Tag archive for "general news" | Sarsfield Technology (page 2)

Majority of firms struggle with security as new technologies are adopted

New research from the Ponemom Institute and Lumension , shows that a majority of firms are struggling to secure data as users quickly adopt new and emerging technologies such as mobile, cloud computing, and collaborative Web 2.0 technologies. The study, which surveyed IT security and IT operations practitioners, shows that many (44 percent) feel that their IT network is less secure than a year ago or that their IT security policies are insufficient in addressing the growing threats arising from the use of new technologies. Budgets are also a limiting factor, with many feeling that IT security budgets still aren’t what they need to be to fully support business objectives and security priorities. Other findings from the report: 56% said mobile devices are not secure, representing a risk to data security 49% said data security is not a strategic initiative for their company 48% said their companies have allocated insufficient resources to achieve effective data security and regulatory compliance 47% cited a lack of strong CEO support for information security efforts as a reason for ineffective data security programs 41% said there was a lack of proactive security risk management in their organization Just as large companies worldwide struggle to keep up with security, many small businesses do so even more. If you need help understanding the security implications that new technologies bring to your organization, contact us so we can help. Related articles: Companies face IT attacks in uncertain economy: Ernst & Young (newswire.ca) Keeping America’s information safe offers a secure career (techburgh.com) Cloud Security and Privacy (oreilly.com) Computer Security Challenged By Web 2.0 ‘Endpoint’ Growth (Investor’s Business Daily via Yahoo! News) (slumpedoverkeyboarddead.com)

Cyber-crime through the ACH system continues to spread

If you are using an automated clearing house (ACH) system to manage your funds, then you had better be extra careful. The Federal Bureau of Investigation (FBI) has warned ACH users – particularly small businesses – to be on the lookout for ACH system fraud, which has already scammed as much as $100 million from unsuspecting victims. The FBI is working with the National Cyber Forensics and Training Alliance (NCFTA) to determine a solution for the problem and to catch the criminals behind these multi-million dollar scams. All it takes is a seemingly harmless email to an organization’s bookkeeper or accountant to give hackers access to all their accounts. In a technique called “phishing”, these criminals send electronic correspondence laced with attachments disguised as documents or genuine applications (like an update for Windows, for example), or links to supposedly legitimate websites. Once a recipient clicks on these links or installs the software, the hacker installs a keylogging program in their system, giving them access to passwords and other sensitive account information. The siphoning off of funds happens fairly quickly. Some hackers set up ACH transfers to unaware third party groups that typically do payroll processing tasks for international companies, which in turn transfer the money overseas. Others create fake names on a payroll system which automatically siphons off money into preset accounts enrolled in a similar system. According to the FBI, the usual victims are small businesses because of their tendency to work with smaller, less secure banks. It’s the FBI’s conclusion, indicated in a report by their Internet Crime Complaint Center (IC3), that smaller banks lack the proper security measures, which gives hackers the capacity to abuse the ACH system. “In several cases banks did not have proper firewalls installed, nor anti-virus software on their servers or their desktop computers. The lack of defense-in-depth at the smaller institution/service provider level has created a threat to the ACH system,” the IC3 report reads. More details about this story can be found here. (http://www.computerworld.com/s/article/9140308/FBI_warns_of_100M_cyber_threat_to_small_business?taxonomyId=17&pageNumber=1)

Survey Shows Poor Security Awareness Among SMBs

The National Cyber Security Alliance (NCSA) and Symantec recently released the results of a survey they did as part of National Cyber Security Awareness Month to assess the awareness and preparedness of small businesses (51 or fewer employees) in countering cybersecurity threats. Some notable findings: Only 28% have formal Internet security policies in place Only 25% provide even minimal Internet use/Internet security training to employees Those companies that do train spend less than 5 training hours per year on average 86% do not have an employee focused on Internet security More than 90% believe they are protected from malware and viruses However: Barely half of the businesses surveyed check their antivirus software weekly to insure they’re up to date 11% never check security tools to make sure they’re current For many, it seems, online security is simply not a top priority, falling far behind other issues such as meeting payroll and managing cash. But this is dangerous thinking, since more and more companies’ operations have become highly dependent on their IT infrastructure and the Internet for communications and business transactions. How about your business? Is it secure? Call us today and find out how we can help. Related articles: Fake security software ‘installed on millions of PCs’ (telegraph.co.uk) Celebrating National Cyber Security Awareness Month 2009 (googleblog.blogspot.com) Symantec lists “Dirtiest Web Sites” (canada.com)

Mind Your Manners! Etiquette for the Electronic Age

From the heavyset computing devices of Charles Babbage to today’s simple novelty items, electronic devices and gadgets have become smaller, more functional, and more integrated into our daily lives. With mobile phone calls, SMS, and email we are seemingly in constant need to be in touch with other people electronically. And therein lies the problem. Many people seem to put such a high priority on immediately replying to electronic communication that they often unintentionally offend the people they are actually physically with. For example, how does that colleague doing the “Blackberry Prayer” during a meeting – hunched over a handheld device, texting and emailing – make you feel? Here are a few etiquette tips when using our electronic devices: When in meetings, turn your phone off – or at least put it in silent mode. Check your messages and return calls and emails after meetings, not during them. It’s much more polite to explain to a caller or email sender that your response was delayed because you were in a meeting rather than explaining to everyone with you that the person on your phone is more important than them. If you are expecting an urgent call you must take, inform others about it before the meeting begins. When your phone vibrates, excuse yourself quietly and take the call outside. Never wear an earpiece while in a meeting. Don’t use your mobile phone or PDA while you are talking to somebody – it gives the impression that the person you are talking to is unimportant and insignificant. Loud ringtones are inappropriate for certain settings, so make sure they’re off at the right times. If you need to use speaker phone, ask the person on the other line for permission first, and announce who else is in the room with you. Many people are (understandably) uncomfortable not knowing who else may be listening to them. While in video conferences, treat the people on the other end of the line as if they were actually in the room with you. No discreet playing of Plants vs. Zombies on your iPhone while the brand manager from the other end of the line is giving his sales report – regardless of how boring it may be. Remember: electronic correspondence can never replace actual human interaction and conversation. Even though we’re in the electronic age, the old saying still applies: “Politeness is to human nature what warmth is to wax.”

Watch out for “dirty” websites

In a previous post, we pointed out how just browsing the web these days can possibly infect your PC with malware . To show how dangerous surfing can become, Symantec recently released their list of the “Dirtiest Websites of Summer” – the top 100 infected sites on the Internet based on number of threats detected by their software as of August 2009. The list identifies websites that could compromise security with risks including phishing , malicious downloads, browser exploits, and links to unsafe external sites. Some interesting findings from the study: The average number of threats per site on the Dirtiest Websites list is roughly 18,000, compared to 23 threats per site for most sites 40 of the Top 100 Dirtiest Sites have more than 20,000 threats per site 48% of the Top 100 Dirtiest Web sites feature adult content 3/4 of the Top 100 Dirtiest Web sites have distributed malware for more than 6 months Viruses are the most common threat represented on the Dirtiest Websites list, followed by security risks and browser exploits You can read more about this research at Symantec’s website. If you suspect your PCs are at risk, or if you want to ensure your website doesn’t get hijacked by cybercriminals, contact us. We can help. Related articles: Symantec lists “Dirtiest Web Sites” Virus Security By Leveraging Community And Clouds Smartphone users need more security

Small US Firms the Target of Online Fraud

Organized criminals believed to be based in Eastern Europe are robbing small to midsized US businesses of millions of dollars via an elaborate scheme aided by malicious software . Recent reports reveal that over the past few months, several businesses have fallen victim to unauthorized fund transfers whereby hundreds of thousands of dollars from the businesses’ bank accounts have been transferred to accounts in Europe, and in some cases, to the accounts of willing or unwitting accomplices in the United States. According to the reports the victims, usually the company CFO or owner, were sent malicious software as attachments to email, which when opened remained resident on the victims’ machines and stole the victims’ passwords to their online banking websites. The cybercriminals used this information to initiate transfers from their accounts of up to US $10,000 at a time to evade notice and detection from their bank’s anti-fraud or money laundering detection systems and protocols. Your business might be at risk. Make sure you are protected from this type of fraud by securing your PC and network from malicious software. Do not open suspicious-looking attachments and make sure you have the necessary protection in place, such as firewalls, antivirus software, and other methods of protection. Need help? Contact us today. Related articles: Comment: online banking? No thanks Know When Something is Being Installed on Your Machine Cybercrime victim? 3 telltale signs and what to do

Microsoft Releases Fixes and a Workaround for Several Vulnerabilities

The web is indeed becoming a dangerous place. These days, your PC could become infected with malware or vulnerable to a hacker attack just by innocently browsing a website or opening an email. Last July 14th, Microsoft released six bulletins with fixes for at least nine known security vulnerabilities that put users at risk in a range of Microsoft products. Many of the vulnerabilities, if not patched, can allow “remote code execution” or allow a hacker or malicious software to take over your PC and run unauthorized commands. ZDNet’s Ryan Naraine has posted a helpful summary of the released fixes: MS09-029 : This update covers two privately reported vulnerabilities in the Microsoft Windows component Embedded OpenType (EOT) Font Engine, which could allow remote code execution. Rated “critical” for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. MS09-028 : This update fixes three separate vulnerabilities ( one publicly disclosed and under attack! ) in Microsoft DirectShow, which could allow remote code execution if a user opens a specially-crafted QuickTime media file. MS09-032 : This update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user uses Internet Explorer to view a specially-crafted Web page that uses the ActiveX control . This vulnerability is currently being exploited in the wild! Rated “critical” for all supported editions of Windows XP and “moderate” for all supported editions of Windows Server 2003. Some of the vulnerabilities, notably one in Microsoft Office Web Components, do not yet have a patch. An attacker who successfully exploits this vulnerability could potentially gain the same user rights as a local user, allowing the attacker to modify or remove files on the PC remotely. This could potentially happen simply by using Internet Explorer to visit a website. A workaround exists by downloading a free utility from Microsoft called FixIt , which prevents the Microsoft Office Web Components from running in Internet Explorer. Users, as always, are advised to immediately download the updates and utilities, or use Microsoft’s Windows Update service. If you need help installing the patches or workarounds, or if you feel your PCs are at risk, contact us immediately. Related articles: Microsoft Security Advisory 972890 Released Microsoft warns of Internet Explorer security hole Microsoft issues patches, including one for IE exploit Internet Explorer’s ActiveX Security Mitigations in Use Microsoft Warns of Security Hole

Businesses Should Replace PCs Every Three Years

For many small and medium-sized businesses, the cost of maintaining an old PC may be more expensive than upgrading to a new one. This insight comes from a survey conducted by research firm Techaisle , which polled 630 companies across seven countries. Their research suggests that the average cost for SMBs to repair PCs over three years old can be 1.65 times as expensive as repairing PCs under three years old. Repairs include replacements, usually from hardware failure, and the cost to fix software crashes. Small business respondents with PCs older than three years experienced network card failures nearly eight times more than respondents with PCs less than three years old. This was followed by power supply failures, motherboard failures, software crashes, and virus attacks. Midmarket respondents experienced a similar trend, with network card failures at six times higher, followed by power supply failures and motherboard failures. In addition, respondents said desktops that have been in use for more than three years are more susceptible to attacks from malware and viruses (28 percent), while older notebooks are 58 percent more likely to endure a virus attack. The cost of related lost worker productivity should also be factored in by companies wishing to hold on to outdated hardware. Are you hanging on to old PCs in an attempt to money? Contact us today. We can help you assess the health and condition of your PCs, as well as determine the cost of maintaining existing PCs versus upgrading or replacing them.

Does your business need a server?

Is it time for you to consider a server for your business? This question was raised recently by Rhonda Abrams, a writer for USA TODAY’s Small Business section. According to Ms. Abrams’s article, if your business is growing and you have more than two people in your business, then you should definitely consider buying a server. Having a server, or a dedicated computer that acts as a central resource for data and applications within your office network , can dramatically improve the way your business runs. A server allows you to consolidate your data in one place, making it easy to share among your colleagues. Network file shares allow you to upload and archive files and data in one centralized location for everyone. Centralizing data also makes it easier to secure and back up. Servers often are powerful computers that can host applications your business runs within the office network. With servers, you can run applications such as email and security services, host your business website or company intranet , deploy multi-user databases, and much more. Let us know if you are considering deploying a server for your business – we can help you do it efficiently and cost effectively. Related article: Strategies: It might be time to get serious about a server.

Hackers Launch Cyber-Offensive Against American and South Korean Sites

Last July 4th and 5th, a massive denial-of-service attack was launched against several government and commercial websites in the United States and South Korea. According to security researchers, the attacks were the work of malware that infected PCs and routed traffic to government and commercial sites during the July 4 weekend in an attempt to take them down with the flood of simultaneous requests hitting them. Among those affected were the U.S. Department of Treasury, the Secret Service, the Federal Trade Commission, and several others. The attacks, which hit South Korean sites a few days later on July the 7th, are widely believed to have been carried out by an updated version of the MyDoom worm which gained infamy when it first hit Windows machines last 2004. The motive for the attack is not yet known. In the meantime, users are advised to scan their machines and update their operating systems to protect against known vulnerabilities. Contact us to learn more about protecting your business from a similar attack. Related articles: Mysterious cyber-attacker hits at federal websites, crisis averted? Cyber Attack Targets Government Websites Who’s behind cyber assaults?

Prev 1 2 3 4 … 8 Next