Saturday, June 5, 2010

Facebook Privacy

There are numerous articles relating to Facebook privacy...or lack thereof. If you really want to protect your own privacy then you best option is to learn how it protect it. Sometimes a video is the most effective learning tool. Put away that heavy and cumbersome manual. If you want a quick and dirty on how to protect your privacy using Facebook watch the video's below.

FaceBook Profile Lockdown Part 1 from Off The Broiler on Vimeo.

FaceBook Profile Lockdown Part 2 from Off The Broiler on Vimeo.

Thanks to Jason Perlow of Tech Broiler for providing these video links.

Sunday, May 23, 2010

Data stored on copy machines: a source of identity theft

Most Americans don’t know that every document that is scanned, copied, printed or faxed is stored on a copier’s hard drive. That data is never erased. So, when you return your copier, sell it, or recycle it, all the data that remains on the copier’s hard drive goes with it and who ever receives it. Most copier’s lack any built in security to protect the data and documents stored on the copier hard drive so anyone with only limited knowledge can access this information.

This means that any business that uses a copier may be exposing your personal or business private information to identity thieves ….or anyone for that matter.

Watch this CBS News report for more information

So what can you do? Here are a few tips for good copier security:

  • Be careful what you copy. Avoid copying personal information on work or public machines. Especially if you have no control over how those machines are administered.
  • If you're leasing a machine, discuss end of life security with your copier service provider to ensure that copy machine hard drives will be completely erased when the machine is removed.
  • The other alternative is to destroy or erase the disk yourself before selling the machine or allowing it to be removed from your premise. You can ask your computer service provider if they know how to remove the hard drive from the copier and erase all the data and documents. My company Avisotek provides this service upon client’s request, but also as a matter of security planning and compliance.

Some copiers have privacy and security software available. Sharp and Xerox, for example, can overwrite images so that they don't remain on the hard drive after the print job finishes. Discuss these features with your vendor and implement appropriate security policies.

Sunday, April 18, 2010

Going Rogue…Surviving a Fake Antivirus Application Hijacking Your Computer

I got a call from one of my CPA clients on April 15th. One of their computers was hijacked by “XP Malware 2010”. This is one of those fake virus protection applications that once on the machine activates numerous pop-up messages stating the computer is infected. The pop-ups attempt to entice the user to purchase an application that claims it will clean the machine. Fortunately, my client recognized it was a malware “infection” and immediately shutdown the computer. By the way, this client did have up to date virus protection. Never-the-less, the client lost the use of this computer on the busiest day of the year for their business.

The aforementioned is a common tactic used by rogue security software that the industry has christened “scareware” or “extortionware”. The first objective is to fool the user into believing the security warning pop-ups by creating an appearance and look very similar to Windows warning messages or the warning messages associated with popular virus protection software such as Symantec, McAfee etc.. The second objective is to lure the user to give up their credit card and other personal information through purchasing the rogue security software.

Even if you weren’t “fooled” your computer is still infected!!

But, even if you aren’t fooled, that doesn’t mean you’ve avoided the worst part of the infection. Often, more than one malware infection is loaded on the user’s computer. “…the underlying JavaScript code ensures that wherever on the image a user clicks, whether on the ‘Remove All’ or ‘Cancel’ buttons, the malware will load.”, says Greg Masters in the April issue of SC Magazine (a computer security industry trade magazine).

What to do when you computer has been slammed…

First thing you should do is disconnect your computer from the company network. In other words, remove the Ethernet cord from your computer. It is important to disconnect the computer access to the Internet as soon as possible. Why? “Some iterations of rogue security software contain keystroke loggers and back door functionality. This allows the malware authors to siphon off personal information on an infected computer. And, like legitimate registered software, this establishes a connection between the computer and a server controlled by the scam artists – linking what is now estimated to be millions of computers together into a botnet. Thus, updates can be pushed out to the network commanding the enlisted computers to perform any number of functions”, explains Greg Masters.

Secondly, have a professional look at the computer. These rogue security software are created by well funded criminal organizations, and have a sophistication inherent to well paid programmers that are beyond your average computer user knowledge to successfully remove. Often, the payload includes more than one infection. So, the original fake antivirus application may be removed, but the other infections remain intact.

In fact, most virus protection software fails to detection “botnet” infections that are part of the payload associated with rogue security software. A recent study found that only 9 out 41 virus protection software vendors were able to detect a “botnet” infection. That is a pitiful percentage. This is just another reason enlist a professional to clean your computer.

Your mother always said that an ounce of prevention was worth more than a pound of cure

Here are some suggestions to help you avoid computer infection

  1. Use a website advisor, such as McAfee Site Advisor. According to Greg Masters an estimated 70 percent of infections are coming from visiting websites.
  2. Educate your employees on the best computer usage practices. For example, avoid clicking on links embedded in email. Instead, manually type the website address into your web browser. Education is often one of the best investments in protecting your computer systems.
  3. These days virus protection software and firewalls are only rudimentary protection. Consider network monitoring tools, web content filtering, user account restrictions, and program white listing. If you are not familiar with these options, talk to a professional who can explain what these additional layers of protection do and how they add increased protection.

Saturday, April 10, 2010

So you think you know everything you need to know about computer technology...don't be so sure!

Beep, beep goes the pager…down, down is the server

My pager beeped during a meeting with a client at Starbucks. My clients call the “Urgent Response Hotline” (my pager) whenever they are in panic mode. The meeting at Starbucks was near its end anyway, so we wrapped up our business straight away. I proceeded to call my panic stricken client within ten minutes of the alarm beep.

Client: “Our server is down, and I’ve been working since 10am trying to get it back online.” She stated in an exasperated voice. It was now 3:30pm.

My first thought was if the server is down, why did the client wait several hours before calling me? Why didn’t she call me right away? This is a company that conducts all its sales over the phone or through their website. In fact, 50% of their sales come through the company’s website. And, the server she was referring to is an integral working part of the website sales.

Me: “Tell me what happened and what you’ve done to troubleshoot the issue.”

Client: “We got a new telephone number that we’ve been trying to get for some time now, and we also upgraded out Internet service at the same time. The (ISP) technician came out to install the new router, and left. Then I was told we couldn’t reach the Internet, and our website sales link was down. I called (ISP) to try to resolve the issue. The technician walked me through the set up of the router over the phone. Now some of us have Internet access, but our website sales link is still down. Is this a problem that you can walk me through over the phone?”

I told her that it was not something I could walk her through over the phone. Frankly, it would take less time to do it myself. This was an important consideration since this client was paying by the hour, as opposed to a flat fee service plan my company also offers to clients. What she didn't seem to understand was their Internet sales setup was far more complicated than your average home Internet setup. To put it in non-technical terms, asking me to walk her through the problem resolution over the phone was like having a surgeon assisting a stock broker over the phone on performing the delicate procedures of brain surgery on one of the broker's investment clients.

When I arrived on the scene, I discovered a very discombobulated setup. The (ISP) had instructed my client to disconnect the switch from the Linksys router and attach it to the ISP’s router. That router’s firewall was disabled. This essentially exposed the computers on the client’s network directly to the Internet without any firewall protection. Without firewall protection a computer can and is often easily hacked. In addition, only five of the twelve computers had access to the Internet. The internal server was completely disconnected from the workstations. The website sales link remained disconnected from the Internet preventing any Internet sales.

The client didn’t understand why this happened. She was following the instructions of a “technician”. What she didn’t know is that an ISP is only knowledgeable about the ISP’s network. They are not experts on configurations of equipment on the client’s side of the router.

Sometimes…you don’t know what you don’t know…and it will cost you

It is true that this client like many other businesses has experienced a slump in revenue due to the recession. Even so, this situation is actually quite common with small businesses in any kind of economy. They want to take advantage of the latest technology. They also want to keep costs to a minimum. More often than not, these two objectives conflict with each other producing the scenario that happened to this client. Because most small business managers use computers every day, that familiarity can lead to the assumption they understand computer technology. The truth is they don’t know what they don’t know.

This episode cost the client two days of lost Internet sales. And, it is fair to say it put an unfavorable dent into their business reputation. The downtime could have been completely avoided if the client had brought me in from the beginning. Unfortunately, the client assumed she knew everything she needed to know, and she thought she was saving money by doing it herself. In the end it was more complicated than she thought, and it cost her company more money by doing it herself.

If you are going to take advantage of technology then you need to be smart about it. It is impossible for a small business owner to be an expert in everything…marketing, accounting, technology,…etc. The most successful business owners are the ones that put together the best team. That is why it is best to know your limitations and where to go for advise. Why? You may not know what you don’t know, and it could cost you far more than you realize!

Saturday, March 27, 2010

Welcome to Byte My Computer Networking.

Welcome to Byte My Computer Networking. A dissertation about the happenings in the day of the life of a SMB computer consultant. It is truly more exciting than it seems on the surface. Stay tuned.