Category: News

Security and protection for your business – Servers and Workstations

Posted on by Mark Pace

Security is key over holiday season and every other day.

With Christmas Holidays coming up fast, it is important to ensure that your systems are secure & protected. Please consider not only that your office is securely locked up, but also you have power protection, latest versions of a good antivirus solution, all your computers are automatically updated and monitored as well as cooling.

Protect_Server_Image

1. Ensure your servers are in a secure area where they are safe from unauthorised access to your office.

2. Ensure that you have a UPS on all network equipment including servers, switches, routers and even your phone system.

3. Ensure that the servers are kept at a cool constant temperature, especially if you are closed. Power is expensive, however cooling your servers and critical equipment is priceless.
(if you need air conditioning advice, we can assist with this as well.)

4. To protect from nasties, ensure that you have all your systems fully patched, not only with Microsoft Software Updates but also Third Party such as Adobe, Java, Flash and more. Ensuring that these applications and software is patched will reduce the risk of infections and attacks. Also ensure your antivirus is fully updated.

For all our Managed Clients, we will ensure updates are done for you to protect you best we possibly can.

5. Last but not least, ensure you have backups backups backups and backups. Not only have backups, but ensure you have an offsite copy as well.

From around $20 a month, we can offer an offsite backup solution to protect your data.

 

If you have any questions with the above, would like a quote or even would like to just discuss anything, please contact our office.
Please mention this post as well.

Have you thought about Dropbox and the loss of files? How do you recover whether its theft or crash?

Posted on by Mark Pace

hacker People rave to us about how useful cloud services like Dropbox are for work, but not many say to us that they are worried about whether it’s safe.

So it was interesting to hear a reminder recently that it’s the simple, mundane, day-to-day mistakes you can make in Dropbox that might expose your data. These risks aren’t to do with popular concerns about government spying or hackers – they’re primarily to do with “losing control” from within.
What is the risk of using Dropbox?
 The warning comes from Ali Moinuddin from Workshare, which provides software designed to help businesses stop accidentally exposing sensitive data online.
 courierboxes
The way he sees it, there is the risk that someone within your business could share a link to a file with someone outside the company. Or one of your staff could be storing sensitive company files within a password protected personal Dropbox account. When they leave the company you might lose any chance of accessing the files.
“If one of my employees started to walk and they were using a Dropbox personal account, they could basically take that information with them. You have no control over it, ” Moinuddin said.
Emailing or sharing an attached file can be a mistake if it’s hiding sensitive information – Word documents can contain information you mightn’t want anyone to see if you’ve turned on “track changes”, and Excel spreadsheets could contain hidden columns. Information about who created the document and when it was last modified could be something you don’t want people to know in certain situations.
“99% of the time it’s done without malice. They’re creating a document, then sharing the document, and they’ve not seen the hidden metadata”, said Moinuddin.
Do you know where your data is?
If you haven’t stopped to think about all this, here’s another reason – changes to the privacy laws coming into effect in Australia in March next year. If your business stores sensitive personal information about your customers, it’s up to you to make sure that information doesn’t fall into the wrong hands. If that data goes offshore, you will be required to tell your customers. In the worst case, your business might be held accountable if a third party (and our reading of the draft guidelines is that this includes cloud service providers) does the wrong thing and exposes the information.
There are various details (for example, some businesses with a turnover of less than $3 million won’t be subject to the requirements) but overall, the push is on to make businesses pay attention to where personal information about their customers is going, and to make sure it’s protected.
Sterling IT can provide a backup service with versioning for $275 per year for 50GB. We use this with dropbox so if there is the case of losing files in dropbox, there is a second copy elsewhere. Contact us to discuss further and provide a trial.

Businesses failing to fight IT security threats, but the biggest problem is staff, PwC survey shows

Posted on by Mark Pace

Information technology hackers can still get the better of businesses, with companies around the world failing to keep a step ahead of information security threats, new research has found.

And it is not just anonymous external hackers that businesses need to worry about, but their staff, with the biggest internal risk to a company’s IT security identified as its people.

The PwC Global State of Information Security Survey 2014 interviewed 9600 business leaders across 215 countries. It found that 30% reported the biggest internal IT security risk was current employees. Twenty seven per cent said it was former employees, and many noted that a lack of mechanisms to respond to internal incidents was an issue.

External to the business, one third of respondents identified hackers as the most likely source of IT security threats.

The report found that despite a forecast increase of 51% in security investment, security incidents have risen by 25% in the last 12 months. The issue is costing more money, with the average financial loss associated with the security incidents has also increased by 18%.

In a worrying figure for business owners, since 2011, the number of respondents reporting losses of $10 million or more doubled.

The pharmaceutical sector was the most prominent industry reporting losses of $10 million or more, at 20%, while financial services and technology sectors were at 9% and industrial products at 8%.

PwC head of cyber services Steve Ingram said efforts to detect threats and protect data have increased in the past year.

“But the pace of digital change is fast and many organisations are still relying on yesterday’s strategies to fight today’s threats.”

Despite the threats, it found that confidence in their organisation’s security activities had improved. It reported that 74% of respondents were confident about the effectiveness of their organisation’s activities, with chief executives most confident at 84%, and chief financial officers less confident at 76%.

Cloud computing is opening businesses up to hacking exposure. While usage of cloud computing is up by 47%, the survey found less than one fifth of organisations have a policy governing its use.

In Australia, spending on IT security is forecast to increase by 46% in the next 12 months.

Ingram told SmartCompany that in many ways Australian businesses are role models for excellent IT security practices. But business owners still need to be more vigilant.

“In the old days you’d put up a firewall and you’d be OK,” he says.

“In the modern world you can’t rely on that. You can’t tackle it the old ways.”

Ingram says just like people protect their phone and passport to a greater degree than their TVs, business owners need to scrutinise the essential elements that need to be protected in their business.

For example, sensitive information could be customer data or details of mergers and acquisitions. Business owners need to understand exactly how well these elements are protected, and not to rely on simply outsourcing their IT security.

In 2014, he predicts IT security will become an increasingly front-of-mind issue for CEOs and directors, and he expects more businesses to have a security threat contingency plan put in place.

 

 

 

Reference:
Tuesday, 12 November 2013 12:13
Melinda Oliver – SmartCompany

CRITICAL WARNING VIRUS ALERT – CryptoLocker – Prevention and Clean

Posted on by Mark Pace

Please read and take note
CryptoLocker 14th October 2013

CryptoLocker is the next generation of internet virus that is currently circulating all over the world in large numbers. Once a computer becomes infected it will lock all your files plus any network files it has access to, even your server.
Once the files are locked it will give you a three day countdown to pay the ransom, usually $100 or $300. If the time expires your files are locked with no option to pay the ransom.
It is by far the worst we have experienced so far and virus protection companies are scrambling to catch up with this one, as it changes frequently to elude the virus scanners. In other words: it can affect you if you are not careful even though your firewall and virus protection is active and up-to-date.
Currently there are only two known methods to remove the infection, restoring your files from a backup or paying the ransom.
Please be aware that paying the ransom is not guaranteed to work. We don’t condone paying the ransom and supporting these cybercriminals.

Usually this occurs by these methods:
In the form of attachment, usually disguised in an email appearing to come from your bank, insurance company or courier service or scanner.
A simple safety procedure that works for the majority of email applications or online email services is to “hover” over the link, which means move the cursor to the attachment or “button” or other link in the email, but DO NOT click.  If the domain name that appears has no relation, looks suspicious, or appears as an unintelligible tangle of letters and numbers, it usually means it is not legitimate and should be deleted.
Through Trojan websites, which will ask you to download a piece of software in order to watch video clips or download songs off the internet.
Through exploit kits, specific websites with similar names to popular ones, just waiting for people to miss-type the address and think they are on their favourite website.
Advice for prevention

Do not open attachments if you are unsure of the contents or the email was unexpected.
Look for clues in the email content, usually most legitimate emails will address you by name and not something generic like ‘customer’ with vague wording.
Do not click on website links in emails until you have viewed the link location (do this by hovering over the link, this will display the link right at the bottom of Outlook). Instead of clicking the link, you are best to manually browse to the website via your web browser.
Make sure your anti-virus is updated regularly
Make sure your backups are current and working and backing up ALL critical data
If you get the virus

Stop work
Immediately disconnect any network drives
Contact us
Alert other users of the issue, as most likely any work done will be overwritten when the backup is restored.
Please do forward this email on to your staff, friends and associates.

If in doubt or have any questions, please contact Sterling IT.

Sophisticated Apple ID phishing email “Update your Apple ID account”

Posted on by Mark Pace

Apple ID account holders targeted by double chance phishing email

Apple ID account holders need to be cautious of a sophisticated phishing camping targeting your Apple ID, personal information and credit card details.

REMEMBER: You will have an Apple ID if you have registered to use iTunes or many other Apple products. You don’t need to own an Apple iPhone or Mac to have an Apple ID.

The phishing email looks official and currently includes the subject line “Update your Apple ID account”. Other known subject lines include: “Please update your Apple ID”, “Please verify the email address associated [sic] with your Apple ID”, and “Your Apple ID has been Disabled for Security Reasons”.
Similar versions could also reference iTunes.

The email includes a link which, when clicked, takes you to a fake, but realistic looking Apple website asking you to sign in to your account.

 

An example of the phishing email: clicking the “Update Now >” link
will take you to a fake Apple sign in page

The first fake Apple web page

If you enter your account details they are immediately sent to the scammer, however this is a two-stage scam, and once you have entered your Apple ID and password it will continue, taking you on to a second fake page where you are asked for further information including your credit card details.

The second fake Apple web page, seeking extra information

The fake website has been customised to specifically target Australian Apple ID account holders and features a number of design details tailored to lure Australians, such as a field requesting Medicare Card numbers and Australian flag  icons.

Some inconsistencies, such as the request for your “3D Secure” number or the placement of a Discover Credit Card logo (predominately US features), offer clues to suggest this is a fake page.
The most important indication that this is a scam is the assurance from Apple that they will not contact you seeking critical information via an unsolicited email.
If you need to log on to manage your Apple ID account or any other online service, source the website address independently of any such emails and type it directly into your browser.

Avoid  phishing  emails  

Always be suspicious of unsolicited emails.

Do not click links or open attachments unless you are confident about the sender and information the email contains. The best advice is to simply delete the email.

If you are uncertain about the origin of any email you can always cross check the information by going independently to the company’s website or by calling them directly.

Apple customers also have the option of activating two-factor authentication for their Apple account.

 

 

 

Source : www.staysmartonline.gov.au