Navigating the I.T. Minefield » Security

Fakeware – Be Aware!

admin — Fri, 19 Feb 2010 16:12:02 +0000

Fakeware (fake security software) is a popular security attack. The virus, trojan or spyware masquerades as software that is useful, trying to help you protect your computer. Its headline looks official. You will see a pop-up saying something like this: “Your computer is infected. Would you like to remove these infections?” It might even show a list of infected files to get your attention.

Of course! You click YES. The next thing you know, windows are popping up all over the place saying your computer is infected. When you try to launch your browser it takes you to a malware site seeking to extract a payment. At that point you really are infected.

The version my clients have seen uses the title XP Antispyware 2010 (last year it was 2009). Titles can change. The first question you should ask is “Did this message come from my security software?” If you are running AVG, Norton, McAfee or whatever, the pop up message should have their banner. If the answer is NO, try to close the popup window. Call your support professional.

How did this virus sneak past security? It didn’t. It happens when you visit a website that is infected or has a malicious intent. The fakeware launches through a pop-up window that suggests you need to take action now.

What can you do to prevent this problem?

Block popups in your browser.
Be wary of websites you visit. If a deal that attracted you is too good to be true, it probably is.
Don’t click on links from people you don’t know.
If your business can afford it, invest in hardware and software that will limit the websites you and your employees can visit. I know that sounds harsh, but many of the infestations come in because people are just surfing the web.

What if you become infected? In this case, we downloaded free software from Malwarebytes which cleared the infection. Understand, that once your browser is compromised, you won’t be able to download a solution. Just turn off the computer and call for help.

The lesson: Be wary of the websites you visit. Not all of them are as friendly or as innocent as they seem.

Wishing you safe passage through the I.T. Minefield!

___________________________________________

Small business security is discussed in greater detail in Navigating the I.T. Minefield – Straight Talk for the Small Enterprise.

Leslie Knight is a small business consultant with over 20 years of experience in Information Technology management in Fortune 500 companies. She applies her experience in Corporate America saving them millions to smaller entrepreneurial enterprises. She is also the author of Navigating the I.T. Minefield. If you’d like to purchase a copy, please visit http://bit.ly/SNL4W.

6 Steps to Prevent Software Piracy in Your Business

admin — Sat, 31 Oct 2009 04:52:20 +0000

If an auditor were to walk into your business, could you prove that all of the software in your business has been purchased legally? Are you certain all of your software is legal? According to the Business Software Alliance (BSA) software piracy results in $47.8 billion in losses to the software industry each year. The fine for piracy could be as much as $150,000 paid to the vendor. Can your business afford that fine?

Software is protected by U.S. copyright law. You are allowed to create a copy of software for disaster backup and recovery purposes, but that’s about it. Piracy occurs when more software licenses are in use than were purchased. Sometimes the piracy is innocent; an employee wishing to help you out brings software from home or purchases the software at a great price from someone who appears reputable, but isn’t. It also occurs when an employee takes software you paid for to their home or another company.

As a small business, you don’t need to invest in expensive infrastructure to prevent software piracy. Here are a few simple things you can do:

1) Communicate and enforce the company policy concerning software purchasing and installation.

2) Lock down employee computers to prevent unauthorized software installs.

3) Store all software installation discs in a secure place to prevent them from walking out the door.

4) Centralize software purchasing and installation.

5) Maintain a software asset inventory. It can be a pencil and paper list of who has what software installed, when it was done, etc.

6) Conduct an annual software audit. In a small environment, this isn’t too arduous. Simply compare the software asset inventory to each computer in the business. If you find discrepancies, resolve them.

Each of these steps could be a complete post. There are other steps you can take the more sophisticated your IT environment. If you need help, check with your IT service provider or the BSA.

Wishing you safe passage through the IT Minefield!

____________________________

This topic is discussed in greater detail in Navigating the I.T. Minefield: Straight Talk for the Small Enterprise. To purchase your copy, please visit http://bit.ly/SNL4W.

4 Steps to Secure Your Wireless Network

admin — Sat, 17 Oct 2009 21:53:37 +0000

Wireless networks are so simple to install. No holes to drill in the walls. No cables to run through the walls or ceiling. Just install wireless network adapters in the company computers, pull the wireless access point or router out of the box, follow the directions and poof…you have a wireless network in your office. Then you go to each computer in the office and connect it to the network and voila, you’re wireless.

If you or your I.T. service provider installed your network using default values, you are vulnerable to an attack by a freeloader (someone who just doesn’t want to pay for wireless access) or an eavesdropper (someone who just wants to show they can access your network). These intruders drive around neighborhoods and business areas looking for unprotected wireless networks. They are generally not malicious, but if enough of them access your network, it will slow down your network. Many other intruders are malicious and they will take your network and business down.

Why are you vulnerable to attack? The default values are widely known and easily available to anyone with internet access. Don’t believe me? Do a google search on your favorite hardware provider (e.g. “Linksys default SSID”). To secure your wireless network, change the default settings to a unique value for the following 4 areas:

- Administrator id and password. Most networks have a web based interface which is easily accessible to a hacker. If a hacker knows your admin id and password they can access your network and lock you out. Save the new id and password in a safe place. Don’t lose them.

- SSID. The SSID identifies the name of your network. Choose a unique name.

- SSID Broadcast should be set to “No” or “Off”. Broadcasting the SSID makes it easy for friendly computers to find your network. However, it also makes it easy for the intruders to find.

- Encryption Keys. All access points use some type of encryption to protect your data transmissions. The easiest way to change a key is to come up with a passphrase (similar to a password) and allow the software to generate a new encryption key. You will share the passphrase with users you wish to allow access to your network. Since all computers have the same encryption methods, a new computer will be able to generate the same new encryption keys.

If you’re uncertain about these settings, contact your I.T. service provider or the person who installed your network for assistance.

Wishing you safe passage through the I.T. Minefield!

__________________________________

This topic is discussed in greater detail in Navigating the I.T. Minefield: Straight Talk for the Small Enterprise. To purchase your copy, please visit http://bit.ly/SNL4W.