Carrollton Dermatology Associates
Dr. Thomas H. Lamb, MD.
Brighter Image, Inc.
RA-Lin and Associates
North Georgia Turf, Inc.
The security of systems like servers and computers that connect to the Internet should be one of utmost importance for business owners and managers. However, there are always security flaws being exposed which could expose your systems and data to malicious hackers, who could really endanger your business. Over the past few weeks a massive massive security flaw with cryptographic software has come to light. Codenamed Heartbleed, this bug makes stealing data almost ridiculously easy.
You can tell sites are using SSL/TLS by looking at the URL bar of your browser. If there is a padlock or HTTPS:// before the Web address, the site is likely using SSL or TLS verifications to help ensure that the site is legitimate and communication will be secure. These technologies work well and are an essential part of the modern Internet. The problem is not actually with this technology but with a software library called OpenSSL. This breach is called Heartbleed, and has apparently been open for a number of years now.
Heartbleed is a bug/glitch that allows anyone on the Internet to access and read the memory of systems that are using certain versions of OpenSSL software. People who choose to exploit the bugs in the specific versions of OpenSSL can actually access or 'grab' bits of data that should be secured. This data is often related to the 'handshake' or key that is used to encrypt data which can then be observed and copied, allowing others to see what should be secure information.
Scary right? Well, the second problem is much, much bigger. The hacker won't only be able to see the data you transmit, but how the site receiving it employs the SSL code. If a hacker sees this, they can copy it and use it to create spoof sites that use the same handshake code, tricking your browser into thinking the site is legitimate. These sites could be made to look exactly same as the legitimate site, but may contain malware or even data capture software. It's kind of like a criminal getting the key to your house instead of breaking the window.
But wait, it gets worse. This bug has been present in certain versions of OpenSSL for almost two years which means the sites that have been using the version of OpenSSL may have led to exposure of your data and communication. And any attacks that were carried out can't usually be traced.
We have to make it clear here however: Just because OpenSSL is used by a vast percentage of the Internet, it doesn't mean every site is affected by the glitch.
The latest versions of OpenSSL have already patched this issue and any website using these versions will still be secure. The version with Heartbleed came out in 2011. The issue is while sites may not be using the 2011 version now, they likely did in the past meaning your data could have been at risk. On the other hand, there are still a wide number of sites using this version of OpenSSL.
It can be hard to tell whether your data or communications were or are actually exposed or not, but it is safe to assume that at some time or another it was. Changing your passwords should be the first step to ensuring that you are secure and that the SSL/TSL transmissions are secure. Another thing you should be aware of is what sites are actually using this version of OpenSSL. According to articles on the Web some of the most popular sites have used the version with the bug, or are as of the writing of this article, using it. Here are some of the most popular:
If you have a website that uses SSL/TSL and OpenSSL you should update it to the latest version ASAP. This isn't a large update but it needs to be done properly, so it is best to contact an IT partner like us who can help ensure the upgrade goes smoothly and that all communication is infact secure.
Contact us today to see how we can help ensure that your company is secure.
Malicious software (more commonly known as malware) can be found on almost any system, most often being downloaded and installed on computers. It can cause a myriad of annoyances, like unwanted pop-ups and system freezing, and some forms can even gain unauthorized access to your PC, stealing personal information. It's therefore essential that malware is prevented. Malware on work computers can disrupt a company’s operations and may put the security of data in jeopardy.
If this doesn't work, disconnect the infected computer from the network to prevent the spread of the malware. Furthermore, avoid accessing the Web and using vital information such as bank account and credit card information. Let the technical department or your IT partner handle the concern since they are trained in determining and eradicating system malware infections.
Once the problem has been pinpointed, a tech specialist will go through the process of eliminating the infection. This includes backing up data on the computer and restoring the system to its original state. Depending on the extent of the infection, the computer may need to be wiped clean, or reformatted before restoring backed-up files.
After the whole process, the computer must be tested to ensure that the infection has been totally removed. Moreover, further investigation and studies must also be done to determine where the problem started, as well as to create a strategy as to how to prevent this from happening in the future.
If you have questions or concerns with regards to malware prevention and resolution, feel free to call us. Our support team is always ready to help.
Security of a business's systems and networks should be important to many business owners and managers. In fact, an increasing number of companies are implementing security strategies. While these strategies do keep businesses secure, there is one critical element that could cause plans to fail, leading to an increased chance of a breach of security: The audit.
These elements are: assess, assign, audit. When you develop a plan, or work with an IT partner to develop one, you follow the three steps above, and it may be obvious at the end. In truth however, you should be auditing at each stage of the plan. That means you first need to know what goes on in each stage.
During the assessment phase you or your IT partner will need to look at the existing security you have in place. This includes on every computer and server and also focuses on who has access to what, and what programs are being used. Doing an assessment should give you an overview of how secure your business currently is, along with any weak points that need to be improved.
The assignment phase looks at actually carrying out the changes you identified in the assessment phase. This could include adding improved security measures, deleting unused programs or even updating systems for improved security. The main goal in this phase is to ensure that your systems and networks are secure.
Auditing happens after the changes have been made and aims to ensure that your systems are actually secure and have been implemented properly. Throughout the process you will actually need to continually audit and adjust your strategy.
Keeping systems and computers secure can seem like a full time job, largely because there is a near constant stream of security issues being discovered. From malware to bugs in software, you can bet that you will eventually find a security breach in your systems. The other week news broke of a bug that posed a critical security flaw in Apple's operating systems.
The update notes released by Apple noted that the patch "provides a fix for SSL connection verification." This is a fairly common update as it is aimed at improving the security of communications between websites and the device. However, security experts found out that without the update attackers who can connect to a network are able to capture sensitive information being sent in banking sessions, email messages, and even chat messages using what's called an SSL/TSL session.
In other words, SSL and TSL are used to ensure that information is exchanged securely over the Internet.
According to security experts, this bug has been found to affect devices running older versions of iOS 7, OS X 10.8 and newer, Apple TV, and possibly iOS 6. It is important to note that the bug is only found in Apple's SSL technology. Any app that uses Apple's version of SSL could be affected.
You should also remain vigilant and not connect to any open or public Wi-Fi connections or even secured Internet connections that could be easy to break through. Basically, as long as you update you should be fine. However, it may be worthwhile using another browser if you are really worried about whether you have a secure connection.
If you are looking to learn more about this security flaw, or how you can secure your business from threats like this, contact us today. We can help.
There are numerous ways business security systems can be compromised. A common way is phishing - tricking people into giving up important information via email. Original phishing methods are now well known, and increasingly less effective. So hackers have become more skilled and have adapted their phishing methods into a new form of catching people out with what experts have labeled as spear phishing.
Generally a hacker will first pick a target and then try to learn more about the related people. This could include visiting a website to see what a company does, who they work with, and even the staff. Or they could try hacking a server in order to get information.
Once they have some sort of information, usually a name, position, address, and even information on subscriptions, the hacker will develop an email that looks similar to one that another organization might send e.g., a bank. Some hackers have been known to create fake email accounts and pose as a victim's friend, sending emails from a fake account.
These emails are often similar to official correspondence and will always use personal information such as addressing the email to you directly instead of the usual 'dear sir or madam'. The majority of these emails will request some sort of information or talk about an urgent problem.
Somewhere in the email will be a link to the sender's website which will look almost exactly like the real thing. The site will usually ask you to input personal information e.g., an account number, name, address, or even passwords. If you went ahead and followed this request then this information would be captured by the hacker.
Should someone fall for this tactic, they will often see personal information captured and accounts drained or even their whole identity stolen. Some spear phishing attacks aren't after your identity or money, instead clicking on the link in the email will install malicious software onto a user's system.
We are actually seeing spear phishing being used increasingly by hackers as a method to gain access to business systems. In other words, spear phishing has become a great way for people to steal trade secrets or sensitive business data.
Our computer systems need a high level of protection against harmful viruses, worms and other malware currently spreading like wildfire over the Web. If you have a layered security or defense in depth strategy in place, then you’re probably well protected. But if not, then our guide will surely help you protect your computer systems.
Just like the human body, a computer system can also be attacked by many viruses that can infect and disrupt computer operations. And what's worse is it doesn’t just disrupt the operations of your computer, but these viruses and other malware can gather sensitive information or even gain access to other private and secured computer systems on the same network.
Although computer viruses aren't deadly, they can spread at an unimaginable rate across your entire computer system, affecting your database, networks and other IT-related sources. You can get these viruses by opening bogus email messages, downloading unknown file attachments, and accidentally clicking ads that pop up your screen. This is why there is a need for a strong and effective security system to protect your network.
One of the tested and proven security strategies used today is defense in depth. This concept focuses on the coordinated and organized use of multiple security countermeasures to keep your database safe from intrusive attackers. Basically, this concept is based on the military principle that a multi-layered and complex defense is more difficult to defeat than a single-barrier protection system.
The defense in depth strategy assures network administrators by working on the basis of the following guiding principles:
Defense in depth focuses on areas by deploying firewalls and intrusion detection to endure active network attacks and also by providing access control on servers and host machines, to resist distribution attacks from the insiders. This multi-layered defense also protects local and area-wide communication networks from denial of service attacks.
The reason for wrapping the network with multiple layers of defense is because a single line of defense may be flawed. And the most certain way to protect your system from any attacks is to employ a series of different defenses that can be deployed to cover the gaps in the other defenses. Malware scanners, firewalls, intrusion detection systems, biometric verification and local storage encryption tools can individually serve to protect your IT resources in a way others cannot.
Perhaps the final layer of defense should be educating your employees not to compromise the integrity of the computer systems with potentially unhealthy computer practices. As much as possible, teach them the dos and don’ts of using the computer, as well as how they can prevent viruses and other computer malware coming in and destroying your system.
If you’re looking to give your computer systems better protection against the harmful elements that the internet can bring, then give us a call now and we’ll have one of our associates take care of you and help defend your business.
The 2014 Olympic Winter Games is underway and athletes from all over the world have made their way to Sochi, Russia to compete. As with almost every other Olympic Games, there have been a number of issues for organizers to deal with. However, unlike the last Olympics, one of those complaints is about hacking of mobile devices and computers.
In the report, reporter Richard Engel took new, never opened laptops and mobile devices to Russia and used them. He found that within 24 hours all of the devices had been hacked, exposing the data stored within.
In part of the segment, Engel and a security expert go to a local coffee shop in Moscow and search for Sochi on a mobile device. Almost immediately the device is hacked and malicious software downloaded. Engel notes that the hackers have access to data on the phone along with the ability to record phone calls.
In a follow-up segment, Engel explains a bit more about the laptop issues. When he boots one up and connects to the Internet, hackers are almost immediately snooping around the information, transferring from the machine to the networks. Within a couple of hours, he received a personalized email from a hacker welcoming him to Russia and providing him with some links to interesting websites. Clicking on the link allowed the hackers to access his machine.
One issue is that it hasn't been stated in any reports whether the Russian government is behind this, or if it's hackers out to steal information. While you can be sure that the Russians are monitoring communication during the Winter Olympics, it is highly likely that they are not the ones installing malware on phones, rather it's probably organized crime rings or individual hackers.
Combine this with the fact that many businesses are going global, or doing business with other companies at a big distance. This has caused many people to go mobile and the tools that have allowed this are laptops and smart devices. Because so many people are now working on a laptop, phone or tablet, these devices have become big targets. The main reason for this is that many people simply don't take the same safety precautions they take while on the office or even the home computer.
Hackers know this, so logically they have started going after the easier targets. The news reports concerning Russia highlight this issue and is a warning business owners around the world should be aware of, especially if they are going to be traveling with computers or phones that have sensitive information stored within.
That being said, there are a number of tips you can employ to ensure your data is secure when you go mobile. Here are six:
This is also a good idea because if your device gets stolen, the data is in the cloud and is recoverable. If you have data just stored locally on your hard drive, and your device is stolen, there is a good chance it's gone forever. For enhanced security, be sure to use a different password for every service.
Also, ensure that the programs installed on the devices are updated. This includes the apps on your phone, including the ones that you don't use.
You should also secure your devices by not only having an antivirus and malware scanner but also requiring a password to access your device.
While this may seem great, hackers are known to watch these networks and even hack them, gaining access to every bit of information that goes in and out of the network. When you are traveling, try avoiding connecting to these networks if you can. If you really have to, then be sure not to download anything or log into any accounts that hold private data.
If you are looking to learn more about ensuring the security of your devices while you are away from the office contact us today. We have solutions to help.
Technology is becoming increasingly complex and many small to medium business owners and managers are finding it an increasing challenge to manage their systems, while also ensuring that they are secure. One way to prioritize security is to turn to an IT partner, many of whom offer managed antivirus solutions. While this is a viable option, it can still be a slightly confusing topic.
A managed antivirus solution is provided by IT partners. These tech experts take care of installing the software on computers and other devices, and will then manage the solution. They will also ensure that scanners are up-to-date and scans are scheduled for a convenient time, thus protecting computers. The best way to think of these solutions is that they are specifically provided by a company to look after your computers and protect them from viruses.
Each new year, experts like to take time and look back at the past year, and try to figure out what to expect in the coming year. It is also a good time to take a look at existing business systems and see if they are ready to handle whatever the coming year can throw at them. When it comes to security, the first step to ensuring your company is ready for the year, security wise, is actually knowing what to expect in 2014.
Here are four security threats businesses should be aware of in 2014.
Cloud-based systems saw solid growth throughout 2013, with numerous systems being introduced and older systems reaching new levels or maturity. Small to medium businesses in particular were heavy adopters of these systems. Because of this, we expect to see an increase in attacks against cloud providers.
Providers know this and take steps to ensure security of systems on their end. Hackers know this too, so will be likely going after the weaker points – end users. It is expected that hackers will begin targeting users of cloud systems with various schemes that try to gain control of computers and mobile devices. Once access is gained, they will go after their main target: Corporate or personal clouds and the data stored within.
This could pose a problem for many companies, especially those who access cloud systems from their mobile devices. January and February would be a good time to look into the security of all of your systems, ensuring that your cloud-based systems are secure on all devices.
Take a step back for a minute next time you are in public and look at how many people have smartphones or tablets in their hands. Chances are, at least 60% or higher will. It is fairly obvious that the mobile device is the most popular trend in tech at the moment, and whatever is popular is also a target.
We predict there will be an increase in mobile malware attacks throughout 2014. This could see either an increase in the number of apps that have malware in their code, or websites that host malware. When you visit a site with this malware, you are informed that you need to update an app, and when you agree to this the malware is downloaded and installed.
This could prove to be a tough for companies to manage, especially since the number of mobile users will likely grow. If you haven’t started looking into how to secure mobile devices, now would be a good time to start.
Social engineering is the act of essentially tricking people to give away confidential information. Hackers have been using this for years – for example, emailing users telling them their bank account has been compromised, and that if they click on the link in the email and enter their account info, the account will be secured. In reality, the link is to a fake site that captures information which can then be used for any number of illegal activities.
As we mentioned above, the number of mobile users is steadily increasing. This means that it is highly likely that hackers will begin to target these users with mobile specific social engineering. This could be tricking them into downloading an app which then steals information stored on the phone, or simply targeting those who use just their tablet.
In order to prevent this from happening, you need to brush up on how most social engineering schemes work. You should also encourage your employees to look where the links in emails lead to and be aware that generally, most major businesses like banks don’t email customers asking for passwords or user names.
Microsoft will stop support for Windows XP and Office 2003 in April of this year. What this means is that they will no longer be offering security updates, software updates or support for these products. It is a sure thing that these programs are about to become a big target, and that new security loopholes and exploits will be found on a regular basis after the cessation of support.
For businesses that are using a newer version of Windows like 7 or 8, you should be secure from these exploits. If you are using XP on the other hand, you might want to upgrade as soon as possible. Contact us, we can help with that.
From the overall looks of things, we think this year will see a drastic increase in mobile based security threats, along with attacks on older versions of software. Now is a good time to review your strategies regarding both mobile and the software/hardware you use, to ensure that it is secure. If you would like help with this, please contact us today for a chat.
There were numerous security threats throughout 2013, many of which put small to medium business user's data and systems at risk. Many companies have implemented security systems, such as virus scanners, that protect their assets and business operations from most threats. One area type of security threat that still exists however relates to passwords.
Many of the major security threats that harm a business have one factor in common - a hacker gaining access to systems by cracking a user's password. The one reason hackers are able to get into systems again and again is largely because users often don't pick strong enough passwords.
Even what we might perceive to be a strong password may not actually be as secure as we think. Sure, when you enter a new password many websites have a bar that indicates how strong your password is, but the issue is, these so called strong passwords are becoming easier to guess as more websites utilize the same requirements.
Think about the last time you changed your password. You were likely told to key in a password longer than 6-8 characters, with at least one capital letter, one number, and a special character like '!' or '$'. Many major systems have these exact, or at least very similar, requirements for password setting. However, If this is the norm, and you use a password like this too often then your passwords likely aren't as secure as you might believe them to be.
The reason for this is because of the way hackers usually capture passwords. The most common method adopted is brute force - getting a username then trying every password combination until the hacker finds one that works. There are programs you can download from the Internet that try thousands or more passwords a second, and many now include special characters, numbers, and capital letters, which makes finding passwords even easier.
The way it works is you enter the first few letters of your password and the system guesses the next. It uses common letters and combinations to help gauge the effectiveness of a password. For example, if your password begins with the letter 'v', it will tell you that 'I', 'S' and 'A' are the most common letters to follow. If the next letter of your password isn't one of these three, there is a good chance it is more secure. If the second letter is one of these three, then your password is less secure. This may sound a little complicated, but you should check out the system here.
It is eerie at how accurate the next letters and characters often match, and this is a good tool to determine whether to create a more robust password. You don't have to worry about testing your password out either as Microsoft has noted that they don't track the keystrokes, so you password should remain secure.
If you are looking for more ways to secure your systems, we can help, so get in touch with us today.