An organization can spend mountains of cash on best of breed network defenses and security tools, but it can all come crashing down with one click from a user. Users are the weakest link when it comes to network and computer security, but a new survey from Globalscape reveals that the users themselves aren't entirely to blame.
Stories by Tony Bradley
Once upon a time, not so long ago, the IT admin chose exactly what hardware and software would be used by employees. Recent trends like the consumerization of IT and BYOD (bring your own device) have shifted the balance of power, but IT still has to maintain some degree of control over the applications used and where sensitive data is stored. Many users just download apps or start using unsanctioned services, though, and introduce unnceccesary security risks through "shadow IT."
Cybercrime is more costly than most organizations realize, and those costs are continuing to rise. The cost per victim has increased 50 percent, and the total cost of cybercrime is a staggering $113 billion--with a "B." One way to avoid becoming a victim of cybercrime is to make sure users are trained to recognize potential threats.
With BlackBerry onlifesupport, it's time to accept the likelihood that there won't be a BlackBerry a year from now. Your business be in for a rude awakening if it relies on the once-mighty smartphone for mobile communication and productivity.
Microsoft revealed the date this week when it plans to start collecting on its bets. As of October 26--the official release date for Windows 8--all the cards will be on the table, and we will see if the gamble will pay off or not.
Microsoft seems to be at the centre of all the rumours right now in a way normally reserved for Apple. Aside form the mystery media event in Los Angeles later today, where Microsoft is expected to make a tablet-related announcement of some sort; it’s also the focus of speculation that it is finalising talks to acquire Yammer for around US$1 billion.
Microsoft is ready to join the tablet party this year with Windows 8. As dominant as the Apple iPad is, there is demand out there for a more versatile and powerful mobile platform. So far, Android tablets and other rivals like the HP TouchPad and BlackBerry PlayBook have failed to capture much attention, so there is still an opportunity there for Microsoft.
Microsoft unveiled a new look for the Windows logo for Windows 8. There seems to be a dramatic rise inbranding and style experts online, and some significant backlash around the internet, but all of that misses the point of why the new Windows 8 logo is a brilliant move.
What happens when you combine an overzealous drive to fight Internet piracy, with elected representatives who don’t know the difference between DNS, IM, and MP3? You get SOPA--draconian legislation that far exceeds its intended scope, and threatens the Constitutional rights of law abiding citizens. And <a href="http://www.pcworld.com/article/246361/controversial_antipiracy_bill_sopa_nears_house_approval_why_you_should_care.html">it may just pass</a>.
A <a href="http://www.pcworld.com/businesscenter/article/237476/lightning_strike_in_dublin_downs_amazon_microsoft_clouds.html">lightning strike in Dublin</a> took out a power transformer. In and of itself, that isn't all that unusual or noteworthy, but this particular lightning strike also impacted the backup power systems at Amazon's cloud data center, knocking the service offline. Looking back, there are some lessons to be learned both for Amazon, and for businesses that <a href="http://www.pcworld.com/businesscenter/article/229823/icloud_raises_serious_data_security_concerns.html">rely on cloud services</a>.
The antics of groups like Anonymous and LulzSec over the past few months have made data breaches seem inevitable. If information security vendors like HBGary and RSA Security aren't safe, what hope does an average SMB have? It is true that there is no silver bullet, and no impervious network security, but there are a variety of things IT admins can do to prevent network breaches and protect data and privacy better.
The web safety and online identity protection experts at SafetyWeb.com and myID.com helped put together a list of 10 different data and privacy breach scenarios, along with suggestions and best practices to avoid them.
1. Data breach resulting from poor networking choices. Names like Cisco and Sun are synonymous with enterprise-level networking technologies used in large IT departments around the world. Small or medium businesses, however, generally lack the budget necessary for equipment like that. If an SMB has a network infrastructures at all, it may be built around networking hardware designed for consumer use. Some may forego the use of routers at all, plugging directly into the Internet. Business owners can improve network security and block most threats by using a quality router, like a Netgear or Buffalo brand router and making sure to change the router password from the default.
2. Data breach resulting from improper shredding practices. Dumpster diving identity thieves target businesses that throw out paperwork without shredding it. Most home shredders will suffice for small businesses in a pinch, but a commercial shredder is a wise investment if private information is printed and shredded daily. Make sure that documents with sensitive information or personally identifiable data are thoroughly shredded before disposal.
3. Tax records theft around tax time. On a similar note, businesses need to pay extra attention to incoming and outgoing information related to taxes. Businesses must ensure that tax returns are dropped off at the post office and refunds are collected promptly from the mailbox. Identity thieves often steal tax returns from an outbox or mailbox.
4. Identity theft resulting from public databases. Individuals, especially business owners, often publish lots of information about themselves in public databases. It is a sort of catch-22 because a small business owner wants to maximize exposure while still protecting individual privacy. Businesses are registered with the county clerk, telephone numbers are in the phone book, many individuals have Facebook profiles with their address and date of birth. Many identity thieves can use information searchable publicly to construct a complete identity. SMBs need to think carefully about how and where to gain exposure for the business, and consider the consequences of sharing sensitive information publicly.
5. Identity theft resulting from using a personal name instead of filing a DBA. Along those same line, sole proprietors that do not take the time to file a Doing Business As application are at a far higher risk of identity theft due to their personal name, rather than their business names, being published publicly.
6. Bank fraud due to gap in protection or monitoring. Business owners know that it is vital to balance their accounts every month to ensure that checks are not being written out of business funds by embezzlers, but many businesses rarely, if ever, check what kind of credit accounts have been opened under the business name. Monitoring services like myID.com can alert business owners when new credit accounts are opened fraudulently.
7. Poor emailing standards. Many businesses use email as if it is a secure means of communicating sensitive or confidential information. The reality is pretty much the exact opposite. Emails are available to a number of people other than the recipient, and there is generally ample opportunity for email communications to be intercepted in transit. It's more appropriate to treat emails as postcards, rather than sealed letters.
8. Failing to choose a secure password. Use secure passwords. Please. In fact, many security experts are recommending the use of a pass phrase, rather than a password. Pass phrases are several words long, at least three, and are far more secure than passwords. A pass phrase like "friday blue jeans" can be typed far quicker than a complicated password, and it doesn't need to be written down on a scrap of paper stuck to a monitor to remember it.
9. Not securing new computers or hard drives. Businesses that do not have a dedicated IT department or information security administrator should seriously consider using outside consultants to secure and lock down PCs and hardware. If the security controls available within an OS like Windows 7 are enabled and properly configured, most data breaches can be thwarted.
10. Social engineering. Social engineers are individuals that call and claim they are from another organization. Social networks like Facebook and LinkedIn are also at risk for attackers attempting to exploit the social framework to gain access to sensitive information. The attacker may even claim to be with a firm that a business owner does business with. If someone you do not know calls on the phone, or contacts you by email, or through a social network, be sure that it is the person you think it is before revealing passwords or confidential information. Better yet, have a policy in place dictating who is allowed to reveal such information and under what circumstances.
If you take a look at these ten scenarios within your business, and follow the guidance provided, you can prevent the vast majority of data and privacy breach incidents.
Google unveiled details of Google Wallet this week. Google Wallet is an ambitious mobile payment plan designed to let your Android smartphone be your wallet, but you should consider very carefully just how secure your credit card data will be in Google Wallet.
I didn't expect to get a ticket to the rapture, but judging from the lack of abandoned vehicles it seems that the rumors of the end of the world were a bit exaggerated. However, even though the world did not come crashing to a halt today, don't let your guard down just yet. Now comes the rapture spam and apocalypse phishing attacks.
Oracle delivered its <a href="http://www.pcworld.com/businesscenter/article/216775/oracle_issuing_66_patches.html">quarterly montage of patches</a> and updates this week. The quarterly release cycle--like Microsoft's monthly Patch Tuesday--is designed to provide some stability and predictability for the IT admins who have to test and implement the patches, but at least one security expert thinks the Oracle system needs some work.
The news of Intel acquiring McAfee for nearly $8 billion caught the tech world off guard and <a href="http://www.pcworld.com/businesscenter/article/203668/making_sense_of_the_intel_mcafee_purchase.html">perplexed analysts at face value</a>. The fact is that it doesn't make much sense based on the Intel and McAfee of today, but as the dust settles <a href="http://www.pcworld.com/businesscenter/article/203686/mcafee_rivals_respond_to_intel_acquisition.html">the deal makes more sense</a> when viewed as a visionary shift with an eye on <a href="http://www.pcworld.com/businesscenter/article/202444/online_trends_mobile_email_replacing_desktop_email.html">where technology is headed--everywhere</a>.