We have all been there, and there is no doubt we will all be there again. It's inevitable that our Internet connected devices will get infected and spread viruses. New vulnerabilities occur every day, and not everyone is proactive in playing defense utilizing anti-spyware and anti-virus protection. Here are some excerpts and my related comments from a TechRepublic blogger to build awareness and to help any user avoid viruses and spyware:
"Oh, the deck is stacked. Don’t think for a minute it’s not. As a technology professional responsible for securing office networks, workstations, and servers from viruses, spyware, adware, Trojans, and other malware infections, I can tell you that the situation is only getting worse.
A Computer Economics report showed that annual worldwide malware expenses increased by $10 billion (to $13 billion) over a recent 10-year span. Google Research suggests that one in every 10 Web sites is infected with “drive-by” malware. "
With that kind of growth, the IT staff has an uphill battle in informing users of threats and performing preventive maintenance. Posting these tips around the office or distributing them in an email is a great way to pass the word to end users. Take back a part of that $13 billion!
1. Install Quality Anti-Virus
The best software packages on the market will give the user the ability to update frequently throughout the day. As the vulnerabilities are revealed, the user will be protected in near real time.
2. Install real-time anti-spyware protection
The best protection is one that checks as the user browses around the Internet. Prevention is always a better strategy than detection and removal. Most free versions only allow detection and removal.
3. Keep All Software Packages Current
For security purposes, this is not a bad idea. I understand that for operational purposes there are times where compatibility issues prevent immediate updates. For those of you with these obstacles, please consult a technology professional for an alternate strategy and response.
4. Setup Daily Scans
Even real time active anti-malware engines will fail and your system will get infected. Daily scans will allow all of the running processes and system files to be analyzed, which could lead to isolation and/or automatic removal of a "sleeping" threat.
5. Disable autorun
Users most certainly will have some autorun features turned on for convenience. A good example is when a user connects a USB Thumb Drive and the routine task starts automatically. This is a great way for a virus to propagate to the connected drive.
"Computer users can disable the Windows autorun feature by following Microsoft’s recommendations, which differ by operating system. Microsoft Knowledge Base articles 967715 and 967940 are frequently referenced for this purpose. "
6. Disable image previews in Outlook
Automatically downloading images received in Outlook opens the door for a user to be automatically infected. Many Windows features are convenient, but can result in unintended security breaches.
7. Don't click on email links or attachments
Professional grade anti-malware software can help protect the user by scanning the link ahead of browser download. As a best practice, always try to manually navigate to the sites by opening a browser first and then typing in a link.
8. Surf Smart
If the user has software that has phishing filters, link scanners, pop-up blockers, make use of all the tools. If the user arrives at a website by manually typing the link, it is most likely okay to enter his/her user name and password. If an online banking website appears automatically via pop-up window, close the browser immediately and avoid entering any personal data.
"But even manual entry isn’t foolproof. Hence the justification for step 10: Deploy DNS protection. More on that in a moment."
9. Use a hardware-based firewall
A separate device other than a user's PC is the best defense. My general philosophy is that there is safety in numbers and diversity. Whether it is investing in the stock market or computer security, having options is not a bad idea.
10. Deploy DNS Protection
Our technicians have seen this a number of times right here at home for our customers. Certain viruses like to translate friendly website names like Google or Yahoo and redirect the PC to malicious websites. This is an advanced topic for the average user. However, I would suggest to your company to consider talking with an IT professional about an implementation strategy if this is a concern for your organization.
If you are interested in reading the entire article (Yes, there is more, I actually shortened it with my comments), it is available here.
Taking care of this yourself has become quite a burden. Outsourcing your IT work to a company that focuses on monitoring and prevention is certainly a way for you to take a rest and focus on your business and core competency.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Wednesday, August 4, 2010
Friday, March 5, 2010
1 Quick & Easy Security Tip for Today
A brief discussion about "Two-Step Authentication" and your small business network.
Every additional layer of security reduces the risk of unauthorized access, and adding a second method of authenticating business network users may be a great way to deter inappropriate activities. For very secure enterprise environments, this would require a key fob or some external hardware attached to a laptop in addition to a user-id and password. While this method is very secure, it is costly to implement and few businesses choose to do so. However, nothing is stopping us from being creative and implementing two sets of authentication methods for various aspects of business. Let's look at a simple wireless network in a small retail environment. A consumer grade wireless router & access-point can easily implement a form of two step authentication. Consider enabling the wireless encryption protocol. When encryption is enabled, not only is it harder to gain access to the network, scrambling part of your transmission path is now an added benefit. Many small businesses take advantage of this simple encryption method, but few take the second step of authentication to significantly reduce the probability of a network intrusion. Media Access Control (MAC) Address filtering is another deterrent method available on consumer grade routers. This will help restrict wireless access to only those users or devices you authorize. These addresses are uniquely assigned to each network device manufactured. If a MAC address isn't on your router's list, access is denied. We certainly don't claim that this method is 100% secure. If you are in a industry where security policies are regulated, we don't recommend consumer grade wireless routers as a solution. Consult a professional! Review your industry's requirements or recommendations, and if you have any questions - feel free to call our local support team for help. 706-823-2115.
At Georgia Business Net, we want to be your LAST Telephone & Internet Solution Provider. The Client Relationship means everything to us! We feature Local & Long Distance Telephone Service, High Speed Internet, Next Generation Phone Systems, a local Data Center, and much more.
Every additional layer of security reduces the risk of unauthorized access, and adding a second method of authenticating business network users may be a great way to deter inappropriate activities. For very secure enterprise environments, this would require a key fob or some external hardware attached to a laptop in addition to a user-id and password. While this method is very secure, it is costly to implement and few businesses choose to do so. However, nothing is stopping us from being creative and implementing two sets of authentication methods for various aspects of business. Let's look at a simple wireless network in a small retail environment. A consumer grade wireless router & access-point can easily implement a form of two step authentication. Consider enabling the wireless encryption protocol. When encryption is enabled, not only is it harder to gain access to the network, scrambling part of your transmission path is now an added benefit. Many small businesses take advantage of this simple encryption method, but few take the second step of authentication to significantly reduce the probability of a network intrusion. Media Access Control (MAC) Address filtering is another deterrent method available on consumer grade routers. This will help restrict wireless access to only those users or devices you authorize. These addresses are uniquely assigned to each network device manufactured. If a MAC address isn't on your router's list, access is denied. We certainly don't claim that this method is 100% secure. If you are in a industry where security policies are regulated, we don't recommend consumer grade wireless routers as a solution. Consult a professional! Review your industry's requirements or recommendations, and if you have any questions - feel free to call our local support team for help. 706-823-2115.
At Georgia Business Net, we want to be your LAST Telephone & Internet Solution Provider. The Client Relationship means everything to us! We feature Local & Long Distance Telephone Service, High Speed Internet, Next Generation Phone Systems, a local Data Center, and much more.
Thursday, March 4, 2010
Two Tips for Your Security Review
Spring is almost here! It is always a good time for a Network Security Review.
Here are a few questions to ask and some low cost tips that are quick to implement on the road to continuously improving your network's security.
1. Have you had any staffing changes in the last twelve months?
If you have had a staffing change recently, take a moment to change passwords, VPN or Wireless Keys, and the security system's code. We recommend this even if the staff left on good terms with you. Why? You never know when their password list was written on your letterhead which got thrown out with the garbage while cleaning their office.
2. Have you had problems with your wireless router recently?
When most small businesses buy a wireless router, they do a good job of making sure it is secure. Wireless Encryption, turning off the SSID Broadcast, and changing the default password are all on the agenda. And then one day recently, it stopped working. The quick fix was..? You hit the "reset" button to get it working again quickly. Now all those default passwords are back, and it is easier than ever to get access to your wireless network.
Changes in your office often result in potential gaps in your security policies.
Take a moment to review or give our Local Support Team a call if you have questions 706-823-2115.
Click here to receive more tips via email
Here are a few questions to ask and some low cost tips that are quick to implement on the road to continuously improving your network's security.
1. Have you had any staffing changes in the last twelve months?
If you have had a staffing change recently, take a moment to change passwords, VPN or Wireless Keys, and the security system's code. We recommend this even if the staff left on good terms with you. Why? You never know when their password list was written on your letterhead which got thrown out with the garbage while cleaning their office.
2. Have you had problems with your wireless router recently?
When most small businesses buy a wireless router, they do a good job of making sure it is secure. Wireless Encryption, turning off the SSID Broadcast, and changing the default password are all on the agenda. And then one day recently, it stopped working. The quick fix was..? You hit the "reset" button to get it working again quickly. Now all those default passwords are back, and it is easier than ever to get access to your wireless network.
Changes in your office often result in potential gaps in your security policies.
Take a moment to review or give our Local Support Team a call if you have questions 706-823-2115.
Click here to receive more tips via email
Subscribe to:
Posts (Atom)
Posts
