Are we the weakest link in the security of our business?

3D Helping HandIn a discussion this week I heard a rather interesting quote.    All computer systems can be compromised but it is vigilance and persistence that create a secure environment.    This is very true.   I was talking to someone that makes his living doing penetration tests on business systems using applications that he has developed and also his slant on social engineering.

One of the things that he did bring up was that hacking and gaining access to business systems has started to go full circle.   This means that social engineering is playing a larger part of the hacking repertoire.   Social engineering is a huge subject and a little larger that the space I have here but I will touch on it for now.

In the past the combination of a social engineering attack coordinated with a direct attack usual had the attacker gaining access at some level.    This had then been superseded by the script kiddies and so called hackers who use readily available programs and exploits from the internet (usually infecting themselves in the process) as a means to access business systems.    This has been augmented with virus, spyware and malware applications that have been broadly targeted on the internet and catching unsuspecting and insecure business in the net.

The newest component in the hacker’s ability to gain access to your business system is the use of social engineering and the use of social media to gain insight into a business’s  infrastructure.   In the old days they would get on the phone and ring the company and get as much information out of those people who were answering the phone.   This has changed  greatly with the introduction of social media.

For example – Joe is a payment receipt clerk for your business.   He has a very in-depth profile on a social media site which includes all of his information, where he works, what he does, who and what he like and dislikes and birthdays and family information.   This information he allows anyone to see.   A hacker can do some research and find out about Joe and he can do some further research on your business and who you do business with.   What “Mr Black” the hacker does is creates a carefully prepared infected invoice (infected PDF file) that he sends from one of your subcontractors and from an expected source.   Joe being an innocent worker doesn’t worry about the email because he believes it is coming from a legitimate source so he  clicks on the file.    If this sound familiar – this is how RSA (one of the most secure security systems on the internet) was compromised.

To have this happen, you have to have some serious legitimate information (Critical IP) that the hacker is after or some seriously available unsecure money to make it worth the hackers worth while.

Most high level Government workers and business CIO and CEO, although they have profiles on social media sites don’t have in-depth information concerning their everyday work environment and even that information is only available to friends or contacts that they know.

To protect yourself from a social engineering attack is relatively easy;    Keep critical business and personal information to only those people that you want to have that information, not the whole internet.  Furthermore access systems that need passwords need to have high level complexity and you should also have some level of auditing and reporting on the internal systems to track transactions within the business.

3 quick things you can do to secure your home computer?

Everyone knows that computers are the most influential piece of equipment for both the office and home to come around since the ball point pen.  An office environment has the benefit of having either a managed services or outsourcing company or onsite technical expert and expertise to protect their data but a home computer doesn’t.  The technical support usually comes from mum or dad or from the teenager.  This can be disastrous especially if the computer is used for other purposes like internet banking, internet purchases or keeping confidential personal data safe.

Most of the time the protection for a home computer is the installation of an antivirus software package and then the whole thing is forgotten in the euphoria of accessing the internet, doing the “Facebook thing” and playing games either on line or against the computer.   Don’t get me wrong I “LUV” playing games on my computer but I believe that I have a relatively secure laptop most of the time, but I have the luxury of having a little training and experience behind me.

So what can YOU do to protect not only your computer but also your personal data and your internet banking?   These are 3 of the most basic things that you can do in the never ending process of keeping yourself secure:

AntiVirus: There is no excuse for not having some level of antivirus installed on your computer.   There are a number of freely available packages – Security Essentials (Microsoft), Avast or Avira, that will stop most viruses in the wild but there are times where they will not pick up viruses that have not been discovered.  A more secure antivirus that does a lot more will have to be purchased.    If you are looking to purchase one of these packages then you should be looking at Kaspersky, Norton (Symantec), Trend or the like.   These packages do a lot more than just track your antivirus.   They will protect your computer from Malware (Scripts being run from a website), I had this experience just the other day when I was doing some research and went to a website that wanted to infect my computer.   My antivirus protected me.  Most of them also have a decent Anti-SPAM component as well as a fairly substantial firewall.   I can hear you from here – I have a MAC and it never gets a virus.  Sorry that is no longer true.    Some malware will infect a MAC and they are very painful to remove.

Firewall:  By having a firewall installed at all times especially when you are surfing the internet is not only a necessity but it can honestly save your wealth.   They can at times be problematic with false positives (incorrect readings) but as a first line of defence they are indispensable.   Although most firewalls are set and forget, if they detect something wrong they will pop up a warning – Please read it – so that you can make a decision on letting something in or not.  Again there are free variants available but good ones come packaged with the antivirus.

Update: I cannot say this often enough update as often as possible and don’t put it off unless there is a good reason.   The update process is designed to patch holes in operating system software as well as application of all types.    A hole in software is where the virus writers target their programs because they know that people are lazy and don’t like to update their computers and even worse restart their computers after the update process.   All of the big software companies, including game writers, now have an update process and after you install an application it will check the website through the application or every time that you open it.

As an additional point if you are running Peer 2 Peer software on your computer, normally installed by the teenager to download music and movies for free, then I suggest that you remove it.   Peer 2 Peer software is designed to punch holes through firewall and disable antivirus so that they can be seen on the internet.  Peer 2 Peer software works on the principle that there are numerous sources or copies of the wanted download that you want.   The problem is that the available directories can be used by outside people to store child porn, pornography or pirated movies and music that you may not even know about.

So there you have it.   Home computer security is mostly common sense and thinking ahead.    These 3 points will ensure that your computer is well on its way to being protected when you use it.

Do you rely Just On Security Technology to protect your business information?

Nearly every day you hear about another security threat spreading across the internet. As a small or medium business, or a not for profit organisation (SME) how vulnerable are you to these threats?

SME’s are connecting to the internet in record numbers to support improved and greater market opportunities, to increase productivity and to strengthen communications with staff, management, customers and suppliers. The problem is, the more you open your network and business to the internet the more your confidential business information and data is at risk.

So you think you are too small to be a target?

Think again, if you use Microsoft software then you are a target by default. Microsoft is not bad but it has the largest market share, therefore any released virus, worm or application created by a hacker can achieve more with less. These programs spread rapidly and inflict damage on a global scale and you, as an SME can be caught in their net.

Security threats are constantly emerging and evolving, the job of securing your business information becomes all consuming. Little jobs take time – updating and checking anti-virus, patching and updating operating systems and applications, checking firewalls with renewed rules and policies are a critical requirement of your business risk analysis.

They still have to be done regularly.

The importance of checking these components in a timely manner cannot be underestimated. Consider the cost in lost productivity, reputation and non-compliance penalties that a breach could visit on your business. Effective security can be costly, time consuming and difficult for SME’s to implement successfully. Skilled security people are often difficult to find and cost prohibitive to have on staff. As a result the job often falls on the technologically savvy staff member who is already snowed under with other ICT matters or their own job to implement security features properly.

Today’s security threats are business size neutral. They leave a SME with the same security challenges as large corporations. The trouble is that SME’s do not have the depth of resources to handle them. This is where a Managed Services Security Providers (MSSP) can be of benefit to your business.

What are the benefits to your business of outsourcing your security?

You can focus on your core business

Outsourcing allows all of your staff to concentrate on revenue generating business initiatives instead of computer, security and infrastructure issues. Having limited IT resources on staff takes business resources away from your core business.

Reduced Cost

Outsourcing security sources provides your business with access to “big business” security protection at an affordable price.  The expense is more cost effective than hiring or contracting a security expert and the consistent monthly billing helps ensure security services that you need are available without unforseen hassles and expenses. An integrated and comprehensive solution that can help reduce the expenses of maintenance, upgrades and add on security solutions is a benefit to any business.

24 X 7 (always available) expert security staff.

You’re on staff, in house expert is normally available only during working hours. In most cases your outsourced Security Company can act as an always available security and ICT management department. They can also provide your business with access to an internet security expert without incurring the cost of hiring, training and retaining highly skilled staff.

Gain Customised Service

All MSSP’s have service plans and you can select the service plan that will fit your requirements.

Receive up-to-date protection

Technical security solutions such as firewalls, antivirus software, content filtering solutions, and virtual private networks (VPNs) are far more effective when they are maintained regularly with the latest system updates.  Changes to your business resilience and regulatory requirements can also have a detrimental effect on your business stability.

Why R & I ICT Consulting Services is right for you!

How do you know you are getting what you paid for?

  1. Company reputation – see what our clients are saying about us. We have references and referees that you can ask.
  2. Plans and services – we have a comprehensive assortment of plans and services depending on your business requirements and size.
  3. Service Level Agreement – all of our plans and services have a service level agreement incorporated into them so that you know what will be delivered in protecting your business.
  4. Guarantee – We guarantee all of our technicians work with a 100% money back guarantee. We also stick to any pricing that we put forward to you. All projects are priced on a per project basis so that no matter how long it takes it will not cost you anymore. No more “time and materials” projects based on how long is a piece of string that have costs blowing out uncontrollably.
  5. Monthly Reports – we supply monthly reports that are delivered with your next month invoice. We like to prove how much we have done for your business in the last month.