Your home emails sit in the mailbox, dormant and safe. Malware usually requires your permission by clicking or lowering security firewalls to gain access to your computer. Only once you begin sifting, clicking, and opening, does the danger begin.
Who is the "real" email sender?
But how else are those emails going to get read!? We all just have to risk it—despite the fact that one wrong click and our mailbox and computer could be infected—infected and contagious! You are the best defense against malware because you hold the power to open or not open, permit or no. malware usually requires your permission by clicking or lowering security firewalls to access. Instead of feeding your computer the brains of other computers, Keep your computer from becoming a zombie that eats computer brains by preventing infection and early detection.
Preventing Infection Means Knowing Your Friends
When you get an email from a friend, click on their name in the “From” field of the email. Do you still recognize the address when it is spelled out? I recognize the address, and it matches my friend’s display name, so I think this is legitimate. But checking the actual email address is important—look how easy it is to change the name displayed in the “From” field.
But let’s look at the body of the message. Would your friend send only a short phrase and a link? I know mine wouldn’t. She would capitalize and punctuate.
Telling spam from good emails
Telling spam from good emails is where proper grammar and complete sentences can be helpful because spammers fishing for you to click seem to think no one sends email in proper English. Of course if you don’t recognize the address, don’t open any attachment either—delete the email. If your friend really wanted you to see it, they can let you know and send it again.
Where does the link really go?
By hovering with your mouse cursor and NOT CLICKING on a link sent in an email, you can see if the link text matches the real address. If they don’t match or they seem shady, delete it. If you think you need to follow a link from your email, TYPE the address directly into the address bar, or at least copy and paste the link text into the address bar so there is no way you are sent to the hidden address instead of the link text.
Early Detection Means Setting Up an Early Warning System
By adding yourself to your contacts list, you can get an email any time someone turns your mailbox into a zombie. You will get an email because typically, what these zombie programs do is email to all your contacts. If you’re on the list, then you’ll know to change your email address, and you can quickly send all your friends a warning: Don’t click on that link I sent you! I’ve been hacked!
Not an IsUtility client? Schedule a complimentary IT security assesment:
Strong, unique passwords are necessary to protect our electronic documents, emails, personal information, and other data that keep our lives moving. Xvand* has a great video on building stronger passwords
by adding upper and lower case, using numbers in the middle of words, and using special characters.
Tips for Secure, Yet Easy-To-Remember Passwords
- Use an acronym for a sentence: Here are a few examples. (Notice that numeric numbers were used in place of alphabetical letters add complexity.
Add the website for which you use the password: For instance, if you use Google for email, add a memorable sentence and the website it serves:
- Mv3mJs9p = “My Very Educated Mother Just Served Nine Pizzas”.
- MG!Tsm8d! = “My Grandbaby Is The Smartest Most Beautiful Dancer!”
Include special characters to make shapes or faces to add to your passwords: For example, MG!Tsm8d!oogle could use some tildes “~~” because they are reminiscent of dance moves:
- MG!Tsm8d!oogle (oogle for Google)
- GMMG!Tsm8! (GM for Gmail).
- MG!Tsm8~d~!oogle: The sentence becomes “My Grandbaby !s The smartest most 8eautiful (dance move) dancer! (dance move), Google without the ‘G’”.
- ;)MG!Tsm8d!oogle: An alternative would be to start or end the sentence with a smiley face of some kind: to say, “Wink and smile My Grandbaby !s The smartest most 8eautiful dancer! Google”.
Use online tools to test your password
On a password rating site, you can test passwords to see how strong the password is. However, once you input a password on one of these sites, we recommend you do not use that same password. Use the websites to test types of passwords, such as, what if you added a color + number + memorable sentence + special character together to equal a password? What if I enter the number in the middle of the color word?
More Password Services
For simple passwords like “rebecca”, a password strength site
will tell you how easily your password could be hacked. Conversely, the “Wink and smile My Grandbaby…” password would take 412 trillion years!
If mnemonic passwords seem too difficult, look into services like LastPass
which claim to keep your passwords secure while allowing you to use one master password.
Have an idea for next months' Tech Tip? Submit your idea below!
Not an IsUtility client? Schedule a complimentary IT security assesment:
Photo credit: www.responza.com
If you're an Xvand* client, your office computers, laptops, and mobile devices have many layers of protection from malware, but what about your home computer, touch pads, and smart phones? According to a study by Symantec, cyber crime has more than 1 million identity theft victims per day. While hackers and spam emails make it seem like we are all under siege, a little tech-savviness goes a long way to keep you from having to call in the exorcist.
The Security Risks
Computer viruses and worms
are programs whose job is to make copies of themselves so they can spread to other computers. Spyware programs
gather data quietly and send that information to someone else. Technically, spyware is only spyware if it is downloaded without consent. For programs and companies that you give consent, the tracking programs are called browser cookies and tracking cookies. Adware programs
show you pop-up ads and other advertisements.
What is Malware?
is a general term for software or programs that the owner of the computer does not want because it can damage or disable the computer. Viruses, spyware, and adware are all malware. Malware is generated by hackers and thieves to learn our personal information and possibly steal our identity.
Safeguard Your Mobile Minions
Our mobile phones and tablets are as indispensable to us as Igor is to evil geniuses, black cats to witches, apprentices to wizards. Yet, Symantec’s Norton Study
indicates we do not protect our mobile devices as seriously as we do our computers. Our pocket computers are just as important. The smart phones and tablets we carry around are vulnerable to malware whether they are Google/Androids, Apple/Macs/iPhones, or others.
Mobile Devices Are Computers in Your Pocket
Many of the same measures we take for our desktop computers can be taken to protect our mobile devices. Mobile devices can be kept safe by keeping the apps and operating system up-to-date. Many “patches” or updates
protect against the newest malware out there or fix “bugs” that leave your device vulnerable.
Anti-virus and Malware-finding Apps
Smartphones and tablets have anti-virus
and malware-finding apps
that you can run frequently to exorcise the malware slowing down your device. Mobile security apps are also available that will help keep you from getting malware in the first place as well as having features to protect your data from theft or loss of your device. Just a few of the options include: Bitdefender
, and Lookout
More Security Measures for Mobile Devices
Like the programs on your desktop computer, you can decide what data your mobile apps can access. By reading permissions and disallowing those that do not make sense to you, you can protect your data further.
- Turn off and do not permit apps to use location services. Apps using location services, including your phone camera, will record your location and tag that information anywhere you share the photos or other social updates you provide.
- Lock when not in use. Lock mobile devices with a pin number, pattern, or even facial recognition used by some phones.
- When changing or upgrading your phone: log out of all apps on your old device and reset your phone to factory default settings (usually an option in settings). Resetting to factory default should delete all personal data. If you used your old device to access work material, informing your helpdesk through a ticket will block the old phone from accessing your work network.
- Beware of public wireless networks. Others using that network may be able to see what you are downloading. VPN or cloud computing technology like XVand’s provides more security than your smart phone or touchpad alone by funneling your data through a secured network. “Jail-breaking” or “rooting” your device can make it easier for malware to reach your operating system.
Not an IsUtility client? Schedule a complimentary IT security assesment:
Xvand Technology Corporation is honored to be selected as a Houston finalist for the 2013Best and Brightest Companies to Work.
As a long time promoter of the flexible workplace, this initiative is near and dear to our hearts, and we encourage you to partake in this effort.
We've found that many of the organizations that use our Houston computer services to implement a flixible workplace program have reported more productive (and happy!) employees.
The program – also called Flexworks - encourages area employers to utilize flexible workplace policies that promote business activity and improve Houston's mobility.
This year’s symposium and awards luncheon will be Nov. 7 at the Bella Elegante at 300 Milam St.
Click here to learn more about this program.
Tropical storms, like Ernesto, are once again threatening the Gulf Coast.
Thankfully, you've stored offsite data backups and have tested your disaster preparedness plan.
You have, right?
(Editor's note: If you prefer last-minute dashes to Home Depot, miles of bumper to bumper- traffic heading out of harm's way and scrambling to protect and recovery lost data, this article is not for you.)
Disaster preparedness is always better than disaster recovery. Houston-based businesses like have become all too aware of this adage.
Unfortunately, after Hurricane Irene left $15 billion in damages in its wake, the East Coast was rudely awakened to this message as well.
The silver lining in this hurricane cloud? We know from experience how to plan for such disasters.
Here's a brief outline disaster recovery checklist & plan:
1. Take inventory of IT equipment
- Take inventory of computers, equipment, supplies and receipts/verification of ownership (individual employees should be encouraged to do the same)
- Take “before” photographs for documented evidence
- Back-up power supply
- Have copies of maintenance agreements and break/fix providers readily accessible; be sure to capture serial numbers of equipment
2. Risk Assessment & Management
(Identify & categorize the risk of IT disaster on business)
- Impact on revenue
- Impact on clients/reputation
- IT systems assessment (create a spreadsheet that uses weighted values assigned to various systems, functionality and dependencies)
- Which data can the organization afford to lose?
- How long can data be inaccessible?
- Examples: Email = critical. Photoshop = less critical, etc.
3. On the Road - Mobile Device Security
- Do not back up company data on mobile devices (49% of data breaches were due to lost or stolen laptops or devices such USB flash drives – Dell)
- Use best practices for securing wireless devices
- Protect against lost laptops and remote devices
- Record all serial and model numbers of all equipment
- Laptop tracking and remote data deletion capabilities are a safe and economical way to protect company assets and data
- Contact local law enforcement and your organization's data recovery department as soon as a laptop goes lost or missing
- When sensitive data contained on laptop hard drives needs to be destroyed
- Ensure your organization is in compliance appropriate data destruction policies.
- Ask for a certificate of destruction and find out how the hard drives are disposed.
4. Prepare Disaster Recovery Plan in Advance.
Test the following on a QUARTERLY basis:
- Data access – move data to systems that will allow browser access
- Data backup, is your offsite storage facility in the hurricane path
- Data restoration - how do your vendors define “recovery” and how long is the recovery interval – have you timed it?
- Where will restore occur? Are the backups up-to-date and good? Will the data be in sync? How LONG will it take?
- Will the equipment be compatible
- Data security – cyber thieves love natural disasters, best time to strike
- System uptime – your recovery interval is twelve hours and your battery back up is good for four hours
- Data accessibility (before, during, after hurricane)
Five Questions to Ask Your DR Vendor
- What’s the recovery interval?
- Who’s responsible for restoring data?
- Do you document your backup procedures?
- How often do you test your data backup plan?
- What are staffing levels in an emergency?
Did you know that cloud computing can help create the framework for a comprehensive disaster plan? Register for a free webinar on the Five Steps to Understanding and Implementing Cloud Computing.
Photo courtesy of National Geographic
We recently shared a few practical tips on how to determine whether cloud computing services are right for your organization.
Once you've conducted an internal risk assessment to determine what "flavor" of cloud computing aligns best with your business needs, you need to ensure that the provider will deliver the desired outcomes down the road.
5 Must-Haves For Every Cloud Computing Contract
Many business executive are still unsure about the viability of cloud services or are concerned about the security of data that's not hosted at their offices. Many simply been jaded by personal or heavily-publicized news stories about cloud computing services nightmares.
To protect your business interests and ensure data security in the cloud, make sure that your cloud computing contract identifies the following five key components:
1. Determine Data Ownership
While this seems like an obvious step, some cloud service contracts state that any data uploaded to their "cloud" becomes property of the provider. Make sure that the contract clearly keeps all data and files in your company's possession.
2. Establish a Right to Audit
If you work in an industry that is bound by data security legislation that require periodic auditing of a company's data access policies and procedures, choose a cloud provider that has previously met these requirements.
Or if you've identified a cloud computing company that fits your needs, but has yet to pass your specific data security requirements for a previous client, ask if they will allow an assessment of their systems and data access policies before you engage with them - and periodically throughout the life of your contract.
3. Ensure Application and Server Uptime Guarantees
Ask for your potential provider's uptime levels and establish a guarantee with financial penalities for failing to meet the predetermined threshold. For example, let's say that during a given month the availability of the applications and the server does not meet the specified performance level, make sure that you receive a service credit based upon the monthly fee for the affected service for the affected month.
4. Establish "Exit" Provisions For Data
To avoid a messy split when the time comes to terminate the relationship with your provider, make sure that there are provisions in place to obligate your provider to retrieve and restore your organization's data, and that all copies of the your data and confidential information contained in any computer memory or data storage apparatus are properly destroyed.
5. Establish Support Response Times
The greatest IT infrastructure in the world can be rendered useless if you and your employees can't access it or can't get answers to their technical questions. Ask about your potential provider's mean time to resolve issues. Will your employees be put in a queue or will they get a live person on the line? How long will it take to get a technical expert to respond?
As a cloud computing service specializing in disaster recovery in Houston, we were asked by Jennings Wire to spend some time on their podcast to share a few steps small and mid-sized businesses should take to prepare and implement a successful disaster preparedness plan.
JenningsWire (JenningsWire.com) is a community of bloggers led by Annie Jennings. We briefly discussed the evolution of cloud computing before exploring how to approach small business disaster recovery.
We'd like to thank Annie and her team for including us on the podcast and alerting the business community on the importance of preparing for disaster.
Disaster Preparedness Plan Topics Included:
- What’s the first step small business should take to prepare for disasters? (Hurricanes, tornadoes and other natural disasters)
- What should be included in a disaster plan? How often should it be tested?
- Should small businesses consider outsourcing disaster preparedness?
- What’s the best way to find an outsourcing partner for DR planning?
- Describe an example of a successful disaster preparedness plan.
To help properly plan for disaster, we've compiled a small business disaster recovery infographic
that, we hope, helps your organization plan for future disasters.
Embed this infographic on your site (copy code below):
Does your business have a disaster plan in place? Download a complimentary 10-Step Disaster Preparedness template.
In the ever-expanding online world, and the business that takes place within it, cyber crime has become the topic of many discussions. Not only confined to the most knowledgeable IT experts today, we see words such as "Cyber-Terrorism" thrown around in our every day speech, and reports of large-scale incursions of company privacy leave many clients with a feeling of dread when it comes to dealing with online business and data storage. Instead of the traditional method to data storage, with companies investing mass amounts of capital into large data warehouses and IT staffs, there is another approach which is gaining considerable interest and use in our global economy.
How serious is cyber crime?
The threat of cyber attacks is real regardless of how many people may actually be familiar with it. It is not only those who are not computer savvy that are the most susceptible to being victims of attacks; everyone is at risk. Almost every aspect of our lives has been affected in one way or another by the digital revolution. The explosion of computer technology for personal use has given rise to an entirely new way of living for most people. Truth be told, we conduct much of our lives online now, primarily due to the ease and convenience of using computers for such activities as banking and commerce. While this shift in lifestyle has been positive overall, there is somewhat of a "dark side" to the digital revolution--unfortunately, the phenomenon of cyber crime has emerged as well, increasing almost in lockstep with the progress made in technology.
What is cyber crime?
Simply put, it is criminal activity of various kinds perpetrated through the use of computers. While certain types of illicit activity such as hacking (i.e., exploiting vulnerabilities in computer programs to gain illegal access to a network or computer system) have been around since the dawn of the computer age, for the most part it was still considered a "fringe" activity, primarily done as a means of juvenile entertainment or even to garner "bragging rights" in the underground hacking community. Nowadays, however, hacking and other variants of cyber crime are a full-blown, multi-billion-dollar industry. Due to the massive amount of financial transactions (i.e., banking, commerce, investing, etc.) that are conducted online each day, cyber crime poses a formidable threat, costing individuals, businesses and governments billions of dollars each year.
Common types of cyber crimes
Fraud consistently ranks as one of the most prominent types of illegal activity conducted by cyber criminals, with identity theft being one of the most popular crimes falling under the fraud category. Identity theft takes place when a cyber criminal gains illegal access to a victim's online financial accounts and either steals the victim's funds outright or steals sensitive information such as the victim's social security number. Armed with this information, a cyber criminal can do even more damage by taking out loans or applying for credit cards in the victim's name.
Another huge category of cyber crime comes in the form of online scams. Online "merchants" can offer goods for sale with no intention of delivering them after receiving payment, or websites can offer counterfeit goods, passing them off as authentic. "Phishing" is another form of online scam where cyber criminals attempt to acquire sensitive information such as usernames, passwords, or even bank account numbers by means of sending a fraudulent email posing to be from a legitimate institution. They will use deceptive tactics such as stating that the victim's account has been "compromised" and then asking the victim to "verify their account information", and other such methods intended to obtain sensitive account information from the victim. A more sophisticated version of this is "spoofing", where perpetrators will trick victims into entering their account information into a fraudulent website.
Other more sophisticated forms of cyber crime include the creation of malicious software (called "malware") that basically wreaks havoc on people's computer systems. Malware encompasses a broad category of harmful software including viruses, worms, Trojan horses, and other sophisticated programs that can greatly affect the performance of your computer, and many times can even render your entire system ineffective. One example of malware is "scareware", which is a software program that displays fake alerts on your computer screen to warn you that your computer has been infected by a virus. The program urges you to click on some type of button or link in order to remedy the "problem", which usually directs you to a web page encouraging you to buy some type of anti-virus software. Many times this software is not legitimate, and only serves to remove the scareware alerts that were fraudulent to begin with.
As you can see, there are a myriad of categories of cyber crime, much of which is beyond the scope of this article. If you feel as though your online security has been compromised through identity theft or some other means, it is vital that you take immediate action to prevent a cyber criminal from using your account information to access your funds. Make sure to call your bank, credit card companies, and other institutions where you may have an account (such as a charge account for a particular retail store) and inform them that your accounts may have been compromised, and to be on alert for any suspicious purchasing activity. Most credit card companies and banks have a "zero liability" or limited liability policy set in place when they detect fraudulent activity, and many of them will even freeze your accounts until you can verify the authenticity of the transactions.
How to protect yourself and your company
For any issues regarding the security of your computer, make sure that your system is updated with anti-virus and anti-malware protection in order to hinder cyber criminals from gaining a foothold. Also, don't respond to emails that ask for your account information. If you have any doubts as to whether the email is legitimate or not, contact the institution by phone to confirm that they are the source of the email communication. While cyber crime is an ever-present threat, taking these common-sense steps will prevent many of the mistakes that victims of cyber crime make, and ensure a greater overall level of online security.
Cyber crime targets businesses of all sizes
Not only do individuals have to be cautious but business too, no matter how big or small. But how does cloud computing protect against data theft, and cyber threats? By moving information off a centralized server onto a specialized cloud hosting service, this only helps to diminish the risks of cyber-threats, but creates a multi-fold approach to data security. These cloud services, through virtualization of their own software, invest more resources, time, and capital to protecting your information, and in addition to a companies' own internal IT protection, can potentially create a web of security protocols that thwarts many would-be hackers and data thieves.
To protect client's valuable information, one of the most effective methods today for data theft prevention is a phenomenon known as "Cloud Computing". The term takes its name from the abstract idea of a cloud in cyberspace - this cloud represents the vast array of connections across secure network interfaces.
While still a relatively recent form of data storage, it has nonetheless had breakaway success in businesses large and small: it is estimated that over half of U.S. businesses now use cloud computing. This has created boom for these businesses, especially those with limited personnel with advanced computer skills. This does not diminish the quality of protection. With utilizing and developing trust with a cloud computing service, a company can expect to protect its information investments for years to come.
Don't jump head-first into the cloud
To combat the risk of IT espionage, many small businesses are hiring third-party IT services, including cloud computing services. However, just because a cloud provider offers more robust security, doesn't mean you should jump in head-first. Please feel free to download the tool below to help you find the right provider.
Earlier his month, an IT employee in Delaware rigged a hidden laptop to his company's computer network to secretly read his boss's email, and threatened to make the information public unless he was paid a substantial sum.
Fortunately, the suspect was apprehended and arrested before the extortion plan could take root. However, such corporate blackmail schemes underscore the need for companies to have checks and balances within their IT departments or to hire an outside IT outsourcing or auditing firm.
While your company's IT professional is not likely quite as rogue, how do you know for certain that he/she has your best interest in mind?
5 Questions to Ask Your IT Staff
Most small business executives don't have the time, IT knowledge or familiarity to know whether their IT staff's actions are aligned with company goals. Here are five questions to ask your IT employee about your company's IT setup:
1. What happens if the server goes down?
In other words, how does the company protect against productivity and data loss in the event of a server or workstation failure? What redundancies are currently in place?
Even if the data is backed up in a secure offsite location, how long would it take to repair or replace the hardware, retrieve, restore and configure the data/software to restore operations as usual?
Has this process been tested?
2. What if a laptop or workstation is lost or stolen?
One of the leading causes of data loss is misplaced or stolen thumb drives or laptops, with the average laptop containing approximately $250,000 worth of confidential client data or trade secrets.
Is this data properly backed up? Is the company equipped to remotely wipe the data in such an event to prevent the data falling into ther wrong hands?
3. If data is corrupted, how long would it take to restore the data, if at all?
How many backup copies of a particular file are kept? How long would it take to go back and retrieve the most recent, good version?
3. What is your mean time to resolve technical issues?
For how long are company employees unproductive while they are kept waiting for technical issues to get resolved? Do the same metrics apply to remote workers or those in satellite locations where support is not as readily available?
4. What is our per-employee IT cost?
Most executives have a good idea of their one, three and five-year growth plans, and should know what it would cost to add new employees as the company continues to grow.
5. Who else has access to critical company information?
Is the IT person the only one with access to company information to the point where he/she can hold the company hostage? What checks and balances are currently in place?
If these questions can't be adequately addressed, you may want think twice about who is controlling your company's data.
How to hire an IT auditor or IT outsourcing service
To combat the risk of IT espionage, many small businesses are hiring third-party IT services, including cloud computing services. Please feel free to download the tool below to get started.
Image courtesy of Saturday Night Live.
It's human nature. When a new paradigm arises, those accustomed to the traditional model become skeptical. And cloud computing is certainly not impervious to this trend of preliminary cynicism.
Like any new model, cloud computing deserves the skepticism, if not a barrage of questions. After all, clients are being asked to hand over their data - the lifeblood of their organization to the cloud computing provider.
Like any business venture, cloud computing implementation should be aligned with business objectives. How else would one measure ROI or the success of a cloud project? On the flip side, cloud computing will always fall short when compared to utopia. Here's a recent true story to illustrate this point.
Client: What happens when one of your system components fail?
Cloud Provider: Business critical functions run in a disaster-proof data-center, on multiple, independent components that switch over automatically in the event of failure.
Client: What happens if a super-disaster incapacitates your entire data-center?
Cloud Provider: We have yet to encounter an issue, but as a contingency, the entire system is replicated in real-time to a data-center in another geographical location.
Client: What happens if a nuclear holocaust destroys the entire region?
True story. In all likelihood, the client did not have a contingency plan to protect against a mass-destructing nuclear holocaust, but it didn't matter. Perception is reality. In reality, if a nuclear bomb destroys your entire region, there's a good chance that data is not your biggest problem.
According to CIO and CFO Magazines, most executives don't have a good understanding of what their IT system truly costs their organizations. Issues like downtime, security breaches and time spent discussing IT issues are rarely factored into the equation.
Here are two steps on evaluating an onsite IT network versus a transition to a cloud computing provider:
Step 1: Know your IT Hazards (Infographic)
The following inforgraphic outlines a few of the hidden pitfalls of owning and managing an onsite IT system. Click on the image to view a larger version.
Step 2: Conduct a Risk Assessment
So how would you advise a nervous business owner or manager? Make a realistic assessment of the processes and systems involved in day-to-day operations:
Here's a sample risk assessment matrix:
- Evaluate scenarios and their probability of damage
- Identify systems, users and departments that might be at risk
- Evaluate contingencies, disaster plans, costs pros and cons