Tag Archives: anti-virus

Protect Your Organization from Ransomware

ransomwareIt’s a moment every business owner dreads. A message appears on your organization’s computer screen alerting you that your files have been encrypted and the only way to access them is by paying a ransom. Security threats to computers and mobile phones have grown more sophisticated around the globe in the past few years. The United States in particular saw an increase in “ransomware.”

What is Ransomware?

Cypersecurity experts report that ransomware is one of the fastest growing forms of hacking, and the scary part is that no one is safe. An individual, a small business, a Fortune 500 company, and government agencies can all be infiltrated. It also attacks smartphones. Ransomware is malicious software that hackers use to extort money from individuals or businesses by preventing them from opening their documents, pictures, and other files unless they pay a ransom, usually in the amount of several hundred dollars.

How Ransomware Works

Similar to other hackers’ schemes, ransomware can arrive in emails or attachments with links that, when clicked, encrypt your files. Attacks can also occur during a visit to a website, as cybercriminals can attach computer code to even the most well known websites. It could happen during something as harmless as updating an application or downloading an app on your smartphone.

Protect Your Organization

Cybercriminals are starting to target small businesses more and more, because generally speaking, they are more vulnerable. While big companies have backups and separate computers for their different departments, small to medium sized businesses lack technology teams, sophisticated software, and secure backup systems to protect from ransomware. One of the best investments your organization can make is to make sure all your devices are compliant with the latest operating systems patches and security updates and backup your company’s files in the event of a security breach. If your organization needs guidance on secure backups, contact your trusted IT advisor today.

Beware of Cryptolocker

cryptolockerImagine you are on your personal or work computer, and you receive a seemingly innocuous email from a trusted source, such as your bank, your tax office, or even a friend. The source asks you to download a file to update important account information. But, when you click on it, your most important files become encrypted and you are threatened you will lose them unless you pay a sizable sum to get them back! This real threat is called cryptolocker.

What is Cryptolocker?

Simply, cryptolocker is malware that encrypts documents and asks for money to unencrypt them. It affects both personal data and company data stored on corporate files. If you’re tricked into downloading the infected file, the virus will target your most important applications and operating systems. Cryptolocker can bypass virus scanners and other security measures to infect your computer, so it’s important to be able to recognize the warning signs.

Typical Warning Signs

Beware of the following suspicious emails:

  • Senders you do not recognize or known senders with unexpected content
  • No recipient listed in the “To” line of the email
  • Links in the email that do not match the title when you scroll your mouse over it
  • “Zip” files you are not expecting

How to Protect Yourself and Your Company

The following tips will help keep your personal and company data free from cryptolocker:

  • Delete suspicious emails right away and empty your trash bin
  • Keep antivirus and anti-malware definitions up to data
  • If you do get infected, remove the machine from the network to protect your organization from further damage
  • Train your employees regularly on IT security measures

If your company needs guidance on the latest antimalware techniques, contact your trusted IT advisor today.

How New Technology is Changing the Way Your Business Needs to Think About IT Security

New technology trends pose new security threats to businesses. CompTIA reports that 64% of companies report a “drastic or moderate” change to their security approach. In their survey, more than half of businesses recognize opportunities within their organization for security improvement. IT security priorities are currently focused on developing new corporate policies and educating employees. Businesses are no longer solely relying on annual security reviews; the majority of companies are seeking education that is more ongoing and interactive to avoid future security threats.

Modern Day IT Security

With new and evolving technologies, the overall approach to IT security must be re-evaluated from the top levels of a business. As more cloud solutions and mobile devices are being utilized within the workplace, new security products are attempting to meet the needs of modern day IT security, such as firewalls, Data Loss Prevention (DLP), and Identity Access Management (IAM). When strategizing your organization’s IT security plan, two main areas need to be addressed in order to be prepared in today’s security landscape: risk analysis and end user awareness.

Balancing Risk and Security

Risk analysis is becoming a critical activity as companies decide how to handle corporate data, but only 41% of companies are currently performing this in a formal way. Typical risk analysis includes determining the probability of a risk, estimating the potential impact, and then deciding on mitigation strategies. But, the growing trends of cloud computing and mobility have increased the need for careful risk analysis. Since with public cloud computing and personal smart phones and tablets, data resides outside of your company’s control, companies must re-evaluate which data and systems are the most critical to the business. From there, they must decide which areas need the strongest defenses.

End User Training

CompTIA’s research also reveals that companies are behind the times when it comes to training end users. In today’s consumer-driven IT landscape, it’s more important than ever to invest the time and tools to equip end users with knowledge and responsibility when it comes to protecting company data. Do your employees fully understand your company’s security policy and the importance of acting in the best interest of your organization? If your organization needs help updating your IT security policies, contact your trusted IT advisor today.

The Growing Importance of Mobile Security

According to a report by CompTia, 28% of businesses view security as a significantly higher priority today compared to two years ago, and an even greater percentage of businesses expect the importance of security to rise in the next two years. The study also revealed that while many companies assumed a satisfactory level of security, they did not fully comprehend their exposure to potential security threats. The rise in security threats is largely due to emerging technologies, causing businesses to take a new approach to security. End users now have access to powerful devices and business class systems, often without the oversight of an IT team. Therefore, investing in mobile security is one the smartest things your small to medium sized business can do to protect your organization.

The Human Element to BYOD

According to the study, the factors in security breaches fall 45% to technology error and 55% to human error. With the BYOD (Bring Your Own Device) trend, more and more employees are bringing their own mobile devices to work, and end users typically do not have the background knowledge of security that allows them to recognize potential threats. The desire for productivity and flexibility is driving many businesses to adopt a “use first, secure later” attitude when it comes to mobile security, but this approach puts your business in danger.

Most Common Mobile Security Incidents

Mobility forces businesses to consider data leaving the company in the hands of its employees. The top three reasons for mobile security incidents include: lost/stolen devices, mobile malware, and employees disabling security features. Mobile malware is quickly becoming a growing concern, up 19% from 2012. Since there is a much stronger personal connection to mobile devices, employees are apt to want to use their device however they want to. And, since mobile devices are more closed than laptops, IT departments are not able to place the same safeguards on smartphones and tablets as they are on many other devices.

How to Develop a Mobile Security Plan

The biggest goal with mobile security becomes one of education rather than technical improvement. Companies are quickly realizing that their mobile device security education must be interactive, ongoing, and measurable in order to raise awareness about mobile security. Organizations that have made mobile security education a priority indicate that appropriate and effective training has provided a “relatively high value” or “very high value.” In addition to educating your employees, it’s important to encrypt data on mobile devices, keep OS and apps up to date, and prevent jailbreaking on smartphones. Also make sure that your employees keep passcodes on their devices; while this measure has limited security potential, it at least provides some protection against amateur attackers. If your organization needs guidance learning more about mobile security, contact your trusted IT advisor today.

Is Cloud Computing Secure?

In the early days of Cloud computing, the common perception was that the Cloud automatically opens systems to new, catastrophic risks. When weighing the pros and cons of moving to the Cloud, business owners assumed they were sacrificing security for the business agility that comes with using Cloud systems. Yet, as Cloud adoption becomes more universal, these high levels of adoption are actually seeing an increased level of trust in Cloud computing systems, which begs the question: Can the Cloud lead to more secure computing?

Traditional Network Security

Traditionally, organizations have used on-premises security solutions or contracted with network security experts to protect their network, data, and applications. Data centers imbue a sense of security and control for businesses – feeling more secure is likened to locking down a warehouse and visualizing that anything within the walls of the organization is safe. There’s no question, then that businesses feel an inherent unease with the Cloud concept, because the approach itself seems insecure; your data is stored on servers and systems you don’t own or control. Yet, does control necessarily equate to security?

The Cloud is Just as Safe as On-Premises Security

IT security experts are claiming that fears of the Cloud being unsafe can largely be put to rest. In fact, the Cloud may actually be able to improve the state of IT security. Many Cloud  security experts dispel the Cloud insecurity myth. Many believe the Cloud is  more secure than traditional systems. So, can your business trust your Cloud Service Provider (CSP) to also handle network security?

Which Platform is Right for Your Business?

The answer depends on your needs as a business. Cloud providers can give end users a flexible infrastructure hosted from reliable systems, but your network can become compromised just as quickly by bad policy decisions as an on-premises environment. Speed of incident response and depth of forensics are just as important in preventing security attacks in the first place – the Cloud shows advantages in both of these areas. If you choose to go with the Cloud, make sure you are communicating with your Cloud provider to ensure they are meeting security standards.

In conclusion, IT security experts have agreed that Cloud systems are not inherently unsafe, but businesses still must exercise good judgment when it comes to developing a plan for network security. The best course of action is to focus on a well-defined and executed security strategy with the right technology with whichever platform you choose. If your organization needs guidance learning more about network security, contact your trusted IT advisor today.

It’s Time to Take Cloud Security Seriously

While cloud security concerns are top of mind with many business owners, the benefits of the cloud far outweigh the risks. Nevertheless, as companies deploy cloud computing, taking cloud security seriously will ensure a smooth transition to the cloud.

Top Cloud Security Concerns

If you are moving your business to the cloud it is important to understand and address your security needs. For many companies, the top concerns of cloud security are cloud service provider’s encryption policies, business continuity and disaster recovery capability, data protection and data integrity. There are a number of other critical concerns, such as the physical security, identity and access management, and regulatory compliance.

How to Protect your Data in the Cloud

Create Strong Passwords

An important step you can take to protect your data in the cloud is to create a policy for passwords within your organization. By requiring a string of text combining numbers, letters (both uppercase and lowercase), and special characters your employees will avoid common passwords that are easily hacked. Also, ensure that your company policy requires changes to passwords regularly and asks employees to use unique passwords when accessing the cloud from their desktops.

Network Compliance

In addition to creating strong passwords, it’s important for your company to keep your network in compliance. Your network is secure as its/ weakest point of access.  Ensure desktops, laptops, tablets and smartphones are maintained with the latest operating system patches and are protected by up to date antivirus and antimalware definition updates.

End User Training on Security

Employees with a clear understanding of security policy and related risks will help keep your data protected in the cloud.  Employees educated in the importance of password protection and network compliance may help allay cloud security concerns.  According to CompTIA’s 9th Annual Information Security Trends study, only 3 in 10 customers report engaging in heavy and comprehensive review of their company’s security policies.

Has your company reviewed how you want to handle security, reliability, compliance, and legal issues related to your cloud service? If not, consider contacting a cloud computing professional to review your cloud security policies today.

Can You Survive a Network Security Attack

Businesses are under constant attack from a variety of network security threats.  Cybercriminals hack databases for passwords for unauthorized access to your network.  Undetected Malicious software (malware) can trap and forward passwords. Viruses can infect your hard drive and destroy application data and files without your knowledge. Businesses large and small face these network security threats on a daily basis; larger organizations, however, may have more resources to fight attacks.  Small businesses may be more vulnerable to downtime and loss of productivity because of thinner margins and resources. Here are a few steps you can take to survive a network security attack.

Prevent Network Security Attacks Before they Occur

Protect your network by making sure all devices are in compliance with the latest anti-virus and malware updates. Ensure your operating system (O/S) patches are up to date. Protect your network with strong passwords and require your employees to change them regularly.  Discourage writing passwords down, and make sure employees are aware of the risks of a network security attack.

Lock Down your Mobile Devices

Mobile devices including smartphones and tablets are particularly vulnerable to theft and loss. Passwords on these devices can be easily cracked leaving your applications and data vulnerable to unauthorized access. Train your employees to report theft or loss of mobile devices quickly, and make sure that all data on the device is encrypted.  Having the ability to track and wipe data from these devices is another option to ensure you can survive a network security threat.

Backup Your Data

Online Backup and Cloud Backup are affordable options to have quick access to applications and data if you lose data because of a network security threat.  Additional options include having a failover system to quickly restore your information and get your business back up and running should you have a systems failure.

Compromising your critical information from unauthorized access, virus infection, and loss can be devastating for any business.  It is likely that small businesses have higher exposure and will have greater difficulty recovering from a network security threat. Contact your network security expert to find out your best options to avoid the consequences of a network security threat.

Windows XP Updates to End on April 8

According to Microsoft, support is ending for Windows XP after April 8, 2014.  Technical assistance, including automatic updates that help protect your PC, will no longer be available after this date. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP.

When Microsoft withdraws support for Windows XP updates, many businesses will need to migrate to Windows 8.1 or modernize their IT Systems to another platform.  With Cloud Computing and Mobile Computing, there are a variety of options available.  For those who choose to stay on Windows XP, here are some considerations:

Windows XP Updates for Security Discontinued

Microsoft’s discontinuation of automatic updates and security patches for Windows XP may leave you vulnerable to Malware and viruses, which may cause IT Security risks for your PC and network.  Remember: your network is only as secure as its weakest link.

ISV and Software Support for your Popular Applications

The latest versions of your applications may not be available for Windows XP.  Web conferencing applications, office productivity applications, and other business applications may not be supported by the software developer when Microsoft discontinues its XP support.

Maintaining Compliance on Windows XP

After April 8 your Windows XP machines will no longer have O/S patches. Without O/S patches, your ability to comply with your IT policies and procedures for industry and regulatory requirements, including PCI and HIPPA, could be compromised.

Consider these tips to keep your IT Systems up-to-date and keep your business running in a secure and reliable manner.  Migrating from Windows XP with the help of an IT Service & Support Professional can help you get the most out of your IT Assets while avoiding IT security risks.  Don’t hesitate to contact your business technology advisor for strategies to migrate from Windows XP.

Why You Need a Bullet Proof Computer Network

Your Computer Network is the information pipeline of your business. But what if your network goes down?  If your computer network is not operating properly, you may lose access to critical applications and their data.  If you are using mobile applications, software as a service, or other types of Cloud Computing, your computer network needs to be highly reliable and readily available. While reading this article, you will learn about information technology trends that impact your Computer Network.

Cloud Computing and Your Network

With Cloud Computing, your employees require consistent and reliable bandwidth over the internet to connect with the most popular cloud applications.  As Cloud Computing is becoming more important in business, it is becoming increasingly necessary to protect your network. Cloud Computing is an undeniable trend.  Most industry analysts forecast strong growth for The Cloud.  From a September 2013 forecast from International Data Corp., worldwide spending on public IT cloud services is predicted to reach $107 billion by 2017, an increase from $47.4 billion in 2013.   This trend in cloud computing is driving mega deals, such as the acquisition of Time Warner Cable by Comcast, as cable is a popular option for business class internet.

Is your Computer Network ready for Mobile?

A WiFi network is a practical way to connect laptops, convertibles, tablet PCs, and smartphones to your business.  However, mobile devices can tax your computer network performance and security.  To ensure smooth and consistent network connectivity, your computer network needs to accommodate the additional bandwidth requirements of those mobile devices.  Additionally, mobile devices may be a source of virus, Malware, or phishing schemes on your computer network.  Remember that your network security is only as strong as its weakest link.  Keep your mobile devices up to date with the latest Anti-Virus and Anti-Malware updates.

Ensure Network Security

Network SecurityCyber Criminals and hackers put your network security on the defense.  It is important that you protect your network with intrusion prevention, firewall, anti-spam, Anti-Malware, and web-filtering capabilities.  These necessary defense mechanisms help prevent unauthorized access to business applications and other data attached to your network. It is also a good idea to monitor and scan your network periodically to detect any unauthorized access that may have made it past your first line of defense.

Your Computer Network is the lifeline of your business for Cloud Computing, mobility, and employee productivity.  To get the most from your IT investment, your network needs to be bullet proof.  If you believe you can get better performance from your network or are unsure about your network security, contact your computer network professional today.

Mobile Security: Why Should I Care?

Mobile security is top of mind when it comes to concerns for IT Managers.  According to the Computing Technology Industry Association (CompTIA) risk of loss is the number one concern related to Mobile security. For the first time last year, more smart phones and tablets shipped than PC desktops.   It is no surprise that mobile devices are the target of mobile security threats.

Chances are most people in your company have a smartphone, tablet or both.  In some cases these devices connect to your company network using WiFi.  It is equally likely that these devices access company information via email, mobile applications or file synch to company data.  Now that these devices are universal, it is important to have a plan if they are lost or stolen. Keep in mind, your four digit password may be the only thing between an intruder and your data.  Here are some additional considerations for mobile security.

Mobile Security Policy

While you can remotely wipe a Mobile devices when it is lost or stolen, this may not be enough.  That four digit passcode can be easily hacked in minutes.  It is important that employees know how to report a lost or stolen device immediately.  Also consider, there may be personal information on the device that is property of your employee.  This data may not be backed up and could be impossible to recover. There may be local laws that prevent you from wiping this type of data from personal devices.  If your employees access your corporate systems, be sure they sign and acknowledge your company policy for acceptable use, including policy for reporting lost or stolen devices and mobile device policy for storage of personal data on a company owned mobile device.

Mobile Security Training

Some social networks are designed to harvest contact information that may be synched with corporate contacts.  Publishing privacy data without consent may be considered a data breach.  Train your employees on the importance of mobile security policy and the related mobile security risks.

In addition to mobile anti-virus, mobile anti-malware detection, device management, mobile phishing protection, your knowledgeable employees are one of your first lines of defense against the threat of a mobile security breach.  If you feel your employees need training or your mobile security policy is not up to date, contact your mobile security professional today!