Tag archive for "security" | Sarsfield Technology

Why Cyber-Attacks Commonly Attack SMBs

Many small and medium-sized businesses have the misconception that they are safe from cyber-attacks because of the lesser profits cyber-thieves can make from them. But recent studies show that hackers are now starting to exploit the less strict and intricate security protocols of SMBs. There is a misconception among many SMBs that they are small targets for would-be cyber-attacks. “We’re too small a company to be of any worth” is the mindset of many. However, there is an ongoing trend in which smaller companies actually find themselves victims of the most elaborate and vicious cyber-attacks. Why? Security experts are discovering that SMBs tend to have less or inferior security protocols in place to counter cyber-attacks. While this was of little consequence in the past, cyber criminals are now starting to take notice of the fact, and are exploiting it to their advantage. And it’s profitable too – an attack on one SMB might not amount to as much as a larger organization, but given the greater ease through which hackers can attack smaller businesses, they more than make up for the difference in the volume of companies they target. According to several news reports, these cyber-thieves can make off with as much as $70 million. The more unfortunate fact is that smaller companies are less able to counteract the effects of losses from cyber-attacks. This is why you should stay one step ahead of cyber-thieves by updating your security systems. Short term or long term, it’s a practical solution to keep information and data safe, and your operations stable. Give us a call today – we can help.

Beware: Hackers Exploit Loopholes in Public Wi-Fi

Public Wi-Fi is all well and good, but its very nature makes it easy to exploit and allow hackers access into your system – unless you have the proper security protocols in place. These days, Wi-Fi is everywhere. Airports, coffee shops, train and bus stations, malls – almost every public place you can think offers Wi-Fi connectivity. Being connected to the internet has evolved from luxury to necessity, and whether it’s for personal or business reasons people are online as much as possible. This is all well and good, except when you consider that hackers have started to extend their playing field to public Wi-Fi networks. With the volume of sensitive information such as passwords and financial transactions, it’s inevitable that crooks and fraudsters move to public networks where there is more potential to illegally farm large chunks of information. Two things are important about this emerging trend. First, it’s the very nature of public networks that makes them vulnerable to attack. Second, hacking has become much easier these days, with very simple hacking programs such as Firesheep easily downloadable from the web. However, the solution is simple as well: have the proper security protocols on your smartphone or laptop. It’s unfortunate that many people neglect to recognize the importance of such policies, and only have minimal security (if any at all) to guard against attacks. But as long as you have the proper protocols in place, you can stay connected – even through public Wi-Fi – without fear of hacking or any sort of intrusion into your system. If you want to know more about keeping your portable devices safe from attacks, please feel free to contact us. We’ll be glad to explain the issue in more detail and draw up a solution customized to fit your needs.

Lessons from the Epsilon Incident

One of the world’s leading email service providers, Epsilon, found itself the victim of a phishing attack that saw a significant amount of data lost to cyber-thieves. It’s important to learn from mistakes like these and make sure that both your own and you clients’ data is kept secure and safe from thieves. There’s been a lot of buzz recently about Epsilon, one of the biggest email service providers in the world, as it suffers from the backlash of allowing itself to be a victim of phishing efforts – which has affected the business data of as many as 50 major companies who are clients of theirs. Reports are also citing Epsilon’s failure to heed an alert from a business partner which advised the provider to be on its toes against potential attacks from cyber-criminals targeted towards email service providers. The damage estimates vary, with Epsilon citing only about 2% of their data being stolen, but the impact is undeniable. Cyber-criminals now have access to a sizable number of personal data stored through Epsilon – passwords, account numbers, and even the purchasing / buying habits of the customers of Epsilonงs clients. Many of Epsilon’s clients are now sending out messages to their own customers, warning them that their email addresses may have been compromised. It’s a lesson to companies, big and small, to pay more attention to beefing up their security protocols, since all it takes is one breach to endanger all of your data. In addition to having the right security software, it also helps if you require your employees undergo proper user training to make sure that they won’t be easily baited by scams like phishing, and will be more aware of how to contribute to the safety of your business data. Failing to do so puts not only your company, but also your clients, at risk. If you’d like to make sure your systems are safe, call us and we’ll evaluate your current security measures and suggest ways to make critical improvements.

How to Protect Your Data When Employees Leave

The growth of technology in the business environment has been a boon, but it also gives departing employees many methods of taking data with them. In the past, they used CDs; today, they can copy files to a portable USB storage device, email them, or even use a smartphone. Here’s how you can protect yourself. Remember the days when employees kept important information in paper files? They are long gone. According to a study conducted by the University of California at Berkeley, almost all of today’s new information is stored electronically. And that could mean trouble for your company when an employee resigns — because electronic documents are both easy to copy, and portable. That makes them more prone to theft than paper documents. Case in point: In August 2009, DuPont filed a lawsuit against a research scientist who allegedly stole more than 600 files by copying them to a portable hard drive. And that wasn’t an isolated incident; another DuPont research scientist was sentenced to an 18 month prison term for stealing proprietary information worth $400 million. Think employee data theft doesn’t apply to your type of business? Think again. A 2009 study conducted by the Ponemon Institute found that data theft is rampant in the business world. According to the study, 59 percent of employees who quit or are fired take confidential business information with them. And when the employee works in IT, the access to confidential data is even greater. A 2008 study by Cyber-Ark Software found that almost 90 percent of IT employees would take sensitive company data with them if they were laid off. The lesson: When employees leave, you must take steps to protect the electronic information they have access to. This may include customer information, financial records, trade secrets, intellectual property, and email lists, to name just a few items. We recommend that when an employee leaves, you prevent his or her account access, set the account for immediate review, save any necessary files (which may involve consulting with other departments for verification of documents), then delete the account. In addition to protecting data, this will also optimize server space and open up more storage space for the company. While some employees might argue that they need access to their personal files before departing, and you may grant such access (supervised, on a case-by-case basis), it is not required; any of the information that is located on a company computer is company property. In a sensitive situation it’s always good to let us know ahead of time so we can help you prepare for a well-managed and secure transition.

Why You Should Encrypt Your Email

We often send out highly sensitive, if not confidential, information through our email accounts such as banking information, passwords, pictures, and more. But how many of us actually take time to make sure the emails we send out are secure? Here is a guide for keeping your email away from prying eyes. Encrypting email is relatively easy with today’s software. Usually it involves the use of a public key and a private key. The public key is available to everyone, and if you want to send someone an email message you would use that person’s public key to encrypt that message. That person in turn would use his private key, to which only he has access, to decode that message. Software such as the latest versions of Microsoft Outlook supports this feature , and even flags you if the recipient’s email software does not support encryption. Some systems take it a step further by allowing you to digitally sign your emails, so that other people can verify that it is you who actually sent the email and not someone else. This is especially important since hackers sometimes spoof or impersonate the identities of others to fool unsuspecting users. If you are interested in finding out more about email encryption and security, contact us today to find out how we can help make sure your messages are safe and secure.

The More Complicated the Password, the Better

Your passwords hold the keys to most – if not all – of your online presence, so keeping them secure is paramount. In the same way that keys are used to open different doors, passwords are used to access many areas of cyberspace. However, those passwords are vulnerable to hacking, stealing, or random guessing – which makes password integrity and security a main concern. However, for many people, this essential fact is overlooked. Many tend to use either easy-to-guess passwords, or use the same password for all their online accounts – from their online banking to their email – which is a hacker’s dream come true. Because when they steal a password, it’s standard operating procedure for them to test it against popular websites to see if it works there as well. The most basic security measure you can use to guard against this is to have multiple passwords for your different online accounts – whether they are for personal or business use. And don’t just think of easy passwords, like your birthday or wedding anniversary – these are usually the first thing hackers try. The best passwords are alphanumeric – composed of both letters and numbers so that it’s harder to crack. This might be a bit tedious, but it’s better than running the risk of compromising your security online. There are also several programs and applications you can use to help store your passwords, so you only need to remember a few of your most-used ones, and refer to your database for the others. Remember, your passwords hold the keys to most, if not all, of your online presence, so keeping them secure is extremely important. If you’re looking for a security solution for your passwords, please give us a call so we can help you implement a password security system that works for you.

Security Made Easy With Clear Cloud

Clear Cloud is a safe, effective, and simple way to check your browsing habits and keep your computer clean. It’s a simple, straightforward approach to getting better security for your computer: download software, install it, and have it check whether every single website you go to is safe or not. That, in a nutshell, is what Clear Cloud does. This nifty little program is designed to help you filter out and block potentially harmful websites that many people unwittingly stumble into time and again. It’s the perfect solution for anti-phishing and helping keep your system free of malware – at least from stray clicking. While not a replacement for up-to-date anti-virus and other security software, it is an additional tool at your disposal. And yes, Clear Cloud checks every single website you visit. How? Since Clear Cloud belongs to the DNS network, it has access to every website in the world. This enables Clear Cloud to check every website you access or try to access. If the website is clean, Clear Cloud allows you to access the website. On the other hand, if the website proves to be suspicious, then Clear Cloud blocks the website. And if you’re concerned that this may take a toll on your bandwidth, think again – Clear Cloud operates and finishes each task in literally the blink of an eye. If you want to know how you can use Clear Cloud or other tools to keep your systems safe, please don’t hesitate to give us a call and we’ll be more than happy to discuss a custom security policy with you.

Hackers Use JavaScript To Infiltrate Your System

JavaScript is a very popular programming language used in many websites, making your web experience more dynamic and interactive. However, hackers can exploit JavaScript and use it to infiltrate your system. It makes the web experience very dynamic, enhancing the interactivity of many websites – you’ll see it everywhere, from Facebook to the most obscure sites on the web. Another reason it’s popular is that it’s compatible with all browsers, from Internet Explorer to Mozilla and even Mac’s Safari. Unfortunately, this popularity and wide range of use also makes JavaScript a tool that hackers and other unscrupulous programmers can use to infiltrate and hack into a system. The attacks can be simple or complicated, ranging from simple spam to more elaborate scams. The degree simply depends on the purpose of the script’s designer. What’s more, a quick visit to an infected website can trigger an attack, if your browser is enabled to allow JavaScript to execute from that site. The good news is that you can protect yourself from these kinds of attacks. Simply block JavaScript from executing from sites you aren’t familiar with – better safe than sorry. For Internet Explorer , go to Tools > Internet Options > Security, and set your bar to High. You can also input a list of trusted sites. For Firefox users, a free application called NoScript gives you control over which websites can execute JavaScript on your browser. Google Chrome users can select a universal disabling of JavaScript from all sites, and then add a list of sites exempted from the ban. Other browsers also have options to either disable JavaScript execution or prompt you for permission before the script is run from any website. You should also be particularly wary of JavaScript attacks originating from malicious PDF files. Antivirus and security firm Symantec reports that almost half of all web-based attacks come from infected PDF files. You can disable JavaScript in Adobe Acrobat Reader by selecting Edit > Preferences > JavaScript, and then removing the check on “Enable Acrobat JavaScript”. It might seem inconvenient to guard yourself from these sorts of attacks, but in the long run it pays to keep your system secure. If you want to know more about keeping your system clean and safe from attacks, give us a call and we’ll be happy to help you develop a customized plan that meets your particular needs.

Tabnabbing Poses a New and Significant Security Threat

A new threat to computer security has been discovered in which tab browsing vulnerabilities are exploited to fool users into divulging passwords and other sensitive information. Dubbed as “tabnabbing”, the vulnerability was discovered by Aza Raskin, the creative lead for the Mozilla’s Firefox browser and co-founder of Songza, a music search engine and jukebox. Tabnabbing fools users into entering passwords and other sensitive information when an unselected tab in your browser appears to transform itself into a lookalike for a familiar website. You are then prompted you to re-enter a username and password, which in turn passes that information along to the hacker. Incidentally, Raskin’s blog post on the topic ( http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/ ) demonstrates how the website can “change” into a lookalike. Both Mozilla Firefox and Google are vulnerable to this type of attack, which is classified as “phishing” – a scam where users are tricked into entering login information into fraudulent websites masquerading as legitimate ones. Fortunately, there have been no instances – yet – in which tabnabbing has been used in phishing attacks, but Raskin says that he is “aware of other researchers and toolkits extending and expanding tabnabbing”. However, it’s very likely that phishers will be looking for ways to exploit tabnabbing soon, and are currently no fixes or patches released. One way you can protect yourself from tabnabbing is to make sure that your browser has the proper anti-phishing features installed. It’s also important that your website is updated with the latest security features since many phishers like to exploit websites running old version web software, which they use to host phishing sites. If you want to know more about keeping your system secure from the latest malware and security threats, please don’t hesitate to get in touch with us and we’ll be happy to sit down and discuss security options that fit your needs and requirements.

Protection Racket Against DDoS Attacks Revealed

Security firm Symantec has uncovered a scheme to extort website owners for money or face the possibility of a DDoS attack. Security firm Symantec recently uncovered a scheme that purportedly attempts to extort money from website owners and operators in order to avoid the possibility of a DDoS attack. The capability of these extortionists to actually carry out the threat is still an open question, and it’s more likely that this may simply be an empty threat to try to get money. The best action against these types of messages is employing screens to block such email from reaching your mailboxes. However, it’s best to seek the services of an expert to determine the extent of risk, and also to employ safeguards and response measures should an attack take place. If you find such messages in your mail, let us know and we can help.

1 2 3 … 7 Next