Westfield Links

About

Bookmark and Share

FeedBurner

  • Enter your email address:

    Delivered by FeedBurner

Subscribe to this blog's feed

Archives

More...

Categories

Blogroll & other links

Hubspot Code

  • Hubspot Code

11 November 2009

3 Ways to Help Avoid Unauthorized Software

Last week at work, I received an e-mail letting me know of a "lost and found" item that I needed to claim.  So I stopped down at the security office thinking, “Hmm ... did I lose something with my name on it? Did someone see me drop my umbrella or something else I wouldn't have missed yet?”

 

Long story short; I had turned in 2 dollar bills found on the ground back in April, and since nobody had claimed it, I was now the owner.  As Earl would say, “Karma did that.”  But this made me think about all of the things people do to cut corners, or take advantage of someone else’s misfortune.  I'm by no means a knight in shining armor, but I try to be as honest as I can. 

 

I thought about this more as I read an article about a virus infecting the iPhone.  The virus only affected the phones which had been "hacked" or modified to run unauthorized software knowingly by the owner.  Many of us have called, e-mailed or asked the big software companies like Microsoft and Apple to protect us from security vulnerabilities, and they've tried, but often people install unapproved software which removes any chance they had at protecting their own information.  The software industry often calls this "Piracy", but in reality it's also hurting the people taking advantage of it in the long run.  Sure you can get access to all the cool new features of a "hacked" iPhone, xbox or any number of other devices, but in the end is it worth losing any or all information on your device, or even voiding your warranty?

 

Sometimes people don’t realize that they are running unauthorized software on their iPhone or other device.  Here are 3 ways to help determine if software is unauthorized:

 

1. Avoid installing packages with the words "Hacked" or "Free", unless they are approved by the company who sells the device.  All too often people create applications without considering the security ramifications. Despite their best intentions, they may be opening you up to some big vulnerability.

 

2. Avoid those e-mails which offer you a link to the latest software download or add-on for your device.  Remember if you didn't request the e-mail, it's probably a scam.

 

3. When in doubt, ask questions and search for answers. Vendors have customer support for a reason; they are often the best resources for those hard-to-find answers.

 

How are you keeping your information safe this holiday season?

Posted by Jake Harris | | Comments (0) | TrackBack (0)

| | | |

04 November 2009

Information Security Concerns in a Pandemic

For a while now, we have been working on the development of a pandemic plan for our company.  Information Technology supports this plan in many ways.  Through the use of technology we can increase the number of employees who can “work at home” and use Virtual Private Networking (VPN) software to remotely connect into our systems to perform their work.  Getting employees out of the office but still having them be productive is a form of “Social Distancing” that can reduce the risk of exposure to disease.

A component of any pandemic plan needs to be communication on what can and can’t be done from an Information Security perspective, even in a pandemic situation.  For example, we only allow company configured machines to connect to our network, even over a VPN connection.  However, not all of our employees have laptops so many, therefore, cannot work at home.   It must be reinforced that information security policy is still policy even in a pandemic, and employees who do not have company laptops must not use email to send documents or data to themselves to work on using their home (or any non-company owned) computer.  This is the same for taking work home on portable USB drives or other media.  Even if you have the best intentions and only want to help your company, you are putting your company at risk of your data being intercepted, copied or lost resulting in a privacy breach.

Why be so paranoid?  Our employees are only trying to be more efficient and effective in a time where 20%-30% of the company might be out sick.  It can't be that bad, right?  Wrong.  A big reason why is “endpoint protection”.  Your company’s endpoints (workstations and laptops) have known, approved and licensed software on them, they have anti-virus software running on them, they are regularly patched for security vulnerabilities and they are free of peer-to-peer sharing software.  Some of your employees' home machines MAY be up to your company’s standards, but what if even one is not?  When your employee is done with their work, are you sure that no backup or temporary files will linger behind?  How many of your employees have children that use the home computer to share music or files?  How about viruses or malware infecting your corporate network once this work is brought back into your production environment?  What if the employee actually loses the USB drive?  Not to mention the risk of a shared or compromised gmail or yahoo mail account.

All of these scenarios can cause data leakage or data loss that can lead to a privacy breach.  According to the most recent Ponemon study that reports on the costs and causes of privacy breaches, “Over 88% of all cases this year involved incidents resulting from negligence.” This leaves only 12% as a result of malicious activity.  This 88% is composed of employees who think that they are doing the right thing, are trying to help and believe that nothing bad can happen.

So, please reinforce to your employees and peers that it is not safe to trust public networks, infrastructure or non-company owned equipment to store or work on company confidential materials.   Even in a pandemic situation were your workforce may be diminished and people are looking for innovative ways to “keep the lights on”, information security policy is still in effect and information security risks, and their consequences, outweigh lost productivity.

Posted by Bill Murray | | Comments (0) | TrackBack (0)

| | | |

06 October 2009

National Cyber Security Awareness Month

“Our Shared Responsibility” is this year’s National Cyber Security Awareness theme. This theme is meant to reinforce that cyber security is not only government and industries responsibilities but each computer users.

By following a few simple steps, you can keep your personal assets and information secure. If each computer user does their part to keep safe, this will improve the overall security cyberspace.

 Listed below are the top tips from the National Cyber Security Alliance on ways to keep you safe online. Additional information on each point can be found at their website http://www.staysafeonline.org/top-tips.

  • Know who you are dealing with online.
  • Keep your browsers and operating system up to date.
  • Backup important files.
  • Protect your children online.
  • Use security software tools as your first line of defense.
  • Use strong passwords or strong authentication technology to help protect your personal information.
  • Learn what to do if something goes wrong.

 While the month of October is National Cyber Security Awareness month, we all need to practice good cyber security all year long.

Posted by Jeff Gibson | | Comments (0) | TrackBack (0)

| | | |

28 September 2009

Shredded documents can be unshredded

Shredding is the ultimate defense, right? Once it's shredded, it's gone!

No longer. It was always vulnerable if your attacker had the shredded chaff and plenty of free time. Think of the shredded embassy documents from the Iranian Hostage crisis of 1979. Those students reconstructed the pages with nothing more than scotch tape and patience. More recently, methamphetamine users have been hired by identity theft ringleaders to do the same thing.

Bill Wilson of the Big I recently found a number of services which make the "unshredding" problem much more manageable. In the Enron case, the government hired ChurchStreet Technology to scan the chaff, then used computer algorithms to piece the documents together. They claim to take the recovery time from hundreds of hours down to mere minutes. It's expensive but not terribly complicated. And your trash is in the public domain - anyone can take it back out of the dumpster without breaking any laws.

So how do you fully protect your waste paper from those ID thieves with too much time on their hands?

  1. If you're still using a strip-cut shredder, get rid of it now. Upgrade to a cross-cut that chops the paper into very small bits of chaff.
  2. Feed your pages into the shredder vertically, that is, with the words perpendicular to the shredder blades.
  3. Don't have unusual-colored paper. Or if you do, shred enough of it that it can't be easily picked out. The rule in the army used to be no less than 20 sheets of any given paper type in each shred "lot".
  4. Stir the chaff before disposal. A careful attacker could exploit the fact that pieces from the same document tend to come out of the shredder close to each other and remain so in the waste bag. A few quick stirs can randomize the chaff and make reconstruction much harder.
  5. Send the chaff to a paper recycler. Even the best reconstructors can't bring a page back after it's been turned into new paper pulp. Of course, you have to be sure that your waste isn't intercepted before it hits the recycler but there are several bonded shredding companies that will do that for you.

How much is enough? It depends on who's out to get you. For most home users and small businesses, one and two are probably enough. If you really have something to hide, consider three and four and look into five when your shredding contract comes up for renewal. Find the right balance, remembering that identity theft is real but that most of us are not dealing with DoD nuclear secrets.

Bill Wilson publishes a bi-weekly newsletter filled with useful information including a technology column in almost every issue. His target audience is an independent insurance agent but many of his topics are applicable to any small business owner. If you're not subscribed already, I recommend looking them up.

Posted by Mike Rossander | | Comments (0) | TrackBack (0)

| | | |

Next »