Of course! You click YES. The next thing you know, windows are popping up all over the place saying your computer is infected. When you try to launch your browser it takes you to a malware site seeking to extract a payment. At that point you really are infected.

The version my clients have seen uses the title XP Antispyware 2010 (last year it was 2009). Titles can change. The first question you should ask is “Did this message come from my security software?” If you are running AVG, Norton, McAfee or whatever, the pop up message should have their banner. If the answer is NO, try to close the popup window. Call your support professional.

How did this virus sneak past security? It didn’t. It happens when you visit a website that is infected or has a malicious intent. The fakeware launches through a pop-up window that suggests you need to take action now.

What can you do to prevent this problem?

• Block popups in your browser.
• Be wary of websites you visit. If a deal that attracted you is too good to be true, it probably is.
• Don’t click on links from people you don’t know.
• If your business can afford it, invest in hardware and software that will limit the websites you and your employees can visit. I know that sounds harsh, but many of the infestations come in because people are just surfing the web.

What if you become infected? In this case, we downloaded free software from Malwarebytes which cleared the infection. Understand, that once your browser is compromised, you won’t be able to download a solution. Just turn off the computer and call for help.

The lesson: Be wary of the websites you visit. Not all of them are as friendly or as innocent as they seem.

Wishing you safe passage through the I.T. Minefield!

___________________________________________

Small business security is discussed in greater detail in Navigating the I.T. Minefield – Straight Talk for the Small Enterprise.

Leslie Knight is a small business consultant with over 20 years of experience in Information Technology management in Fortune 500 companies.  She applies her experience in Corporate America saving them millions to smaller entrepreneurial enterprises. She is also the author of Navigating the I.T. Minefield.  If you’d like to purchase a copy, please visit http://bit.ly/SNL4W.

Hardware appliances can reduce the possibility of infections by eliminating spam and blocking website access. However, protection also includes putting policies and procedures in place to govern usage of company computers and network.

Whether you have two company computers or twenty you should establish policies for:

1. Personal Web Surfing. Do you want your employees checking out porn or a new job or shopping for lingerie on company time? Some of these web sites are also the source of viruses that will infect your computers. An ounce of prevention is worth a pound of cure.
2. Personal emails. Personal emails are another source of viruses. Their friends and family may not have strong anti-virus protection. Do you want them infecting your business computers?
3. Non-employee use of company resources. Do you want your employees’ children using your computers or network? What will they expose your business infrastructure to when they visit their favorite websites?
4. Taking home company data. What data should you allow to leave the office, if any? Keep in mind that it is easy to lose a USB flash drive. If you want to allow employees to take work home, what type of encryption should be used to protect the data if the drive becomes lost?
5. Downloading and installing non-business software. Non-business software consumes the limited resources of your computer, particularly memory. This software can also be a source of viruses and other malicious attacks.

Think carefully about the access you want to grant to yourself and your employees. Seek your employees’ input so that the policies protect the company without hindering their ability to conduct company business. Then set the policy. Communicate it. Work with your I.T. service provider to establish it. Enforce it.

As the owner, you need to set the example for your employees, adhering to company policies and procedures. You also need to enforce company policies, even if the violators are members of the family. If you don’t enforce them equally, then expect your employees to ignore the policies and procedures as well.

Wishing you safe passage through the I.T. Minefield!

__________________________________

This topic is discussed in greater detail in Navigating the I.T. Minefield: Straight Talk for the Small Enterprise. To purchase your copy, please visit http://bit.ly/SNL4W.

Leslie Knight is a small business consultant with over 20 years of experience in Information Technology management in Fortune 500 companies.  She applies her experience in Corporate America saving them millions to smaller entrepreneurial enterprises. She is also the author of Navigating the I.T. Minefield.

Gone. Without a trace.

Laptop theft is more prevalent than you might realize, particularly doing the holiday period. All you (or an employee) have to do is turn your back for a few seconds and a backpack or briefcase will disappear. Sometimes after you’ve done everything right to secure your laptop it will still be stolen. Your data (company/personal financial information, sensitive communications, client communications, and intellectual property) are now exposed to the world. What can you do to protect yourself?

1)      Set passwords for accessing the computer. Make it hard for the thief to access the accounts on your computer. Some laptops come equipped with a finger print scanner…consider using it.

2)      Set passwords for accessing documents with sensitive information. In Office 2007, you can do this by selecting the Prepare Option, Encrypt Document.

3)       Encrypt your data. You can purchase a separate program that will encrypt data on your hard drive, separate and apart from what is available in MSOffice.

4)      Backup company data to a remote site. If the only copy is on a laptop, you’re in trouble.

5)      Install a program such as Laptop Lojack. There’s a chance you might be able to get your laptop back.

If your laptop is stolen and you didn’t take any preventive measures, then invest in LifeLock or one of the other identity theft protection products.

All it takes is a few minutes and a little forethought to save yourself a lot of future pain.

If you have questions, contact your favorite IT service provider or feel free to DM me @ITMinefield on Twitter.

Wishing you safe passage through the IT Minefield!

___________________________________

This topic is discussed in greater detail in Navigating the I.T. Minefield: Straight Talk for the Small Enterprise. To purchase your copy, please visit http://bit.ly/SNL4W.

Leslie Knight is a small business consultant with over 20 years of experience in Information Technology management in Fortune 500 companies.  She applies her experience in Corporate America (saving them millions) to smaller entrepreneurial enterprises. She is also the author of Navigating the I.T. Minefield- Straight Talk for the Small Enterprise.

Software is protected by U.S. copyright law.  You are allowed to create a copy of software for disaster backup and recovery purposes, but that’s about it. Piracy occurs when more software licenses are in use than were purchased. Sometimes the piracy is innocent; an employee wishing to help you out brings software from home or purchases the software at a great price from someone who appears reputable, but isn’t. It also occurs when an employee takes software you paid for to their home or another company.

As a small business, you don’t need to invest in expensive infrastructure to prevent software piracy.  Here are a few simple things you can do:

1)      Communicate and enforce the company policy concerning software purchasing and installation.

2)      Lock down employee computers to prevent unauthorized software installs.

3)      Store all software installation discs in a secure place to prevent them from walking out the door.

4)      Centralize software purchasing and installation.

5)      Maintain a software asset inventory. It can be a pencil and paper list of who has what software installed, when it was done, etc.

6)      Conduct an annual software audit. In a small environment, this isn’t too arduous. Simply compare the software asset inventory to each computer in the business. If you find discrepancies, resolve them.

Each of these steps could be a complete post.  There are other steps you can take the more sophisticated your IT environment. If you need help, check with your IT service provider or the BSA.

Wishing you safe passage through the IT Minefield!

____________________________

This topic is discussed in greater detail in Navigating the I.T. Minefield: Straight Talk for the Small Enterprise. To purchase your copy, please visit http://bit.ly/SNL4W.

Leslie Knight is a small business consultant with over 20 years of experience in Information Technology management in Fortune 500 companies.  She applies her experience in Corporate America saving them millions to smaller entrepreneurial enterprises. She is also the author of Navigating the I.T. Minefield.

If you or your I.T. service provider installed your network using default values, you are vulnerable to an attack by a freeloader (someone who just doesn’t want to pay for wireless access) or an eavesdropper (someone who just wants to show they can access your network). These intruders drive around neighborhoods and business areas looking for unprotected wireless networks.   They are generally not malicious, but if enough of them access your network, it will slow down your network.  Many other intruders are malicious and they will take your network and business down.

Why are you vulnerable to attack? The default values are widely known and easily available to anyone with internet access.  Don’t believe me? Do a google search on your favorite hardware provider (e.g. “Linksys default SSID”). To secure your wireless network, change the default settings to a unique value for the following 4 areas:

-          Administrator id and password. Most networks have a web based interface which is easily accessible to a hacker. If a hacker knows your admin id and password they can access your network and lock you out. Save the new id and password in a safe place. Don’t lose them.

-          SSID. The SSID identifies the name of your network.  Choose a unique name.

-          SSID Broadcast should be set to “No” or “Off”. Broadcasting the SSID makes it easy for friendly computers to find your network. However, it also makes it easy for the intruders to find.

-          Encryption Keys.  All access points use some type of encryption to protect your data transmissions. The easiest way to change a key is to come up with a passphrase (similar to a password) and allow the software to generate a new encryption key.  You will share the passphrase with users you wish to allow access to your network. Since all computers have the same encryption methods, a new computer will be able to generate the same new encryption keys.

If you’re uncertain about these settings, contact your I.T. service provider or the person who installed your network for assistance.

Wishing you safe passage through the I.T. Minefield!

__________________________________

This topic is discussed in greater detail in Navigating the I.T. Minefield: Straight Talk for the Small Enterprise. To purchase your copy, please visit http://bit.ly/SNL4W.

Leslie Knight is a small business consultant with over 20 years of experience in Information Technology management in Fortune 500 companies.  She applies her experience in Corporate America saving them millions to smaller entrepreneurial enterprises. She is also the author of Navigating the I.T. Minefield.