Why Net Neutrality is a Victory for Small Businesses

As a small business owner you are now free to set up an outrageously successful website without having to cough up extra money to your Internet Service Provider that would add no additional value to your service.   

Net Neutrality is the concept of keeping the Internet a level playing field with no "fast lane" or "slow lane" treatment to some kinds of traffic.  Large Internet Service Providers (ISPs) wanted to insert a "Middle-Man" service, that would stand in between the consumer and a Cloud provider such as NetFlix.  Currently, a user visits a website of their choice with no such Middle-Man obstruction.  Large ISPs wanted to implement another means to make money by charging a toll charge for website access.  There was no functional reason for this toll charge.  The Internet is working just fine.  Stopping short of censorship, the ISP could make access to a website so slow the result would be in users going elsewhere.  Eventually, the website host would have to pony up the extra money.  

It was no surprise there was widespread support for Net Neutrality as demonstrated by 99 percent of the 1.1 million comments on "Net Neutrality" submitted to the Federal Communications Commission were in favor of it, according to analysis by the Sunlight Foundation.

Steve Wozniak, co-founder of Apple Inc., explains why he favored Net Neutrality and why he thinks it is a victory for consumers. 

http://www.bloomberg.com/news/videos/2015-02-26/wozniak-this-is-a-victory-for-the-consumers

Antivirus Is Dead, What Do I Do Now?

Brian Dye, senior vice-president for information security at Symantec, has declared antivirus as “dead”. With a detection rate of only 45%, you can’t rely on antivirus to protect your computer from malware infections. Now what?

Being careful with opening email attachments and what websites you visit is important but doesn’t mean you will never be fooled. If you have ever watched a magician perform a trick and couldn’t figure out immediately how that trick was performed, then you are capable of being fooled. Experienced cyber criminals are experts at scamming and the art of illusion. Besides, most people use Facebook and other social media sites which have become a popular attack approach. Cyber criminals have enjoyed a 70% success rate with malware spread through social media.

If you assume your computer will crash or will suddenly experience performance issues, and that is how you will know you’ve been hacked, think again. Cyber criminals will NOT crash your computer. That would defeat their purpose. Their aim is to infiltrate your computer to pilfer data. After their done they will use your computer to cover their tracks so their attacks on other computers will appear to originate from your computer. Besides, even if your computer performance takes a dump, how are you going to remove the infection if the antivirus or similar detection tool can’t find the source of the infection?

Obviously, a new approach to computer protection is required. First, would be an operating environment that is impervious to infections. One approach would be to change you operating system to Linux. Millions of malware infections are roaming around on the Internet designed for Windows. There are fewer malware infections designed for a Mac. Still the number of malware designed for a Mac is close to one million. Linux on the other hand has had less than 100 malware designed to attack it. Part of the reason is due to Linux lack of use along and the numerous different versions. Linux has had a reputation of being difficult to learn and use. However, there is a new version that has been designed for Windows users called Zorin. Even so, you may still find learning a new operating system to much of a challenge.

A new technology known as virtualization may provide an approach that has promise. The technology isolates an application from the rest of the operating system. It can also isolate and entire operating system environment. The benefit is that whatever happens in that isolated environment stays in that environment and won’t affect the rest of your computer. An example of software that uses application virtualization is Sandboxie. If you open your browser (Internet Explorer, Firefox, Chrome, etc) within Sandboxie, and if you go to a website that has malware, the malware will be isolated in the Sandboxie environment and will not infect your computer. Sandboxie can be configured to erase all activity in a session so that you can start with a clean slate each time you open a program. That means any malware will not only be isolated, but at the end of the session will be erased. This technology is still relatively new and still needs some work in the area of usability for the average user. But, power users should have no problem installing it and using it.

I will have more suggestions in future blogs, so stay tuned.

Check out…

Sandboxie

http://www.sandboxie.com/

Zorin 

http://zorin-os.com/

If Antivirus Is Dead, How Do I Know If I've Been Hacked

Antivirus “is dead”, declared Brian Dye senior vice-president of information security at Symantec. Industry experts agree that antivirus protection is only 45% effective in detecting malware. If you have been relying on antivirus protection as your only approach to protecting your computer from intruders, then you might sleep less comfortably at night.

So, if you go to a website, open an email attachment, or download a file where there is malware present, there is a 55% chance your computer will become infected without you knowing about it. If you can’t rely on antivirus protection to detect an infection, how will you know if you’ve been hacked?

Chances are you won’t know you’ve been hacked. Most people assume that their computer will crash or will suddenly experience performance issues. That assumption is a myth. Cyber criminals will NOT crash your computer. That would defeat their purpose. Their aim is to infiltrate your computer to pilfer data. After their done they will use your computer to cover their tracks so their attacks on other computers will appear to originate from your computer. They may also add your computer to their network on infected computers. That network is referred to as a “botnet” and your computer is referred to a “zombie”. With a network of hundreds of thousands and even millions of computers, hackers have the power to launch attacks on networks and websites that can render them inoperable. There is absolutely ZERO benefit to the cyber criminal in crashing your computer.

If you think that being careful with opening email attachments and what websites you visit will protect you, think again. Most people use Facebook and other social media sites. According to industry experts the use of social media to spread malware has become ubiquitous. Cyber criminals have enjoyed a 70% success rate with malware spread through social media.

What can you do besides throw your arms in the air in frustration yelling “why little ol’ me!”. Or, resigning yourself to constant surveillance and saying to yourself “I have nothing to hide” in order to feel less uncomfortable. Obviously, a new approach to securing your computer is sorely needed. There are solutions that I will cover in future blogs. So, stay tuned.

Symantec Exec Declares Antivirus is Dead

 

Antivirus detects only 45% of all attacks which renders the widely used protection ineffective according to industry experts. Brian Dye, senior vice-president for information security at Symantec, has declared antivirus as “dead”. This comes from a company that has been a leading innovator of antivirus products since the 1980s.

Cyber criminals and hackers have simply outsmarted the developers at antivirus companies. At first the industry approach was detect and then protect. That method worked when the amount of malware and viruses being produced was relatively low. Once the amount of malware created per year reached the level of millions of variants the “detect and protect” approach became impractical. At that time a quasi-artificial intelligence called “heuristic detection” was developed. Heuristics worked for the 1990s and early 2000s. But, the bad guys found a way to bypass the heuristic detection. Hackers now use a method called “cypting” that renders malware undetectable to antivirus software and malware tools.

Brian Krebs, a computer security reporter describes this “crypting” method, “Put simply, a crypting service takes the bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today – to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And, it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.”

The cyber criminals and hackers call this kind of malware “full un-detectable” or “FUD” for short. This is the reason antivirus is now only 45% effective. So, if you have been depending on antivirus as your sole means of protecting your computers you are in for a rude awakening. And, if you have felt safe because your computer hasn’t crashed, you are even in for a bigger rude awakening. Professional cyber criminals and hackers will NOT crash your computer. That would defeat their purpose of pilfering your data and using your computer to cover their tracks when attacking other computers.  There is absolutely NO benefit to the cyber criminal to crash your computer.   They may encrypt your data and blackmail your into paying a ransom to get your data back, but they won't crash your computer. 

In future blogs I will discuss alternatives to antivirus protection that is more effective.  Stay tuned.  

Is Your Data Protection Stuck in the 1990s?

Let's be honest.  Business computing can be complex, confusing, and frustrating for the average small business owner.  Is it any wonder why most small business owners want simplicity when it comes to the securing of their business data.  Back in the 90's all one had to do was install a virus protection software that included a firewall and you were done.  Simple.

I hate to burst you bubble, but we are not in the 90's anymore.  Hackers, cybercriminals, and other techno freaks have punched so many holes into virus protection that it has rendered it as a mere annoyance. Cyber criminals have developed numerous end around approaches so they can get past the virus protection and firewalls.  Bottom line is one solution or one protection is no longer enough.  Simplicity gone, sorry.

Remember this Rule: If you make it simple for you, you make it simple for the hacker.

Is Your Business System Protection Stuck in the 90s?  If you answer NO to any of these questions...your stuck in the 90s...

Password Protect Data

• Do you create strong passwords with at least eight characters, mixing in symbols, numbers and uppercase and lowercase letters.
• Do you create unique login information for each of your online accounts.
• Do you change passwords regularly.
• Do you make it a policy to never share your account login information.
• Do you use two-factor authentication processes when they're offered. These require users to sign in with a username and password plus a verification code that's typically sent via text message or displayed through an application on your device.
• Do keep track of passwords with a password manager NOT and excel spreadsheet? (Available as a desktop program or as an app, this tool stores passwords locally and securely, and some even generate unique passwords for you.)

Practice Safe Web Surfing and Cloud Computing

• Do you always back up the data you store in the cloud to a local computer or hard drive?
• Do you update your operating system and/or web browser often to take advantage of security patches and updates.
• Do you invest in anti-virus and malware programs. Do you keep these updated as well.
• If possible, do you customize privacy settings so you control who can view your information and what information they have access to.
• Do you restrict the amount of information you share online. Do you protect sensitive information by keeping it in a separate location with access restrictions.
• Do you avoid directing all password recovery messages to a single address—a practice known as "daisy-chaining." A hacker who gets hold of your email login could gain access to all of your accounts.

Monitoring Removes the Mystery of What is Happening on Your Network

Monitoring Removes the Mystery of What is Happening on Your Business Network

Monitoring is so significant as far as system reliability that even if you didn’t practice maintenance the reliability of your business systems will be noticeably improved.  With monitoring you have an early warning system.  Microsoft has devoted a considerable sum of resources to build into its operating systems “sensors” that detect and record thousands of events occurring on your computer. 

For instance, you can know who accessed a file and when it was accessed.  You can find out what changes were made to your computer system  and when these changes were made. You can know when applications like viruses install on your computer.  Even hardware performance can be monitored for any decrease in performance. There are so many events that can be monitored that the possibilities are practically endless. Even so, in order for this kind of monitoring to be effective, you need to decide what is going to be monitored and enable the monitoring.  Even more important is that someone needs to be paying attention.  What good is computer monitoring if the alarms are blaring and the lights are flashing but no one is paying attention. 

Unfortunately, most small businesses don’t have anyone monitoring their computer systems.  And, certainly, they don’t have monitoring set up or enabled.  This is truly a lost opportunity to vastly improve system reliability.  Wouldn’t you rather be warned that your computer is on the verge of collapsing or would you rather one day come to work and your computer won’t work without any warning?  Monitoring can make that kind of difference!

So, why are most small businesses not monitoring their network and systems?   

Because small businesses hire computer repair techs who make their money by repairing broken computers.  Let’s be honest, if you only pay a computer tech when your computers are broken, what is the financial incentive for the tech to prevent computer problems?…none!  What most small businesses lack, that most larger companies have, is full time salaried computer experts. For large organizations the computer tech’s raises and bonuses are predicated on reducing computer downtime.  If that tech wants a raise, then he better make sure the computers are always up and running.   

So what is the answer for a small business that can’t afford to pay the $90,000.00 salary to get a dedicated salaried computer technology expert who has the incentive to make sure the computers are always up and running?  Here is what you need to do… you need to find a tech support vendor that can be hired on a flat fee basis to do everything including maintenance, prevention and unlimited tech support.  Yes, UNLIMITED TECH SUPPORT is the key!  The unlimited tech support for a flat annual fee means the tech support company has the financial incentive to prevent computer breakdowns.   If the tech support company gets paid a flat fee, then the more computer crashes occur the less per hour the support company makes.  It is like having your very own tech expert on a salary!

So where do you find that kind of tech support company?  

Do an Internet search for “managed services” and you will find one in your area.  How expensive are “managed services”?  Honestly, these kind of businesses do NOT operate like Joe’s Cheap Tech Support.  So, don’t expect to get Walmart prices.  Yes, you may pay more for the expertise they bring.  But, your company will save money in the long run by increased productivity in having computers that work all the time as well as perform better and faster.  And, you get the added bonus of an expert who is on your side.

Reducing IT Costs: Save Money by Managing Change or Change Will Manage You and Your Company

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money

Part Three: Managing Change

Remember the adage that the only thing in life that is constant is change itself.  That adage equally applies to the life of computer systems.  You company’s computer systems are not static.  They are under a constant barrage of change: new Windows updates, application updates, hardware additions, software installations, configuration changes, virus infections, and the list goes on and on.  In the previous Pillar “Variety is the Wrong Spice” I delineated the challenge of reigning in the complexity of hundreds of products and thousands of product configurations and all the unpredictable results of that multitude of combinations.  Now add change to that cacophony of infinite combinations and you have a potential recipe for disaster.  That is why managing change is so important to keeping IT costs under control and assuring system dependability.  

I want to emphasize that your business computer technician needs to “manage” change with YOUR full support.  Computer system changes should NOT be random or ad-hoc.  Employees should NOT be allowed to install software, add games, or change system settings on a willy-nilly basis.  If that is the case, then you have abdicated any semblance of control over your business systems.  It is possible that you have turned over your computer systems to your employees for them to use as their own personal entertainment centers.  And, if you have, then you’ve opened the door to software installations that may cause instability in your business line of applications, hardware additions that may not play nice with your business systems, and an increase incidents of virus infections.  This will increase your business IT costs that may escalate out of control. 

 Document all changes made.  The main reason for this is to assist in any troubleshooting of problems that may have been caused by the change.

So, YOU the business owner have the responsibility of taking back control of your business computers systems.  Stop treating those computers as discretionary gadgets used for entertainment.  Treat your business computers as production line equipment.  You’ve made a significant investment so protect and properly maintain that investment. 

First step is creating a company policy that prohibits employees to install software or make system changes.  That responsibility will fall to designated “system administrators”.  As far as the average employee, what you are doing is removing the responsibility of caring for the computer system and thereby the responsibility for when their computer crashes and all the consequences thereof.  You are allowing your employees to focus on their jobs. And, that is what you are really paying them for…right? 

By limiting the number of people who make any kind of change to your computer systems it is much easier to keep track of the changes that were made and thereby if any change may have caused problems in the system. 

Next step is to set up a systematic approach to making computer system changes by your designated “system administrators”.  

• Schedule the changes on a regular day of the week, or otherwise communicate each time changes are made to the computer systems.  This way all employees can know that day of the week as “Change Friday” and if that employee notices some unintended consequences of the change that escaped testing they can let you know.  Otherwise, the employee may think it is some random happening.If you have standardized your systems, then you can test any new hardware or software on one system.  Then that one system can act like the “canary in the coal mine” before rolling out that change to all systems. 
• If your computer systems are not standardized, then you will need to methodically roll-out changes in groups of computers rather than all at once.  
• It is best to document your Change Management policy.  Even if that policy fits on one page.  That way everyone knows who is responsible for what and sets the appropriate expectations. Then make sure that policy is clearly communicated to everyone who uses the business computer systems.