Carrollton Dermatology Associates
Dr. Thomas H. Lamb, MD.
Brighter Image, Inc.
RA-Lin and Associates
North Georgia Turf, Inc.
Security of a business's systems and networks should be important to many business owners and managers. In fact, an increasing number of companies are implementing security strategies. While these strategies do keep businesses secure, there is one critical element that could cause plans to fail, leading to an increased chance of a breach of security: The audit.
These elements are: assess, assign, audit. When you develop a plan, or work with an IT partner to develop one, you follow the three steps above, and it may be obvious at the end. In truth however, you should be auditing at each stage of the plan. That means you first need to know what goes on in each stage.
During the assessment phase you or your IT partner will need to look at the existing security you have in place. This includes on every computer and server and also focuses on who has access to what, and what programs are being used. Doing an assessment should give you an overview of how secure your business currently is, along with any weak points that need to be improved.
The assignment phase looks at actually carrying out the changes you identified in the assessment phase. This could include adding improved security measures, deleting unused programs or even updating systems for improved security. The main goal in this phase is to ensure that your systems and networks are secure.
Auditing happens after the changes have been made and aims to ensure that your systems are actually secure and have been implemented properly. Throughout the process you will actually need to continually audit and adjust your strategy.
Keeping systems and computers secure can seem like a full time job, largely because there is a near constant stream of security issues being discovered. From malware to bugs in software, you can bet that you will eventually find a security breach in your systems. The other week news broke of a bug that posed a critical security flaw in Apple's operating systems.
The update notes released by Apple noted that the patch "provides a fix for SSL connection verification." This is a fairly common update as it is aimed at improving the security of communications between websites and the device. However, security experts found out that without the update attackers who can connect to a network are able to capture sensitive information being sent in banking sessions, email messages, and even chat messages using what's called an SSL/TSL session.
In other words, SSL and TSL are used to ensure that information is exchanged securely over the Internet.
According to security experts, this bug has been found to affect devices running older versions of iOS 7, OS X 10.8 and newer, Apple TV, and possibly iOS 6. It is important to note that the bug is only found in Apple's SSL technology. Any app that uses Apple's version of SSL could be affected.
You should also remain vigilant and not connect to any open or public Wi-Fi connections or even secured Internet connections that could be easy to break through. Basically, as long as you update you should be fine. However, it may be worthwhile using another browser if you are really worried about whether you have a secure connection.
If you are looking to learn more about this security flaw, or how you can secure your business from threats like this, contact us today. We can help.
There are numerous ways business security systems can be compromised. A common way is phishing - tricking people into giving up important information via email. Original phishing methods are now well known, and increasingly less effective. So hackers have become more skilled and have adapted their phishing methods into a new form of catching people out with what experts have labeled as spear phishing.
Generally a hacker will first pick a target and then try to learn more about the related people. This could include visiting a website to see what a company does, who they work with, and even the staff. Or they could try hacking a server in order to get information.
Once they have some sort of information, usually a name, position, address, and even information on subscriptions, the hacker will develop an email that looks similar to one that another organization might send e.g., a bank. Some hackers have been known to create fake email accounts and pose as a victim's friend, sending emails from a fake account.
These emails are often similar to official correspondence and will always use personal information such as addressing the email to you directly instead of the usual 'dear sir or madam'. The majority of these emails will request some sort of information or talk about an urgent problem.
Somewhere in the email will be a link to the sender's website which will look almost exactly like the real thing. The site will usually ask you to input personal information e.g., an account number, name, address, or even passwords. If you went ahead and followed this request then this information would be captured by the hacker.
Should someone fall for this tactic, they will often see personal information captured and accounts drained or even their whole identity stolen. Some spear phishing attacks aren't after your identity or money, instead clicking on the link in the email will install malicious software onto a user's system.
We are actually seeing spear phishing being used increasingly by hackers as a method to gain access to business systems. In other words, spear phishing has become a great way for people to steal trade secrets or sensitive business data.
Our computer systems need a high level of protection against harmful viruses, worms and other malware currently spreading like wildfire over the Web. If you have a layered security or defense in depth strategy in place, then you’re probably well protected. But if not, then our guide will surely help you protect your computer systems.
Just like the human body, a computer system can also be attacked by many viruses that can infect and disrupt computer operations. And what's worse is it doesn’t just disrupt the operations of your computer, but these viruses and other malware can gather sensitive information or even gain access to other private and secured computer systems on the same network.
Although computer viruses aren't deadly, they can spread at an unimaginable rate across your entire computer system, affecting your database, networks and other IT-related sources. You can get these viruses by opening bogus email messages, downloading unknown file attachments, and accidentally clicking ads that pop up your screen. This is why there is a need for a strong and effective security system to protect your network.
One of the tested and proven security strategies used today is defense in depth. This concept focuses on the coordinated and organized use of multiple security countermeasures to keep your database safe from intrusive attackers. Basically, this concept is based on the military principle that a multi-layered and complex defense is more difficult to defeat than a single-barrier protection system.
The defense in depth strategy assures network administrators by working on the basis of the following guiding principles:
Defense in depth focuses on areas by deploying firewalls and intrusion detection to endure active network attacks and also by providing access control on servers and host machines, to resist distribution attacks from the insiders. This multi-layered defense also protects local and area-wide communication networks from denial of service attacks.
The reason for wrapping the network with multiple layers of defense is because a single line of defense may be flawed. And the most certain way to protect your system from any attacks is to employ a series of different defenses that can be deployed to cover the gaps in the other defenses. Malware scanners, firewalls, intrusion detection systems, biometric verification and local storage encryption tools can individually serve to protect your IT resources in a way others cannot.
Perhaps the final layer of defense should be educating your employees not to compromise the integrity of the computer systems with potentially unhealthy computer practices. As much as possible, teach them the dos and don’ts of using the computer, as well as how they can prevent viruses and other computer malware coming in and destroying your system.
If you’re looking to give your computer systems better protection against the harmful elements that the internet can bring, then give us a call now and we’ll have one of our associates take care of you and help defend your business.
The 2014 Olympic Winter Games is underway and athletes from all over the world have made their way to Sochi, Russia to compete. As with almost every other Olympic Games, there have been a number of issues for organizers to deal with. However, unlike the last Olympics, one of those complaints is about hacking of mobile devices and computers.
In the report, reporter Richard Engel took new, never opened laptops and mobile devices to Russia and used them. He found that within 24 hours all of the devices had been hacked, exposing the data stored within.
In part of the segment, Engel and a security expert go to a local coffee shop in Moscow and search for Sochi on a mobile device. Almost immediately the device is hacked and malicious software downloaded. Engel notes that the hackers have access to data on the phone along with the ability to record phone calls.
In a follow-up segment, Engel explains a bit more about the laptop issues. When he boots one up and connects to the Internet, hackers are almost immediately snooping around the information, transferring from the machine to the networks. Within a couple of hours, he received a personalized email from a hacker welcoming him to Russia and providing him with some links to interesting websites. Clicking on the link allowed the hackers to access his machine.
One issue is that it hasn't been stated in any reports whether the Russian government is behind this, or if it's hackers out to steal information. While you can be sure that the Russians are monitoring communication during the Winter Olympics, it is highly likely that they are not the ones installing malware on phones, rather it's probably organized crime rings or individual hackers.
Combine this with the fact that many businesses are going global, or doing business with other companies at a big distance. This has caused many people to go mobile and the tools that have allowed this are laptops and smart devices. Because so many people are now working on a laptop, phone or tablet, these devices have become big targets. The main reason for this is that many people simply don't take the same safety precautions they take while on the office or even the home computer.
Hackers know this, so logically they have started going after the easier targets. The news reports concerning Russia highlight this issue and is a warning business owners around the world should be aware of, especially if they are going to be traveling with computers or phones that have sensitive information stored within.
That being said, there are a number of tips you can employ to ensure your data is secure when you go mobile. Here are six:
This is also a good idea because if your device gets stolen, the data is in the cloud and is recoverable. If you have data just stored locally on your hard drive, and your device is stolen, there is a good chance it's gone forever. For enhanced security, be sure to use a different password for every service.
Also, ensure that the programs installed on the devices are updated. This includes the apps on your phone, including the ones that you don't use.
You should also secure your devices by not only having an antivirus and malware scanner but also requiring a password to access your device.
While this may seem great, hackers are known to watch these networks and even hack them, gaining access to every bit of information that goes in and out of the network. When you are traveling, try avoiding connecting to these networks if you can. If you really have to, then be sure not to download anything or log into any accounts that hold private data.
If you are looking to learn more about ensuring the security of your devices while you are away from the office contact us today. We have solutions to help.
Technology is becoming increasingly complex and many small to medium business owners and managers are finding it an increasing challenge to manage their systems, while also ensuring that they are secure. One way to prioritize security is to turn to an IT partner, many of whom offer managed antivirus solutions. While this is a viable option, it can still be a slightly confusing topic.
A managed antivirus solution is provided by IT partners. These tech experts take care of installing the software on computers and other devices, and will then manage the solution. They will also ensure that scanners are up-to-date and scans are scheduled for a convenient time, thus protecting computers. The best way to think of these solutions is that they are specifically provided by a company to look after your computers and protect them from viruses.
Each new year, experts like to take time and look back at the past year, and try to figure out what to expect in the coming year. It is also a good time to take a look at existing business systems and see if they are ready to handle whatever the coming year can throw at them. When it comes to security, the first step to ensuring your company is ready for the year, security wise, is actually knowing what to expect in 2014.
Here are four security threats businesses should be aware of in 2014.
Cloud-based systems saw solid growth throughout 2013, with numerous systems being introduced and older systems reaching new levels or maturity. Small to medium businesses in particular were heavy adopters of these systems. Because of this, we expect to see an increase in attacks against cloud providers.
Providers know this and take steps to ensure security of systems on their end. Hackers know this too, so will be likely going after the weaker points – end users. It is expected that hackers will begin targeting users of cloud systems with various schemes that try to gain control of computers and mobile devices. Once access is gained, they will go after their main target: Corporate or personal clouds and the data stored within.
This could pose a problem for many companies, especially those who access cloud systems from their mobile devices. January and February would be a good time to look into the security of all of your systems, ensuring that your cloud-based systems are secure on all devices.
Take a step back for a minute next time you are in public and look at how many people have smartphones or tablets in their hands. Chances are, at least 60% or higher will. It is fairly obvious that the mobile device is the most popular trend in tech at the moment, and whatever is popular is also a target.
We predict there will be an increase in mobile malware attacks throughout 2014. This could see either an increase in the number of apps that have malware in their code, or websites that host malware. When you visit a site with this malware, you are informed that you need to update an app, and when you agree to this the malware is downloaded and installed.
This could prove to be a tough for companies to manage, especially since the number of mobile users will likely grow. If you haven’t started looking into how to secure mobile devices, now would be a good time to start.
Social engineering is the act of essentially tricking people to give away confidential information. Hackers have been using this for years – for example, emailing users telling them their bank account has been compromised, and that if they click on the link in the email and enter their account info, the account will be secured. In reality, the link is to a fake site that captures information which can then be used for any number of illegal activities.
As we mentioned above, the number of mobile users is steadily increasing. This means that it is highly likely that hackers will begin to target these users with mobile specific social engineering. This could be tricking them into downloading an app which then steals information stored on the phone, or simply targeting those who use just their tablet.
In order to prevent this from happening, you need to brush up on how most social engineering schemes work. You should also encourage your employees to look where the links in emails lead to and be aware that generally, most major businesses like banks don’t email customers asking for passwords or user names.
Microsoft will stop support for Windows XP and Office 2003 in April of this year. What this means is that they will no longer be offering security updates, software updates or support for these products. It is a sure thing that these programs are about to become a big target, and that new security loopholes and exploits will be found on a regular basis after the cessation of support.
For businesses that are using a newer version of Windows like 7 or 8, you should be secure from these exploits. If you are using XP on the other hand, you might want to upgrade as soon as possible. Contact us, we can help with that.
From the overall looks of things, we think this year will see a drastic increase in mobile based security threats, along with attacks on older versions of software. Now is a good time to review your strategies regarding both mobile and the software/hardware you use, to ensure that it is secure. If you would like help with this, please contact us today for a chat.
There were numerous security threats throughout 2013, many of which put small to medium business user's data and systems at risk. Many companies have implemented security systems, such as virus scanners, that protect their assets and business operations from most threats. One area type of security threat that still exists however relates to passwords.
Many of the major security threats that harm a business have one factor in common - a hacker gaining access to systems by cracking a user's password. The one reason hackers are able to get into systems again and again is largely because users often don't pick strong enough passwords.
Even what we might perceive to be a strong password may not actually be as secure as we think. Sure, when you enter a new password many websites have a bar that indicates how strong your password is, but the issue is, these so called strong passwords are becoming easier to guess as more websites utilize the same requirements.
Think about the last time you changed your password. You were likely told to key in a password longer than 6-8 characters, with at least one capital letter, one number, and a special character like '!' or '$'. Many major systems have these exact, or at least very similar, requirements for password setting. However, If this is the norm, and you use a password like this too often then your passwords likely aren't as secure as you might believe them to be.
The reason for this is because of the way hackers usually capture passwords. The most common method adopted is brute force - getting a username then trying every password combination until the hacker finds one that works. There are programs you can download from the Internet that try thousands or more passwords a second, and many now include special characters, numbers, and capital letters, which makes finding passwords even easier.
The way it works is you enter the first few letters of your password and the system guesses the next. It uses common letters and combinations to help gauge the effectiveness of a password. For example, if your password begins with the letter 'v', it will tell you that 'I', 'S' and 'A' are the most common letters to follow. If the next letter of your password isn't one of these three, there is a good chance it is more secure. If the second letter is one of these three, then your password is less secure. This may sound a little complicated, but you should check out the system here.
It is eerie at how accurate the next letters and characters often match, and this is a good tool to determine whether to create a more robust password. You don't have to worry about testing your password out either as Microsoft has noted that they don't track the keystrokes, so you password should remain secure.
If you are looking for more ways to secure your systems, we can help, so get in touch with us today.
As a business owner you probably have more than one issue on your mind at any given time. One challenge many owners and managers worry about is the security of their organization and the systems used. One of the weakest links, security wise, is the password, as these can be quite easy to crack. This is why many companies introduce password policies. However, quite often these policies are not effective.
If you are in the process of implementing a password policy, or are looking for a way to ensure that your business is as secure as possible, you need to be aware of at least four common password policy pitfalls.
While this may seem like it serves to make passwords more complex, many users will often use a simple password and replace words with a character, or add it at the end. This really doesn't make the passwords complex, it just makes them more difficult to guess.
Because so many systems have these requirements in place, hackers have started to include these factors when they develop password crackers. This means that the are still able to guess many passwords relatively quickly.
This may seem like a good idea, but all it does is encourage users to pick easy to remember passwords. And, any password that is easy to remember is likely easy to guess too.
When making a note of passwords, most people don't take any steps to hide them, often leaving a sticky note attached to their monitor or written in a notebook casually left open on their desk. Needless to say, this is a real security issue.
There is a growing trend among many businesses of connecting to the office from outside, or doing work remotely. In order to do so, most users require an Internet connection, often using public Wi-Fi connections. The issue with many public Wi-Fi connections is that they may not be as secure as you think, and could lead to increased security threats and even loss of data.
If you or your employees work outside of the office, and rely on, or frequently connect to public Wi-Fi connections, there are three security dangers you should be aware of.
The issue is that they may have attached data monitors that collect data - including passwords and other private information going into and out of the network. Some have even gone so far as to set up a portal site that one must navigate to in order to log in and use the service - similar to what you see when you use most public Wi-Fi connections. Only these sites are loaded with malware which can be installed onto your system once you log in.
In order to avoid this, it is a good idea to look at the name of the network you are actually connecting to and check whether there is more than one with a similar name, or if there are any spelling mistakes. If you are unsure, the best approach is to check the name of the network at the business which is providing this connection.
The problem with this is when you connect to a public Wi-Fi connection. Other people on that network may also be able to see those files. If you didn't take the important files out of the folder, they could potentially steal the data contained within. Hackers know this, and may sit on the networks looking for other computers with shared files.
In order to avoid this, you should ensure that you aren't sharing files stored in public folders on your computer. Try using other ways to share documents like a cloud storage provider.
If you or an employee connects to the office remotely while connected to a public network, one way to minimize the chances of data being intercepted is by using a VPN. These connections set up a direct link between the computer and the home network, and make it difficult for those who aren't part of that network to connect to and view data that is transmitted over this connection.
On top of this, it is a good idea to avoid entering passwords or other important information like bank account and ID numbers while connected to public networks.
If you are looking for ways to keep your data secure while out of the office, get in touch with us today to see how we can help.