Tag Archives: It’s

Small Business Security – It’s A Serious Business

Posted on by
Reply

People who own and run small businesses may have been overlooked in the past. Not attracted to the big budgets and sophisticated requirements of big business, the security industry has not focused on providing small business security. Small businesses had to settle for inappropriate and overpriced security that resembled home security systems.

But there’s good news. Leading security industry manufacturers and providers are paying attention now. They’re beginning to understand that the unique needs of small business security require tailored security measures and systems.

Small business security does have one advantage. Needing smaller staff and experiencing less turnover than large businesses, small business’s risk for in-house theft is significantly less, reducing the need for inventory tracking and video monitoring for break rooms and storage areas. But small businesses still face serious risks for theft, vandalism, and violence.

Small business security needs are in many ways like those of corporations and individual homeowners. Common-sense security measures are important. Things like removing potential hiding places for would-be thieves by eliminating blind spots on building exteriors is a basic preventive measure. Lighting the building, inside and out, makes it possible for people outside the building to observe criminal activity at night and when the business is closed. Keeping entry points clear of obstructions and shadows is important to safety and security. Installing locks with security codes for individual employees prevents entry by unauthorized people.

Exterior lighting is not only important for security. It’s an important way to prevent injuries to customers and to prevent crimes against both customers and employees outside the building. Liability insurance is a significant expense, and good exterior lighting can qualify small businesses for discounts and insurance savings. So in a way, liability insurance is a good small business security measure.

Every year, small businesses lose billions of dollars to preventable theft and vandalism. Monitored commercial alarm systems are an inexpensive and effective way to protect your small business. They’re easy to install in less than a day, and they’re easy to operate. A good small business security system will include control panels, security keypads, glass break sensors, window and door contacts, motion detectors, and sirens. Systems can be hard-wired or wireless. They can include loud immediate alarms or silent alarms that alert law enforcement without interrupting ongoing business. They can have add-ons like fire alarms and video surveillance. You can get a back-up system to assure your small business security needs are covered at all times.

If you haven’t already done it, you should ask a security professional to inspect and assess your small business for vulnerabilities and ask for a proposal that addresses them. Inherently more vulnerable to financial losses, there’s no such thing as too much security for a small business. An expert in the field can help you identify your small business security needs and create a plan that both meets your budget and makes your small business more secure.

When shopping for a small business security system provider, there are a few basic ways to select the best one for your needs. First, you should always talk to more than one company. Three or four reputable vendors is a logical choice that produces competition and gives you a variety of ideas and options. They should be willing to come to your business for face-to-face meetings. Be sure to get the proposals and price estimates in writing, and make sure the proposals are complete, including monthly charges, set-up and installation fees, and warranties. Find out if they offer training for you and your staff. Once you’ve made a commitment, review the contract very carefully to make sure it includes all the options you discussed with them.

The small business security specialist can analyze your physical layout, your internal procedures, and your vulnerabilities to help you come up with a comprehensive plan.

Abhishek is a Home Security expert and he has got some great Home Security Secrets up his sleeve! Download his FREE 104 Pages Ebook, “Home Security Made Easy!” from his website http://www.Survival-Today.com/116/index.htm . Only limited Free Copies available.

What Everybody Ought to Know: It’s No Longer Enough to Install Off-the-shelf Security Software

Posted on by
Reply

Think about this: You had problems with your computer in the past. Now you want to insure that those little annoying nuisance, pests, threats, and risks from hackers and spyware don’t hide in your computer any more. So, you load up your computer with all the free and off-the-shelf security software you can find. Now, as your confidence rises, you think that your computer is as impenetrable as the gold at Fort Knox.

Wrong!!!! You have been fooled into thinking that your computer is fully protected.

Now think about this: With all the options available to you, how do you know which one offers the best protection for you, your family, or your business? Here are some questions you need to consider:

* Are you a trained computer and Internet security expert?

* Do you know exactly which security software is compatible with your system?

* Do you have the time to continually research all the latest security technologies?

* Do you know exactly which software you should install and which ones should not?

* Once installed, how do you keep the different software programs updated? In fact, how often are they updated: daily? weekly? biweekly? monthly? Are the updates free. And if so, for how long?

* If you encountered a problem that your installed security software could not fix, or you simply had a question, would you have access to free, live technical support?

* If not, what would it cost you? Would it be a one-time fee? Would it come with a warranty period? And what would it cost you when the warranty expires?

By now, I’m hoping that you’re beginning to see why it is not enough any longer to install off-the-shelf security software. There is a better option! You need a revolutionary full security service package that gives you peace of mind because its software programs work together, its technical support is always live and free, and its comprehensive $25,000 personal identity theft insurance comes with a recovery service at no additional cost.

Why you need a comprehensive security service package: The Internet-based attacks on your personal privacy and security continue to worsen year after year. The future of Internet security is gloomy ¬ and it takes an extremely dedicated and savvy computer user to find the right mix of security programs and stay current with the newest threats. Internet security is not a one-time event. You cannot simply install security software on your PC and then forget about its safety and security, and ultimately, the safety and security of your family, home, and business. Internet safety and security require an ongoing, time-intensive process with a fairly high level of expertise and vigilance.

Why you need a team of security experts on your side: Do you want to be an Internet security expert? If you are like most people, you neither want to nor have the time. You don’t want to worry about staying current with the latest technologies. You can’t possibly keep up with the all the new threats coming at you almost daily because you have better things to do with your time. Instead, most people end up relying on the opinions and recommendations of more knowledgeable friends and family members for their security needs and hope nothing bad happens. But is that the best and safest strategy?

To get maximum protection for your PC, you need an Internet security expert on your side. Better yet, you need a team of experts making sure that you, your family, and your business are always safe and secure. You need to find your own personal team of experts to rely on. If you ever have a security problem, you want a trusted expert you can call for professional answers and solutions without any hassles and extra costs! As time goes on, it will become even more critical than it is today.

The best protection you can have in today’s rapidly changing world of cyber-attacks is to have expert support for all your Internet security needs. Hackers will likely always be one step ahead of law enforcement and the security industry itself. Software-based protection alone, as you can see, is not enough anymore.

Of all the Internet users who have anti-virus software on their computers, 85% of them had computers that were subsequently infected with a virus or worm! Have you ever had a virus you couldn’t get rid of? Has your computer acted funny or has it slowed way down due to a massive spyware infestation? Then you see and know how dangerous and damaging these threats and risks are!

Unfortunately, for consumers seeking security and privacy protection with brand name solutions will find two extremes – complex systems they cannot afford or properly maintain, or consumer-grade technology that doesn’t provide adequate protection. If they do find something that fits their budget, it will likely have only a part of what is needed to truly protect a computer, and it won’t include free expert support and a security guarantee.

Caution: Don’t be lulled into a false sense of security thinking that the anti-virus software that came with your computer is enough protection. Off the shelf anti-virus software does not always protect you from hackers, spyware, remote access tools, Trojan horses, password crackers, keystroke loggers, identity theft tools, Microsoft security holes, hybrid viruses, and much more. And most people let their anti-virus program expire thereby losing protection from everyday viruses and worms.

To be fully protected, you will need:

* at least five layers of overlapping security technologies and services to create a virtual fortress for your PC. Most off-the-shelf and free software offer two, or three at the most, programs. But are they overlapping when they work and when they update?

* desktop firewall to lock out hackers and other unauthorized intrusions and shield your PC from unauthorized communication both to and from your PC, making your PC virtually invisible to hackers and other intruders randomly scanning the Internet for vulnerable PCs;

* world-class anti-virus protection, including 24/7 scanning and certification that your incoming and outgoing e-mails attachments are virus-free — plus scanning of all removable media such as CDs, Zip disks, portable hard drives, and floppies;

* anti-spyware that continuously monitors, detects, and eliminates all forms of spyware, hacker tools, and malware from your PC including malicious spyware tools, adware, browser hijackers, search hijackers, keyloggers, ghost spammers, remote access tools (RATs), back doors, and many other illegal programs and applications that breach your privacy and security;

* patch management that will automatically find and fix security holes and other dangerous vulnerabilities in your computer’s operating system and software programs that hackers use to break into your computer;

* security alerts that warns you of brand new viruses, worms, and other security threats as they emerge – including specific recommendations of what to watch out for and how to avoid getting attacked to keep your privacy secured and your PC safe; and to wrap it all together,

* premium technical support that offers free unlimited expert technical support for any security related problems or issues with options to include online access to Frequently Asked Questions (FAQs), User Guides, Email Support Hotline, and live, expert telephone support by highly trained technicians.

Although the Internet basically provides a positive and productive experience, cyber-attacks against our personal privacy and security are reaching epidemic proportions. These attacks are occurring in our own homes and businesses. Our own computers are being used are being used as zombies to attack other people, businesses, and even our nation itself. As an average Internet user, you may not be aware of these threats nor have any idea about the dramatically increasing risks you face when connected to the Internet.

On a campaign for internet safety awareness and protection, my mission is to bring critical awareness to individuals, families, and small business owners, and to provide access to the necessary tools and ongoing expertise to secure your computer and help you stay protected.

I invite you to join the many thousands of others who have tested their computers, discovered these threats are real, and taken the necessary steps to protect their computers, their families, and their businesses.

Now that you have become aware of these issues, I encourage you to share this vital information with your families, friends and communities. Together, we can reach many millions of people and inform them about the threats to their privacy and security, and help them get the protection they desperately need.

Remember: When you say “No!” to hackers and spyware, everyone wins! When you don’t, we all lose!

© MMVII, Etienne A. Gibbs, MSW, Internet Safety Advocate and Educator

Etienne A. Gibbs, Internet Security Advocate and Educator, consults with individuals, small business owners, and home-business entrepreneurs about online protection (including free lifetime technical support and $25,000 identity theft insurance and recovery) against spyware, viruses, hackers, and other pc-disabling cybercrimes. For more information, visit www.SayNotoHackersandSpyware.com/.

It’s All About People, Process, and Technology. Technology is Dead Last in the Order of Importance When it Comes to Security

Posted on by
Reply

The recent and explosive growth of the Internet and technology has brought many good things such as e-commerce, collaborative computing, online markets and new avenues of sharing and distributing information. But each side has its counterpart, and with the technological advances came hackers. With this dark side and the many security breaches that are associated with it, companies, governments and individuals are afraid of hackers breaking into their servers or networks, stealing valuable data, collecting passwords and intercepting financial and credit card information.

And many times this can become reality. Recently, there has been a flurry of security breaches among large organizations such as Western Union, that reported a security breach on their Web site that let loose the credit-and debit-card information for 15,700 customers. Another recent hacker case is a 16-year-old youth, who admitted hacking into military and NASA computer networks. His activities caused a three-week shutdown of NASA’s systems and a security breach of a military computer network which protects against conventional, biological, chemical and nuclear-weapon attacks. That’s just a small sampling of actual hacks. Most industry watchers agree that only a handful of security breaches are ever reported.

For a long time, most computer network crackers hacked a system for the same reason: “Because it’s there.” But that’s no longer the only reason or even the dominant one. More hackers now do it because “It’s where the money is.” In the past decade, hackers have changed from script kiddies who hacked websites and spread worms to professionals sponsored by foreign governments and organized crime. Modern hackers want more than infamy. They exploit new technologies to crack systems or hack into computer systems and hold data for ransom. Hackers today commit real crimes, sometimes for significant financial gain.

To safeguard themselves from the modern hackers, most companies and government agencies that want to uncover network and system security vulnerabilities have two choices: they can hire a team of penetration experts to scan and probe their systems and uncover their vulnerabilities, or they can wait for a malicious hacker to come by and exploit them. Unfortunately, many times it is the latter. A security analysis or penetration test, performed by a security consultant, would produce a report or security posture assessment, detailing all vulnerabilities found and the actions needed to remedy them and minimize the risk of being the victim of a successful hack attack.

The security consultant or penetration expert can be a “white hacker”, someone who uses ethical hacking to discover vulnerabilities within a network or a reformed “black hacker”, who once was an active part of the dark side and used to exploit the identified security holes. The subject of whether it is ethical to use former hackers to evaluate a network’s security is a topic that is often hotly debated – and for many reasons.

Ethical hackers or security consultants typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. Their base knowledge and expertise is augmented with detailed knowledge of the hardware and software, project management skills and methodology which are necessary for the actual vulnerability testing, as well as when reporting after the test was performed. In addition to that, ethical hacking seminars, courses and certifications are being offered to IT professional to broaden their horizon and skills in these fields. But many times these hacking courses and seminars only provide a very limited insight, outdated hacking or only basic hacking techniques. Their main purpose is to educate professionals but not to create a new generation of hackers. The goal is to fill security holes, not exploit them.

A disadvantage that white hackers or security consultants have over hackers is the real world experience and the insight knowledge. There are many things that cannot be taught in a seminar or learned from a book. The most obvious advantage former hackers have, is the real world hacking experience. As each network system differs based on various network defenses and configurations, the hack approach will be unique and only someone with plenty of real world hacking experience can efficiently go from using one technique to another as required by the present situation.

Another positive aspect of hiring reformed hackers as security consultants is that staying up on the latest security exploits, vulnerabilities and countermeasures is part of their job. A good hacker has a level of security knowledge that goes far beyond that of most other IT professionals. Keeping up with the latest exploits and countermeasures is a full time job and although the IT professional has an acceptable level of security knowledge, they must focus most of their attention on the day to day responsibilities of keeping the network up and running. To make up these “deficiencies” many white hackers and security consultants rely on automated and commercial vulnerability and penetration software, that can provide needed security reports, but their functions are limited. The huge differences can be seen when comparing the results from an automated scan and a hacker assessment or professional penetration test.

But before a company makes the decision to hire a reformed hacker, one needs to evaluate the negative sides. Certainly there are several types of hackers that can be found. One kind oft them are the “gray hats” – the unpaid tinkerers who find flaws to improve security for everyone. They are the best hackers, because their passion for tinkering drives their excellence and they do not break the laws. The black hat hackers – the criminals – break the law and feel justified doing it. They are the kind of hackers who seek to increase their fame in the hacker community, while others want to prove at any cost that their targets’ security is vulnerable. Black hats wreak havoc not only by their own actions but also by drawing attention to weaknesses that they and cybercriminals can exploit. The last and worst kinds of hackers are the cybercriminals, who perpetrate the worst crimes. They are paid to use existing tools and techniques to steal confidential personal, government or industry information, and particularly financial data. Cybercriminals usually work for foreign governments, organized crime or independently.

The probably biggest negative in the decision making process is trust. Which hacker will you hire and how much can you trust them? The main premise of security is deciding who you trust and then locking out everyone else. When hiring a hacker as a security consultant, because of network’s security concerns, paradoxically the trust goes to the criminal. Not only is it the trust factor that plays a major role in the decision making process but also the impact the decision might have on customers and shareholder. How will the customers react, if they knew a former criminal was hired to test the security of a system or database that contains all personal and financial information? Someone with a questionable morale and judgment, is not someone who should have control of a corporate network with sensitive data. In most cases hackers, and that is what makes them hackers, do not appreciate or respect standard business processes and structures. A disgruntled hacker with inside knowledge of a company’s networks could create a nightmare scenario.

Hackers are like adventurers, motivated by intellectual curiosity. “The more secure you make your systems, the more you attract them. The hacker mind-set is like exploring space, except they’re exploring the network. If that essential curiosity on finding out how things work, which is what causes people to be hackers, goes away, then you don’t necessarily want that person as a hacker or security consultant. However, just because a hacker has the desire and capabilities to explore a network, does not necessarily make them prepared to build a secure network and fix identified vulnerabilities. Breaking into things, does not always mean knowing how to fix them. These are two different skill sets. Once security threats have been identified, these need to be communicated including the potential business processes affected by the vulnerability, along with a list of impact assessments and countermeasures. Besides technical knowledge, the hacker will need to have experience in business processes and management, to relay his findings to the company.

Another hey factor to consider before making a decision who to hire as a security consultant, is to know that no computer system is ever completely secure, especially when considering the human factor. Spending astronomical amounts of money pursuing total security, by hiring security consultants and eventually becoming dependent on them, is not going to help. Some corporations in some industries must guard against intrusions from tech-hungry foreign governments – in particular China, France, Israel, Japan, Germany and Russia – that converted their cold-war spy machinery into “economic espionage” units, but that does not apply to all businesses. A realistic set of goals of what to expect from a security consultant need to be set first.

But no matter what the decision is and if the company hires a professional security consultant or a reformed hacker, the real threat will be still there. Any hacker, who wants to exploit a system will always try to use the path of least resistance. This path of least resistance is often through the front door. The front to door can be “identified” as the area over which businesses may have the least control: people. People are the weakest but first link when it comes to security. With good social engineering skills and not very well trained employees, disgruntled workers and ex-employees, a hacker can get enough information to access a system, insert malicious codes that contain keystroke and network sniffers and other means to collect information. The hacker just “exchanged” his keyboard with social engineering. And this is a part of security where a highly educated security consultant or a reformed hacker will not be able to help you.

Ms. Deckwerth has over a decade of experience in IT security and regulatory compliance both in the U.S. and EU. Her work has included the audits and IT security of private companies, public companies and NATO and government organization as well as implementation of ISO and NIST. Her professional experience encompasses regulatory compliance with HIPAA, Sarbanes Oxley, PCI, GLBA, and NATO/DoD requirements.

Mrs. Deckwerth holds an M.S. in IT Management and is currently pursuing a PhD in IT Security from Touro University and speaks six languages.