch, more than ready to get rid of their BlackBerrys, which have been waning in popularity for some time now. Most have praised the decision, but some IT security experts are questioning the safety of these devices over the uber secure BlackBerry.
BlackBerry vs iPhone vs Android Smartphones -- Which Is More Secure?
BlackBerry is and remains a highly secure mobile device platform. It was originally designed with corporate-grade security in mind, and RIM has worked hard to maintain that focus with all of the new versions of the BlackBerry operating system.
The BlackBerry 7 OS was recently rated the "most secure OS" in a report by software security specialists Trend Micro. Blackberry 7 scored 2.89 out of a possible score of three, with the iPhone 5 OS coming in a distant second with a score of 1.7, and the Android 2.3 OS coming in at the bottom of the heap with a security score of just 1.37.
The report praised the BlackBerry 7 OS both for its robust security-conscious design and the ease of use in the set up of security features. The iPhone was mentioned positively in that it did allow easy app "sandboxing," and because it does not include any type of removable storage (always a major security risk). The particularly low score that the Android 2.3 OS received was due to the fact that although "sandboxing" of apps was possible, it was very cumbersome, so the majority of users did not bother. This, of course, is a major security vulnerability, and hopefully most corporate users will be savvy enough to know to keep their apps out of their OS.
Although earlier versions of the iPhone OS were notably lacking in security features, the iPhone 5 OS offers users all of the security basics. An iPhone 5 is probably secure enough for your needs, but there are definitely some risks involved. Some analysts have questioned Yahoo!'s timing of the switch to smartphones in terms of security, possibly exposing themselves to security risks by pulling the trigger too early. The iPhone OS 6 is rumored to include several major security upgrades.
If the highest level of security is vitally important to you, you can feel the most secure with a BlackBerry.
Want to learn more about mobile security and how it can affect your business? Contact iCorps today.
Encryption -- turning a message into code before sending for security reasons -- has become standard protocol for sending the majority of email transmissions today. This trend can be seen in both the private and public sectors, but it is especially the case in the public sector, where 83% of federal agencies have policies allowing employees to encrypt emails.
While this sounds like a positive development, unfortunately, encryption is a double-edged sword. Encrypting messages does add a significant level of security, as encrypted messages have to be unencrypted, which takes time and makes them much less valuable to hackers. But emails that users encrypt at their desktop before sending cannot be subjected to any kind of content verification by network security, which makes it almost impossible to trace unauthorized data transmissions. In practice, the encryption that is used to guarantee the security of data actually becomes a method to send unauthorized data undetected through the email gateway.
The Encryption Conundrum
This encryption conundrum puts IT managers between a rock and a hard place. Nobody wants to give up the high level of security provided by encrypting employee emails, but IT security experts almost all say that significantly more unauthorized data is lost from networks by email than flash drive, disc or any other method.
The problem is just going to grow as more businesses and agencies move to encrypting most or all of their email traffic. A recent study suggested that over 80% of IT security managers were concerned about loss of sensitive data through encrypted email.
Advanced Email Security Technology
The only way to effectively solve this encryption conundrum is with advanced email security technology. Thorough training of employees on encryption protocols and other software analytics methods will help control the loss of sensitive data through encrypted emails, but these measures will not thwart a smart and resourceful individual.
To be sure that no one is sending out unauthorized data in encrypted emails, IT managers must have the ability to unencrypt files before they are routed to your Exchange server for outbound transmission. This is obviously a more laborious and time consuming process, but protocols can be set up so that only certain messages or a certain percentage of messages are unencrypted before outbound transmission.
This kind of advanced email security takes some significant expertise to set up properly. Federal agencies will likely staff up their IT departments and take on the task in-house. But that idea can be a little daunting for small and medium-sized businesses. Small and medium businesses should consider working with a high-end local IT services provider to get the results they want. Learn more about how to secure your email from a data leak.
If your organization falls under any of the types of government compliance, it’s crucial that employees follow the proper protocol to be compliant with IT security policies. Executives designate the process of ensuring that compliance standards are followed to IT leaders generally. The IT department determines where there are compliance gaps and applies the necessary measures and policies. However, for these measures to work efficiently, everyone in the organization must follow them. Unfortunately, employee non-compliance with policies can happen and when it does, security breaches are possible.
Here are the top five causes of breaches due to non-compliance:
Hackers have stolen credit card information from 63 Barnes & Noble stores across the US, reported the New York Times yesterday.
The advanced threats to computer systems today are more aggressive and sophisticated than ever. Worse, they are constantly being improved and updated with new versions of malware including various kinds of bots, viruses, worms, phishing schemes and even Trojan horse approaches. The consequence of network intrusions are also becoming more detrimental, and can result in disasters such as hackers getting access to client personal or financial data.
While standard commercial anti-virus software will protect you from 95% of the malware circulating on the Web, even regularly updated IT security systems offer you almost no protection from advanced system threats, especially advanced persistent threats guided by sophisticated hackers.
Advanced persistent threats are malware designed to exploit the vulnerabilities of specific targets, and once the malware is in the system, it is extremely difficult to completely remove. Some of the latest targeted system threats are incredibly sophisticated, and many are created to hide in multiple places deep in a network. You might find two, three or four corrupted files, but you can never be 100% sure you got them all. The only way to adequately protect your networks from advanced threats is a carefully designed layered defense.
A layered network defense is composed of several different types and layers of IT security measures, including but not limited to:
- complete endpoint protection and top-to-bottom solutions
- multi-factorial authentication
- strong encryption
- intrusion detection systems and content filtering
- virtual private networks
- packet filtering
Technology never stops evolving. And the ever changing Information Technology landscape— now including cloud computing and BYOD (Bring Your Own Device)—has had an enormous impact on IT consultants and the challenges they face. What are some of the ways companies and their IT departments are evolving to meet these new challenges? Read below to examine a few hot trends in network management.
The advent of cloud technology has revealed that the solution can pose great advantages to a business—as well as new threats to a network's security. As more and more companies choose to make their data available from anywhere by storing it in the cloud (on a server instead of a hard drive), it has become even more critical to find ways to keep hardware secure.
The need for IT security is paramount to successful operations, especially in the business world. All data is important and should not be subject to outside intrusion in the form of malware, worms, spyware, viruses, botnets or adware. Regardless of the size of the organization, an IT management system should be set up in order to protect against intruders.
An astounding half a million credit cards have been stolen from an unidentified Australian company. The hackers responsible for the theft are said to be an Eastern European group who are also suspected to be the same one’s that threatened the business continuity of Subway restaurants in 2011. A total number of 150 Subway restaurants in the US were victims of similar hacking.
Small and medium-sized businesses often focus on networks and software when considering their IT security profile. While adequate IT networking security is certainly an essential component for any plan to confront the current threat environment, organizations must also have in place policies and procedures that will promote print security. Unbeknownst to many SMBs, one of their biggest security vulnerabilities could actually be their printers.
Most Americans will recognize the term ‘melting pot’ as referring to the multi-ethnic nature of society in the United States. Now, however, some IT security professionals are beginning to use it in an entirely new context, referring to the current threat environment as a ‘complex melting pot’ largely comprised of ‘security challenges surrounding the secure transfer of sensitive data via email’. This new threat environment is a result of several converging trends, including small suppliers of email services to SMBs, the increasing use of email services based in the cloud, and the BYOD movement.
Almost without exception, businesses both small and large that have yet to adopt a cloud computing model cite IT security concerns as one bar to adoption. There is much that cloud services providers can do to assure their business customers that their data, and by extension their reputation, will be safeguarded with all due diligence. SMB owners and managers, however, need to know what to look for in a cloud services provider. It is important to come to the table equipped in advance with the right questions.
In survey after survey, one of the most pressing computing concerns for SMBs is robust and effective IT security. The old saying that ‘you get what you pay for’ is entirely appropriate in this context, since when it comes to securing systems and networks, businesses would do well to pay for expertise. By moving to a managed programs model for the installation and maintenance of their software systems, small and medium sized businesses can have a true expert handling their needs. Such an expert will be privy to a whole host of tips and tricks that will never even occur to personnel who have limited understanding as to the way computers and networks actually work.
Advances in technology and other IT solutions provide companies with a plethora of storage options to choose from. Especially for small and medium size companies, these advances have opened up a lot of avenues to streamline IT infrastructure. The ability to customize solutions and choose vendors with the right expertise, while reaping the cost benefits, is the primary reason that small and medium size companies should opt for these new IT solutions.
Cloud storage solutions have been around for over a decade; however the recent upsurge in the demand for these solutions is due to the improvements in technology and the cost models that are offered by IT service providers today. The major benefits of adopting a cloud storage solution are very many and widely recognized.
- “You can look it up.” Do you use a password that can be found in a dictionary? If you do, then a hacker can simply bang on your log-on with a simple dictionary program until he has access to your account. Fix: Consider one of two options most professionals in IT security recommend. Either create a password that contains odd characters interspersed with random letters and numbers or use a pass phrase instead of a password.
- “Be a snowflake.” You need to use a different password for each different site. You do this, right? Oh... Even if you do come up with a strong password, IT security professionals report most people use only one or two passwords for all their log-ons and, of course, that means someone only needs to crack your single password to access all your sites.
- “Don't leave a paper trail.” You'd be amazed how many people write down their passwords on a Post-It and stick it onto their monitor or, if they're really cagey, underneath their keyboard or lap drawer. IT security best practices recommend you never, ever do this.
- “Cover your tracks.” IT security professionals also recommend that, whenever possible, you use a secure connection when you log on. What's a secure connection and how to you make it? Take a look at your address bar. If the address starts off “http://...etc.” then the connection is not secure and an evil doer might be snooping on your session. Try a very simple, single change by using an “s” so that the address looks like this: “https://...etc.” And this encrypts the connection between your browser and the website and thereby making it more difficult for evil doers to do evil.
- “Loose lips sink ships.” One of the most notorious hackers in modern history, Kevin Mitnick preferred “social engineering” to technology techniques. In other words, what he did most of the time was call people up, pose as a system administrator and simply ask users for their passwords. One famous study in England discovered most people would give up their password for a candy bar.
- “We have the technology...” There is a new generation of software utilities that help you manage passwords. For example, a utility called LastPass is a browser extension that connects a heavily encrypted password vault to your browser. Once installed you only have to remember one, highly-secure password and then LastPass can automatically fill in all the others. Even better, LastPass can generate super random, secure passwords whenever you open up a new account on a website or change your password on a site where you already have an account. And finally, perhaps best of all, you can install LastPass on the browser you use at work and the browser you use at home and any other browser you use. This way, you will enjoy convenient security wherever you are.
On July 12th 2012, it was revealed that over 453,000 passwords for Yahoo Voices had been compromised. The attacker, referring to themselves as "D33Ds Company", announced that the attack was to signify a wake-up call to Yahoo that they needed to get serious about security.
On July 9th, 2012, the Internet was supposed to hit doomsday. Millions of machines worldwide were expected to no longer have access to the Internet resulting in huge losses to businesses and swamped ISP helpdesks.
Cloud computing allows businesses and other organizations to move their computer functions to the internet from internal networks. This relieves the entity from having to maintain expensive IT equipment, such as servers, programs, and other networking solutions. It also allows for a reduction of expensive IT personnel. The overall savings can be very significant, depending on the size of the organization and its computer operations. At the same time, entities are able to provide greater flexibility to an increasingly mobile work force and as a result experience greater efficiency from the workforce. The downside is that when an entity moves its computer functions to the internet it becomes a big target for cyber criminals that want to steal sensitive information, hence the big security concerns.
Cloud computing services are provided by third parties and the entities involved are dependent on those third parties to provide adequate security measures. In turn, however the third party service providers are depending on each entity to do its part. Security is only as strong as the weakest link and if one entity has lower security concerns that the rest there will be increased vulnerability for all. Most security breaches occur because of actions from inside the entity. An employee carries out an action that opens a door to unauthorized access. This can happen through carelessness, an employee being duped by some outside party or by a disgruntled employee. Security awareness among employees of each entity should be considered essential to maintaining overall security for each entity in the cloud.
For many entities, given the right IT security solutions, there is really no reason not to move IT functions to the cloud. They can increase efficiency and effectiveness while decreasing costs and simplifying IT processes and functions for all parties involved. The purchase of Virtuata by Cisco means that other cloud computing service providers will need to up their game, regarding IT security, in order to remain competitive. Security professionals must strive to stay ahead of cyber criminals who are always working to find new and innovative ways to breach security. The firm(s) that provides the best IT security will dominate in the cloud computing arena. Cisco has made a good move with the purchase of Virtuata and is poised to increase its footprint in the cloud computing arena in a big way.
Since 2002, LinkedIn has been the social networking platform of choice for professionals to network and is the number 12 ranked site in the world. In early 2012, an estimated 150 million users were registered to the site and growth is continuing to rapidly expand. All this attention also had the unfortunate side effect of being coveted by hackers.
The internet giant Yahoo has once again been subjected to a hacking by the group that calls itself D33D. This time around, over 450,000 usernames and passwords of Yahoo users has been downloaded and posted on the internet for the world to see. The hackers left behind a note that they mean this as a wake up call to IT security professionals in these companies so that they do not remain vulnerable to further attacks. Yahoo was not the only company affected by the hack; data from other big players like Gmail, Verizon, AOL, Hotmail and MSN have also had user data stolen. This kind of a scenario poses serious questions about whether enough is being done to protect user information and if so then why are such repeated threats presenting themselves.
Lack of well-implemented email encryption remains one of the weakest links businesses face today. Companies who fail to take necessary precautions can be fined due to failure to comply to applicable legal acts, lose customer loyalty and their market competitiveness. Don't make the mistake of implementing it based on bad advice though. Let's look at some of the worst email encryption advice that could leave you vulnerable.
In previous years, the primary means of obtaining copyrighted music illegally was peer to peer file sharing networks such as Gnutella, KaZaA, Napster, BearShare, WinMX and eDonkey. With the inception of the YouTube video sharing service, which is owned by Google, these peer to peer services have largely fallen into disuse in favor of Adobe Flash-based multimedia sharing services. YouTube gives its enormous user base the ability to upload any video or audio they wish. Though many uses of this technology are legitimate, others reproduce copyright holders' content without permission. This phenomenon has been observed by IT security professionals, record labels and technology journalists worldwide.
Legal authorities at Google have taken notice of a surge in sites that automate the process of stripping the audio content out of YouTube videos, thus resulting in a downloadable MP3 file of a potentially copyrighted song. Two of these sites, YouTube-MP3.org and Music-Clips.net have come under intense scrutiny by IT security professionals at Google. As a result, Google has issued notices to the owners and operators of these two sites requesting that their services be discontinued. However, this does not appear to be motivated by the obvious threat of copyright infringement. Rather, Google claims that these two sites exploit the YouTube API (Application Programming Interface) in a manner that is not permitted by the EULA (End User License Agreement) and Google's privacy policies. Google claims that the activities these sites perform violate the usage rights YouTube visitors agree to by utilizing the service.
Less than a decade ago, predictions were rife in some quarters that firewall technology would soon see its last days. The Jericho Forum advocacy group, among others, viewed firewall solutions as a hindrance to the development of global e-commerce technology. As matters developed, however, the firewall has become ever more important in the years since such predictions were issued. IT security consultants assisting businesses both large and small overwhelmingly favor it as an excellent way to help keep networks protected from both casual intruders and dedicated cyber criminals.
While the debate about suitable forms of governance for copyright infringement continues to evolve here in the US, European courts are also struggling to find consensus. In the last week, French and German courts have both been considering the role played by file-hosting services and ISPs in the fight against illegally shared content. They have both come to different conclusions.
The threat of malware is one that is increasing year after year, and has been doing so steadily. Scams of one sort or another are increasingly being seen on social networking sites and mobile application markets. As ever, you can reduce the risks to yourself by deploying anti-virus programs and keeping them up to date. Their ability to detect suspicious activity has been getting better and better as heuristics improve.
In today’s age of heightened IT security and multiple password protected online accounts, is it any wonder that the average user chooses the simplest passwords to remember?
The recent Yahoo password breach has sent shock waves across internet users because of the sheer volume in which usernames and passwords were posted online. With half a million usernames and passwords stolen and freely available on the internet for download, IT security is no longer just a grudge purchase. Many companies have now realized that IT security must be of utmost importance and it needs to be a part of the culture of the organization so that it may be implemented effectively.
Why You Need IT Security
Month after month high-profile cyber attacks have left companies at risk and IT security professionals on guard. The latest? Nvidia Corporation, a California-based U.S. semiconductor producer who recently claimed that up to 400,000 encrypted passwords had been compromised from the company’s online forums.
The United States Computer Emergency Readiness Team, also known as US-CERT, has identified a huge threat to your company's IT security. Several 64-bit operating systems as well as virtualization applications using Intel processors are at risk of being exploited by a "local privilege escalation attack." The exposed operating system are based on x86-64 architecture, including Windows Server 2003 SP2, Server 2008 R2; Windows 7, NetBSD, FreeBSD, and operating systems utilizing XenServer Hypervisor.
The explosion of information that has characterized the Age of Technology means far more than having a virtual encyclopedia on every topic imaginable available at a moment's notice 24 hours per day. For SMBs, it has also meant a bewildering multiplicity of software programs that purport to offer IT security. According to recent surveys of this programming realm, there are more than 1,000 different vendors of IT security products, and the products themselves fall into well over a hundred different categories, encompassing such issues as encryption, firewall protection, and anti-virus.
IT security is always something of a contentious issue, especially where it impacts on the day to day operation of your business. The problem is that Information Technology is often seen as both a major source of risk as well as the main way to combat it. While it is true that properly implemented IT services will allow you a great deal of peace of mind, you may find that your focus on just one area has left you dangerously exposed in others.
The most widely used virtualization software in the world is VMware, but other platforms do exist. One maker of such software, a firm called Parallels, is currently in an unenviable position: looking into claims that its flagship 'Plesk Panel' program lacks sufficient IT security. Plesk Panel is not itself a virtualization platform, but it rather an administrative tool that helps website managers administer Web hosting servers and perform other tasks related to the management of a website.
It's common for most companies to invest in technology that secures their perimeter, such as state-of-the-art firewalls. But an organization's security is only as strong as its weakest link which is typically the email infrastructure. Even some of the largest organizations have made headlines by not taking encryption such as AT&T and Dell. Let's take a look at what can happen when emails are distributed unencrypted.
According to some civil liberties groups, one of President Obama's most recent executive orders has potential to disrupt IT security for some businesses. The executive order, termed the "Assignment of National Security and Emergency Preparedness Communications Functions," grants new powers to the Department of Homeland Security. According to civil libertarians, these powers include the ability to take over both information networks and communications networks, even those that are run by private companies, in the event that a national emergency requires such a takeover.
One of the greatest changes in the world of business computing in recent years has been the proliferation of endpoints. Within the IT support world, an endpoint is understood to refer to any computing device with a connection, whether wireless or wired, to a network. Endpoint devices include not only traditional computer workstations but also tablet computers, laptops, and even smartphones.
Anti-virus software is a measure of IT security, but is it worth installing on – or removing from - mobile devices and cloud computing networks for mid-size companies? Below are eight points to consider about whether your anti-virus software is keeping your data safe and whether such programs are worth it:
- In the know: Anti-virus software can seem like a catch-all phrase. What is anti-virus software and what can it do? It is code that can recognize any sort of intrusion into any system that has the anti-virus software on it. Not just viruses, it can protect against Trojans, spyware, malware, key loggers – the attacks you want to prevent.
- Everyone has a weak moment: You would think that your employees know enough to open up an attachment from an unknown source, but everyone has a down moment. Sometimes that email looks genuine. Of course, your organization will be threatened by more than the typical lurking email attachment, but you need to protect against all possibilities.
- They won’t catch everything: No, one anti-virus software program won’t protect against every type of attack. Does that mean your devices shouldn’t have anti-virus software installed? Definitely not. You can choose the anti-virus software that is appropriate for each type of device that exists in your organization to ensure that best protection possible. Adjust for the situation and potential threat and you have reduced your risk.
- Affordability: Anti-virus software is an affordable solution to protect data – some are even free. Regardless of your company’s size or budget, there is a solution that fits your needs.
- Part of the plan: Should anti-virus software be your only measure of security? Certainly not. But it is one of the valid solutions that your company should incorporate into your overall IT security managed services to reduce any types of threats that exist.
- Awareness: The great thing about anti-virus software is that it keeps you and your IT department informed about the latest threats that have occurred, not necessarily to you, but to others. It also provides a forum for listing any threats that your organization may have encountered. Awareness is one of the keys to prevention even when your anti-virus software cannot.
- IT compliance: As any mid-size company knows, you need to stay current with IT best practices and policies. By documenting that anti-virus software has been installed and is kept current with the latest upgrades, any potential client will realize that your organization is not only serious about confidentiality and security, but that you are willing to back up that claim.
- Productivity: One final aspect about anti-virus software is that it allows your employees to be more productive – your main staff can focus on their work without issues arising, and your IT staff can minimize the amount of time dealing with the consequences of a cyber attack and therefore maintain your business continuity.
IT security news sometimes seems like an ongoing list of companies that have found themselves the victim of hacking groups or hacktivists, hackers that operate not out of a desire for fame or ill-gotten gains but in order to send a political or social message. All too often, the intrusions suffered by these businesses lead to the public release of information best kept private. The latest such company to find itself the victim of such tactics is none other than internet giant Yahoo!, which was attacked by hacking group D33Ds.
Any business that makes use of banking credentials at any phase of their operations will want to understand more about a new Trojan that has been dubbed ‘Zeus’ because of its far-reaching effects. The Zeus Trojan is characterized as agile and fast adapting, and it has proven highly successful at stealing banking information stored in computer system in use at small and medium-sized financial institutions. IT security experts have analyzed and they urge the use of improved IT solutions to combat it.
The very first step involved in solving any problem is usually recognizing that the problem in fact exists. While this may sound obvious, it can actually present a stumbling block to the IT security of some small and medium-sized businesses. Reporting on cyber crime sometimes tends to focus only on two aspects of the computer-using world: e-commerce companies and large entities such as government agencies or huge companies with thousands of employees. Unfortunately, this tendency can skew perceptions and cause SMB owners and managers to feel that they are less likely to be targeted by hackers and other cyber criminals.
Apple's next-generation operating system, iOS 6, was announced last month and is expected to become available to iPhone users sometime in the next few months. Although the updated interface will include some new features that could be useful in a work environment, an important consideration in today's BYOD business world, it will also present IT support personnel with new challenges to surmount.
Even though federal officials have recently taken down a large international credit card fraud ring, IT security experts are warning small and medium-sized businesses that the long-term prospects for this type of criminal activity are still alarmingly strong. All legitimate organizations that deal with sensitive financial information such as credit card numbers and expiration dates need to understand how to protect their customers' privacy better. This involves understanding how the criminals in the recent card fraud ring operated.
IT security is continually something that consumers and businesses are concerned about as they work to keep their private information and data safe and secure. The news is full of stories about the ways in which hackers have infiltrated seemingly impenetrable secured IT security systems. The public and businesses alike have both grown to fear the work of hackers. However, there are three secrets that today’s hackers do not want you to know.
The Alaska Department of Health and Social Services has agreed to pay more than $1.5 million to settle a breach incident involving issues of compliance with the federal health care privacy law, HIPAA. Although the investigation into the breach first began with the familiar scenario of a USB-connection storage device being stolen, it quickly developed into much more due to federal findings that IT risk management procedures were deficient in several respects.
Small and medium businesses will want to work closely with an IT support firm over the course of the next 18 months in order to prepare for the coming IT security environment, which experts have characterized as consisting of "colliding threats" or a particularly negative form of synergy.
Providing a robust level of IT security involves surmounting two distinct challenges. Not only must IT support personnel deal with the current threats that exist in the known information security environment, they must also attempt to fend off other threats that are as of yet unknown. Sometimes these threats represent a new form of an old trick, a new virus, for example.
IT security is an issue frequently discussed at the highest levels of government, the halls of Congress, but until recently, comprehensive legislative reforms have not appeared likely. That may soon be changing thanks to a compromise being worked out between two Senate members, each one representing one of the major parties that govern the nation.
Usually the term spyware is used in the context of discussing IT provisions against malware. This is easy to understand, since a vast majority of the spyware in use in the cyber world is in fact malicious in nature.
According to authorities, an Atlanta resident, recently convicted for his part in a huge phishing scheme, helped to cause losses as high as $1.5 million at financial institutions. Targeted banks include the Bank of American, Chase Bank, and the Branch Bank and Trust Co, as well as ADP, a payroll processor. The man convicted, Osarhieme Uyi Obaygbona, had been charged with a variety of crimes including identify theft and two varieties of conspiracy. Obaygbona could receive fines as high as a million dollars in addition to five decades in prison for these offenses.
Last February, an undercover agent working for the FBI was engaged in online conversations with a suspected hacker. The agent was playing the role of a site administrator for a cyber crime website specializing in credit card fraud. The hacker, Jarand Romtveit from Norway, was bragging about a program he could use to defeat the type of encryption that banks and other financial institutions use to protect information resources in their databases. Ironically, in sharing screen shots of the decryption program in use, the hacker inadvertently also displayed a window that featured his own real-life name. Even more amazing was the fact that the hacker actually admitted that his name had been on-screen and proceeded to share his Facebook wall with the agent.
You know that feeling that you sometimes get as if someone is looking over your shoulder? Creepy as this may sound, that very feeling can have a distinct parallel in the computer world. You may just get a sense, almost like a sixth sense, that your IT security has been completely shot to bits and your computer has been hacked into, even though you can't say for certain just what is giving you that impression. Maybe your hard drive is grinding a little too often for comfort or it seems to be louder than usual. Maybe Microsoft Word is taking just a little too much time to open, or your keyboard seems unresponsive from time to time, just for a second or two. All you know is that your system seems a little bit ‘off’’.
The Department of Homeland Security, a cabinet-level division of the US federal government, has announced a plan to provide for continuous network monitoring of key agencies under its purview. These agencies are best characterized as civilian in nature and not involved in conducting intelligence operations for the government.
As recent events have demonstrated, when businesses do not have comprehensive IT security measures in place to protect their online assets, the consequences can be far-reaching in several ways. Such businesses are much more vulnerable to the activities of both professional cyber criminals and amateur hackers seeking the ‘thrill of the hunt’. These criminal activities can pose as a very dangerous threat to the sustainability of a company.
Any business that conducts part of its operations online must pay careful attention to IT security issues. This is especially true for companies that deal with any form of personally identifiable information, which encompasses both medical records and financial details relating to a specific individual. As New York's Memorial Sloan-Kettering Cancer Center has recently learned, however, that data can appear in surprising places. When IT security is not robust enough, some of this ‘stealth data’ can end up being inadvertently released to the public.
The need for small and medium businesses to take robust and thorough measures to improve their IT security became more evident this week. James Miller, a 23-year old from Devon, Pennsylvania, was arrested last week for hacking activities; he has now been charged with a variety of cyber crimes ranging from access device fraud to conspiracy. Since Miller is accused of participating in federal crimes, the Criminal Division of the US Justice Department is heading up his prosecution.
One frequent obstacle to improving IT security can be the fact that businesses, both small and large, that find themselves the target of an attack sometimes have incentives to avoid going public with information. While this is understandable from a Public Relations standpoint, it also means that other companies that could benefit from such information have no access to it. Only when breaches involve certain kinds of personal data, types that are protected by state or federal laws, are businesses generally required to admit to a breach. In many of these cases, however, they still need not go public, as long as they notify the individuals whose personal information may have been compromised.
Now, a new software effort at Georgia Tech Research Institute may change this ‘breach reporting’ landscape. The institute has developed a system that will allow both government officials and business representatives to share information about their experiences in the current threat environment. The program, regarded as a ‘malware intelligence system’, is officially titled ‘Titan’ and is currently in beta testing. Titan differs from many similar efforts in one key respect: it will allow those who contribute information to do so anonymously.
Titan's project leader, Chris Smoak, spoke about the importance of offering businesses IT solutions that enable them to contribute information anonymously: "People tend to think that if an organization gets hit, it was because they had poor security measures. That's not necessarily true, because a variety of factors contribute to intrusions. Until we get to the point that there's no longer a stigma attached to having an infiltration, people are going to want anonymity to participate."
In addition to spearheading Titan, Smoak heads up the Cyber Technology and Information Security Lab at the institute. The Titan system is much more than a database of reported breaches. It also includes a repository of malware samples, with the system examining and classifying new code on a daily basis, sometimes as many as 100,000 pieces of suspicious code. Smoak sees Titan in the future functioning as a central hub that businesses and other interested parties can consult as needed.
Such central repositories are likely to become increasingly important as cloud computing continues to grow in scope and emphasis. A cloud computing paradigm, of course, involves confronting the threat environment online from moment to moment rather than only when workers happen to launch a browser. In such a computing environment, businesses are best served by using IT outsourcing so that highly qualified managed security providers can protect their information assets.
According to new research, more and more companies in the United States and across the world are looking for IT services providers able to supply managed security services. Growth rates for managed security services were strong throughout 2011, the last year for which complete data is available. This drive toward managed security services had two prime motivations when it came to small and medium-sized businesses: higher rates of efficiency in terms of return on investment, and lower overall costs.
Additional information has come to light about the recent breach of pension records that demonstrated a need for better IT risk management by the Federal Retirement Thrift Investment Board. More than 120,000 retirees may have had their personally identifiable information disclosed during a cyber attack that has been described as "sophisticated”. When it learned of the breach, Congress requested additional details.
If anybody was in doubt about the wisdom of relying on IT security questions to establish an online zone of privacy, this week's news about the Romney campaign should have clinched the issue. News outlets are reporting that the Republican presidential nominee has had his email account hacked. The hacker apparently got in through the ‘back door’ provided by the candidate's security questions.
The need for robust IT solutions became ever more clear this week when none other than internet giant Google announced that it would be alerting specific users that their Gmail accounts may be become the target of determined hacking attacks. Eric Grosse, speaking as Google's vice president in charge of security engineering, made the announcement on the firm's official security blog: "When we have specific intelligence, either directly from users or from our own monitoring efforts, we show clear warning signs and put in place extra roadblocks to thwart these bad actors." It is believed that the need for a warning has been prompted by an increasing level of hacking sponsored by foreign governments.
According to Google's representative, users who receive a warning should not automatically assume that their account has already been hacked or hijacked. Instead, such users should have a heightened awareness that their email account may be targeted for a variety of attacks. Some of these attacks may try to compromise an account through malware, while others do not seek control of a user's email settings, but rather try to entice an account holder into disclosing personal information such as bank account numbers, birth dates, and Social Security numbers. These phishing attacks are becoming more prominent in recent years, but it is a new development for large numbers of them to be considered ‘state-sponsored’ rather than the work of individual malicious actors not affiliated with any national government.
Google, acting as a responsible IT company, is providing its users with strategies they can use to help better secure their Gmail accounts. One important step to take is to create a password that consists of more mixed characters. When upper-case letters, numbers, and symbols are mixed into a password, it is much more difficult for hackers to either guess or determine. Google also recommends that users update their browsers to the latest versions and keep their operating system, as well as all browser add-ons, fully up to date.
While these steps may be sufficient for personal users, small and medium businesses have a more intense vested interest in making sure that email accounts are not compromised. Internal company communications may detail proprietary information and trade secrets that could negatively affect a company's bottom line if released. Companies, therefore, should consider a managed services approach to email services. A managed services model through an outsourced IT approach can build in a variety of methods to provide heightened security for business users.
The recent huge password breach at social media networking site LinkedIn provides an object lesson in the need for improved IT risk management. After all, if a huge business such as LinkedIn can find itself with millions of users whose passwords may have been hacked, it only means that small and medium-sized businesses with access to fewer resources must be all the more diligent to use those resources to their maximum capacity.
There are many ways in which network monitoring works to benefit businesses and other organizations that rely on their computer environment to process daily workflow and generate a revenue stream. The experience of the City College of San Diego demonstrates just how essential this type of monitoring can be for maintaining IT security.
Among both business and personal users, the most popular web browser of all is Microsoft's Internet Explorer (IE). In recent years, however, several alternative browsers have been developed for the Microsoft Windows operating system. Many of these browsers were developed out of the perception that IT risk management in IE is inadequate.
The continuously evolving threat environment means that any business or other organization with systems connected to the online world must be diligent about defense. For businesses located in the Northeast, IT support firms are an excellent choice as they are close enough to assist businesses in a variety of modalities.
Companies are continuing to look at ways of improving their security through their existing IT infrastructure, particularly email. If you recall the recent demise of the IT consulting firm HB Gary in 2011, the hacktivist group 'Anonymous' was able to leverage their archived emails to deepen their attack proving that lack of email security can have catastrophic consequences. Let's look at 3 new trends in email security and encryption that will shake up the security landscape.
The most common way for websites to protect information from those who may maliciously intercept it in transit is encryption. This strategy changes, for example, the cardholder name and credit card number submitted on an e-commerce site into a string of characters that is meaningless unless it can be decrypted. One type of encryption used in computers is known as symmetric key encryption.
The German anti-virus firm Avira recently issued a new service pack for its main program. Unfortunately, the upgrade to the software caused serious complications on a large number of computers running versions of the Windows Microsoft operating system. The worst cases, some of the computers were rendered almost completely inoperable as they attempted , in seeking to block malicious executable files. Instead, they ended up banning nearly all executable files. After the upgrade was deployed, some machines were not even able to boot up into a normal operating mode.
The hacker group referred to as 'Anonymous' has recently launched a cyber attack, this time targeting a pair of trade associations in the area of technology. The attacks took the form of a distributed denial of service, a technique that can make web sites inaccessible. The group, which is considered a ‘hacktivist’ organization because its attacks generally relate to policy aims rather than the theft of personal information, was protesting legislation currently before Congress. The legislation would serve to encourage businesses to share information about the threat environment with government officials.
The cyber threat detection company Kaspersky Lab, maker of an anti-virus program used on millions of Windows PC computers, has uncovered a new form of malware that has been termed both advanced and massive in scope. This new cyber threat has been officially designated as Worm.Win32.Flame but is being referred to in casual parlance simply as "Flame". The purpose of Flame appears to be cyber espionage and has mainly been deployed in the Middle East region, with its targets being networks and systems under the control of the national governments there. To date, targets appear to include nations such as Iran, Sudan, Syria, Lebanon, Egypt, and Saudi Arabia.
In a managed services model for IT support, the IT company managing your data center operations can implement a great deal of automation. This is to the benefit of the business or other organization contracting for managed services, and not just because automation tends to lower overall costs.
According to Steve Chabinsky, Assistant Director of the FBI Cyber Division, "it is getting darker and darker out there.” Chabinsky was referring, of course, to the current threat environment in both the private and public sector. Aware that the FBI is widely regarded as responsible for providing leadership in the area of cyber security, Chabinsky recommends a proactive approach to securing both hardware and software systems. “What it ultimately is about is deterrence," he commented. "If the bad guys know that you can catch them, it stops most of them."
IT outsourcing encompasses a great many different functions that can help businesses to lower their costs and become leaner operations. One of the most useful of these functions is managed security services, sometimes simply referred to as managed security. There are several different ways managed security can help to create a more robust computing environment.
A number of factors are coming together to create what some IT security professionals are regarding as a ‘perfect storm’ of vulnerability for business data resources. According to the Information Security Forum, companies can expect to see IT threats become more widespread and intense over the course of the next 24 months.
Any business or other organization, including non-profits, that deal in any way with patient medical information, needs to make sure that all systems and programs enable its workers to fully comply with the mandates embedded in HIPAA, the nation’s primary law regarding security and confidentiality of medical records. This fact was highlighted by a recent decision of an appellate court, which ruled that those who violate the provisions of HIPAA might face criminal penalties including jail time, even if the individuals involved had no idea that they were contravening the law.
Distributed denial of service attacks, better known as DDoS attacks, are nothing new; but as businesses and other organizations become increasingly dependent on internet-based services such as cloud computing, they have the potential to be more disruptive than ever before. Firms that want to remain fully secured in the existing threat environment need to stay up-to-date with the trends that are currently transforming the world of DDoS.
In today’s political and economic climate, many people believe the public sector is too expansive and needs to be trimmed. Some go even further and suggest that public sector organizations should be run more like a business.
It is an unfortunate reality of today's information technology environment that some types of businesses are more likely to find themselves the target of a "hacktivist" attack. Hacktivists are malicious actors that seek to intrude into a system to shut it down, steal credit card numbers or other vital data in order to cripple an organization in the public sphere. They are not primarily interested in financial gain, but rather seek to damage or destroy the reputations of businesses they have targeted.
Many organizations interested in promoting the security of information online or in company databases have begun recommending a dual authentication procedure. In this type of protocol, a password alone is not enough to gain access. Instead, access is granted based on two factors, one of which must be something you ‘have’ instead of something that you merely know. An ATM card combined with a password, for example, would represent dual authentication.
According to a recent survey, Americans are feeling more confident about internet security now than was true a year ago. In fact, the decline in anxiety levels about internet security represents the largest one-year drop since the attitudes of American consumers regarding internet security were first tracked beginning in 2007. In addition, the current ranking of attitudes is at the lowest point it has experienced in more than four years.
SonicWALL's latest firewall platform, known as the SuperMassive E-10000 Series is engineered to support large computer networks and operates at the multi-gigabyte speeds needed in today's cutting-edge computing environment. SuperMassive combines SonicWALL's patented deep packet inspection routines known as Reassembly-Free Deep Packet Inspection (RFDPI) with multi-core processing architecture in order to provide excellent control of applications and prevention of intrusion.
The giant anti-virus company Symantec has released a new version of their Internet Security Threat Report. The study, which is published on a yearly basis, outlines the current threat environment in detail. Among the findings were some facts likely to startle employees of small and medium businesses, even those who regard themselves experienced with today's online environment threats.
Tags: IT Consulting, IT Solutions, IT Support, Security, IT Services, Managed Programs, Risk Management, Cyber Security, Outsourced IT Support, IT Security, Encryption, IT company, Outsourced IT, firewalls, Malware
Some firms can operate well by using a managed services approach to their IT needs, but some need more of a hands-on approach. This is where a managed programs provider can be invaluable. In many situations, there is no substitute for a human being who is onsite on a regular basis. By contracting with a managed programs IT support provider, a company can have the confidence that comes from knowing a consultant is close at hand when infrastructure or network problems occur.
According to a recent report by the Federal Emergency and Management Agency (FEMA), which usually works to assist communities in the wake of natural disasters, cyber attacks rank among the top hazards that concern states. In fact, many states are just as worried about being able to respond adequately to a major cyber attack, as they are concerned about being able to cope with the aftermath of a hurricane.
Businesses who wish to maintain robust computer systems capable of accomplishing their business goals, are well acquainted with the importance of software that's able to log various system events. When logging systems are well established as integral parts of a company network, the business will be better able to detect the arrival of malware into the system in order to prevent intrusions and other security incidents. Proper log files also make it possible to conduct a thorough investigation in the event of a breach. In addition, proper log files make it easier for IT staff to track malicious behavior such as the abuse of company resources by internal employees, and access to the system by unauthorized persons.
A new term has sprung up in businesses and other organizations across the United States: big data. Although the term sounds as though it might map exclusively to large organizations, this is far from the case. Small and medium-sized businesses can also find themselves challenged by the need to deal with big data, which simply refers to the gargantuan levels of data that organizations now tend to accumulate in order to conduct their normal operations.
According to the White House press office, President Obama may decide to veto a new bill that businesses regard as essential if they are to be able to fend off hacking attacks and other threats to robust cyber security. The bill, known as CISPA, is officially entitled the Cyber Intelligence Sharing and Protection Act. Provisions of the legislation would encourage the sharing of information about the current threat environment with government regulators. The way these provisions are written, however, has caused some civil libertarians to fear that they would grant permission to ISPs to act as spies for the government, reporting on the actions of their customers.
It has come to the attention of information security analysts that the state of Texas had a major security breach earlier this month. Fortunately, the state's consistent use of encryption technology meant that the worst consequences of such a breach were avoided.
The recent appointment of John Streufert as a deputy undersecretary for cyber security at the Department of Homeland Security illustrates the importance of continuous monitoring. This approach to IT security involves continuously scanning systems and servers as well as analyzing internet traffic on an ongoing basis so that security issues can be spotted, and solved, before they cascade into true vulnerabilities. Streufert is an expert in such technologies; he put a continuous monitoring system into place at the State Department, receiving accolades from everyone from security professionals to members of Congress.
The National Association of State Chief Information Officers has released a report identifying those areas of IT security considered so essential that they should more properly be termed ‘critical’. Although the intent of the report is to identify these areas for the benefit of various levels of government in the United States, the information is also of great use to small and medium sized businesses looking to improve their provision of inform
Most small businesses will have limited experience and expertise with many of the areas identified, but this challenge can be quickly overcome through the use of IT consulting services. Businesses, for example, may wish to have IT consulting staff on hand to assist them as they create new policies for information security or update their existing procedures and standards in this regard. The report is particularly useful because it was written with budgetary constraints in mind, something that most businesses are keenly aware of as they seek to improve their utilization of IT services.
IT consulting firms can also offer guidance as firms seek information about identifying valid and appropriate performance indicators that can help them measure their own IT security progress over time. With the help of consultants, a system can be developed to track and measure this progress so that management and business owners can be assured that their investment in additional IT security is paying off in terms of real world results.