Cyber security Tips

Viruses, Spyware, Malware. What do all these have in common? They all wreck havoc on a computer or worse your network. The most important thing is protection from these infections.

I am going to go over 3 software products M86Security, Malwarebytes, and Spywareblaster. I use all three in the field and all three work very well in preventing and securing your PC from infections.

M86Security

M86Security is great product that works with Internet Explorer, Firefox (Firefox 3.x and 4.0), and Google Chrome (Version 10). There is not much to configure on this product. In fact there are only 3 options after you install this product.

Show unsafe/red URLs only

Allow access to unchecked URLs

Add check icons to Email

By default the last two are checked in the box above but I normally check the top option "Show unsafe/red URLs only" This will just flag the bad links so it doesn't fill your web page full of green check marks. Check out the screen shots the website.

Malwarebytes

Malwarebytes by far is much better than Spybot will ever be. Some people swear by Spybot but I have came to the conclusion that Malwarebytes does a far better and more thorough job. Malwarebytes seems to find things that Spybot can't. Screen shots of Malwarebytes are on the website.

The free version does not have the ability to auto update and schedule a scan. Nor does it have the ability to run in memory. But the cost to enable this functionality and upgrade to the PRO version is worth every penny at 25 bucks with no subscription requirement.

Spywareblaster

Javacool Software's Spywareblaster is one of the most clever and simple products ever designed. It not only works on all the major web browsers but it will prevent you from going to those sites that are infected with spyware. The free version does not have the ability to update automatically but works just fine if you remember to update it at least once per week. But should you desire to purchase the autoupdate feature you can get a yearly subscription for 10 bucks a year. There is a network version of this product as well for a reasonable cost if you use it fore a business. This software product will prevent you from getting most spyware, adware and browser highjacks.

The importance of PC security should never be overlooked and taken for granted. Taking shortcuts will get you in to trouble really quick, especially in this day and age where information is vital and those that have the most information wins.

With Blue Springs computer repair True Technologies is an important part to securing your PC's both business and private. Malware, spyware and virus protection is vital for protecting your PC and vital information.

Cafeterias, malls, bars and many other such places offer to its customers free internet access. So most of these customers carrying laptops, smartphones or tablets, use the offered free Wi-Fi network to check their mailboxes, chat, surf, even work online connected to their office's network ignoring the enormous security risks provided.

Just to be informed, Wi-Fi free access networks are usually the favorite place for malicious users, who would try to use all their available tools and techniques in order to obtain confidential data, credentials, files, personal information and anything else they are willing to get from your PC.

We suggest to keep in mind the following 6 practices when connecting to your e-banking account or while writing your genius business plan at the local cafe:

You thing you are secured?

Think of Wi-Fi hot spots as the most unsecured connections. You may find yourself sitting next to a hacker while trying to pay your bills! It is very easy for a malicious user to steal data from your PC even the whole hard-disc.

Be encrypted

More and more sites use HTTPS protocol in order to encrypt the activity of their users. So any actions made on that site are confidential. Always look for a padlock in the address bar, or simply check the URL for HTTPS.

Use the security tools

Nowadays all the operating systems have built-in security features that you should take advantage of, if you are not using other security software. Enable your firewall through security settings and check off "Block all incoming traffic." By enabling this setting you will keep most of the malicious users out of your system. Disabling file sharing is also an important security measure.

Password protection

Malicious users are able to retrieve saved passwords from your Registry or install keyloggers, which make your keyboard activity available to them (including passwords you type in). You could easily install something like LastPass, a browser add-on that stores your passwords in the cloud. By using something like this, you'll never have to type a thing and passwords won't be saved on your computer.

Be aware of the name

Fake network names are very common. Hackers create false networks by using attractive names to lure the victim in. Always ask the employees of the cafeteria to confirm the name of their network.

Be smart

There is only one rule if you cannot remember all of the above. All open networks are dangerous. Of course this is not true but if you thing like this you will be able to avoid serious problems.

So the next time you will use a free Wi-Fi hotspot, you should think about it twice.

Information Security Services - Wireless Penetration Test

Secure document storage is important for the purpose of future references and to meet formalities laid down by government. Scanning of documents and storing them in network systems with the help of password to archive and retrieve documents with ease and safety is important.

It is very vital that you store your documents carefully. Now that the regulations of government have become stricter than before, storing documents safely has almost become a necessity. Did you know that according the rules, you must keep your past documents for at least six years' time? Apart from the formalities, the documents are also useful for future references. This can end up taking a lot of space in your office; the hassles of maintaining them properly are far too many. This is where the secure document storage system comes into play.

There are various document storage companies around that offer you a range of container sizes and other services to ensure a secure document storage arrangement for your company. You could keep them in secured warehouses where your documents would be safe from fire and other emergencies. However, are they really safe that way? Life is changing and along with life, the demands too are changing fast. Old documents may be torn; the papers may turn yellow beyond recognition. Therefore, the most secure document storage solution is to keep your documents in the form of soft copies. They are in a safer zone when they cease to exist as hard copies.

It is important that the correct document storage space is chosen; you must ensure that the documents are kept in such a way that they suffer no damage. But, when you choose to keep your documents in the form of hard copies, it is always exposed to dangers. Moreover, once the documents are damaged, it is almost next to impossible to retrieve them. While some information can be recovered with a lot of trouble, some information may be lost forever. Document scanning can be helpful while you plan secure document storage. With the advent of document imaging systems, it has become very easy and convenient to store, index and get back documents and images. Documents are electronically piled up and this in turn, reduces the risk of losing them.

Various network systems also offer secure document storage; passwords are used to increase the level of security. There are several advantages of having your documents on central file storage. The details and passwords can be given to the employees of a large-scale company across the globe. With these passwords, the employees are able to log in and lay their hands on the particular documents they want. The documents then can be downloaded to their respective computers. Documents can also be updated and created by users.

All these aspects of Secure Document Storage make the work convenient and it becomes easy to archive and retrieve information since soft copies, as opposed to hard copies, have immense durability.

A computer is only as good as it's user, and unfortunately there are many, many, many less savvy computer users out there. For you to keep your computer secure, and therefore fast, there are some basic security practices that you must employ.

Protection from Spyware/Adware

Spyware and Adware are programs that are installed without knowledge on your PC. These programs track your internet activity, for the purpose of targeting you with ads, popups, or obtaining private information from you. They slow down your computer, and can be a security risk. To prevent them, you use a free antispyware program.

Recommended: MalwareBytes AntiMalware or Lavasoft's AdAware

Protection from Viruses

Viruses are more dire than spyware, because they intend direct damage to your system, and may have the intent of stealing identity information. Viruses replicate and spread themselves unlike Spyware. To combat viruses you need a well trusted antivirus.

Recommended: Avira AntiVir and Avast! Home Edition are excellent free solutions

Protection from hackers

Hackers attempt direct access to your computer through security gaps. Antispyware and antivirus programs do not protect from this sort of threat, which is the most dangerous of all. If your internet modem or wireless router does not have a built in firewall, you should get a free firewall of your own.

Recommended: PCTools Firewall Plus or Comodo Internet Security Firewall

Wireless Security

If you use a wireless router in your home, chances are it is very easy for anyone within 200 feet of your home to access your signal. This can be dangerous if someone has bad intentions. Set up a wireless password to access your wireless network. If you don't know how to do this, ask any manual you have for your router, or ask the company.

Good Passwords

Passwords do nothing if they are not chosen well. A secure password should be longer than 7 characters, and contain at least one number/symbol and a mixture of upper and lower case letters. In addition, you should not use the same password everywhere you have an account.

Safe Email

Be weary of what you open. If you do not recognize the sender or subject, do not open it, especially if the email contains an attachment. Common sense is the best medicine here.

If you follow these security practices, you should remain a safe computer user. Rest easy knowing that you won't be one of the many victims of online crime, or have to use your hard-earned money on replacing your computer every few years due to infections.

Nick Dimon writes about computer security and maintenance on his site http://www.crappycomputer.com/ with the purpose of informing and teaching users how to get what they deserve from their machines.

Remember, our simplified definition of cloud computing consists of shared computing resources that are virtualized and accessed as a service through an APL.

The Pros

1- Costs/capital expenditures

If cloud computing is right for your company, then major cost savings can be seen in buying and maintaining the needed infrastructure, support equipment, and communication costs. The vendors and/or service provider, who charge the users a utility or user type fee, own these costs.

2- Scalability

One of IT's biggest problem is the constant need to add more equipment to keep up with the growing demand of accessing, storing and analyzing information by both internal and external users. One example is in the data center where adding servers is a major cost issue (actually power for the data center is the number one issue, but it is related to the growing need for items like servers). Since cloud computing is virtual, one can expand or contract equipment/infrastructure as demands change.

3- Start - up

Since the cloud (theoretically) contains the infrastructure and applications, all one just needs to do is "dial" in to the cloud. One can start using applications immediately versus a customary installation, testing and then providing access to the appropriate user community. (Training is assumed to a constant.)

4- Business Applications

Again, the cloud (actually the vendors and/or service providers) through contracts (Service Level Agreements -SLAs) provides numerous business applications for any user who is their client. Again like scale, enterprises only need to know which applications they need to run their business and understand what is actually provided to have access to various business applications. (Training is assumed to be a constant.)

5- Flexibility

Since cloud computing is a virtual offering, a user has the flexibility to choose, on a regular basis, the applications, amount of bandwidth or the number of users by basically modifying his user contract and increasing or decreasing costs at a known rate or factor.

The Cons

1-SLA Agreements

This is the tricky and most important one. SLAs can be very involved and it really leaves the onus on the user to understand and define all requirements in specific detail, and more importantly understand what one is getting in the terms of support, performance, security, etc. A good example is quality of service; one should understand what is offered and what the recourses are if the specified quality is not maintained.

2-Performance

Performance guarantees are usually part of the SLA document, but I have singled this one out because it is critical to maintain the performance (uptime) one needs both for internal AND external users. Understand if the performance guarantee is defined as an average or just during peak times versus a "uniform" performance. If performance is compromised, it can impact many things including revenue and your company's goodwill.

3-Vendors

Not all vendors are created equally! Many vendors are claiming to provide cloud computing, but in reality, they are just providing a specific service, or a specific application or worst they are a middleman and provide no value-add at all. As I sated in my previous posting, one needs to understand the difference between cloud computing and hosted services or managed services or seemingly some form of virtualization. My best advice is to definitely get with reference customers and see if they model what you would like from the cloud.

4-Security

We all know that the internet has some security issues and since the cloud utilizes the internet coupled with applications infrastructure and support, users should be aware of the potential for new threats and increased risk exposure. It is important to include your firm's risk tolerance in any decision to move to cloud computing, as not all the security issues are understood, and new ones will arise.

5-IT Staffing

If one does utilize the cloud, then make sure one understands the vendor staffing that is available to support your needs and hundreds of others using their cloud. A number of vendors out-source staffing and some of the personnel may not be as good as your own internal organization. Ask the potential service provider if they have trained personnel to support the applications you request.

As I have always stated, know your strategy for your IT organization and your lines of business and weigh whether the "pros" out weigh the "cons" for going with cloud computing. Note that there are a number of advantages and disadvantages; do not be swayed by looking at cloud computing from only a cost-saving point of view.

In all probability the answer will be some thing in the "middle", i.e. some hybrid form of cloud computing.

As for security and cloud computing

In Forrester's article titled " A Close Look At Cloud Computing Security" by Chenxi Wang, Ph.D. Wang states "While cloud computing is able to deliver many benefits, organizations should not jump on the "cloud" wagon without a compelling business driver and a clear understanding of the security, privacy, compliance, and legal consequences. An effective assessment strategy covering these items will help you reach the ultimate goal: Make the cloud service work like your own IT security department and find ways to secure and optimize your investments in the cloud."

Forrester includes data protection, disaster recovery, and identity management as some of the areas under security and suggest that an audit of the potential cloud provider to see what level of security is actually provided.

As for compliance, the user should analyze how the cloud may or may not impact one's compliance requirements.

For legal and contractual issues, Forrester advises that one understands who owns/is responsible for what, between the user and the provider (the data, the infrastructure, etc.)

Another article by Network World's Jon Brodkin titled "Gartner: Seven Cloud - Computing Security Risks" he talks about seven security risk areas.

1. Privileged user access, sensitive data processed outside the enterprise.

2. Regulatory compliance, how does the cloud provider match your guidelines?

3. Data location, where exactly is your data housed?

4. Data segregation, understand that your data is "sitting" next to other's data

5. Disaster Recovery, what happens when there is an outage?

6. Investigating inappropriate or illegal activity may be impossible in cloud computing,

7. Long-term viability, what happens if your provider "goes away"?

Another article in Network World that reported on the RSA conference, and stated that the former technical director of NSA, Brian Snow is very concerned about vendors offering cloud computing from a security point of view. He is concerned about vendors not addressing current security issues and about new issues that cloud computing will create. Ironically another panelist was concerned about "Big Brother" listening in on cloud computing and how this might impact enterprises' privacy and compliance issues.

So to wrap up, the internet has security issues, and since cloud computing is in the internet, cloud computing will have those security issues, ones listed above, and ones yet to be discovered. It comes down to the risk profile for your corporation; what level of risk is right for your company relative to investing in cloud computing? Obviously part of the risk assessment depends on your type of company. If you are a financial advisor or in stock management where your intellectual property is basically the company then cloud computing as we currently know it is not right for you at any cost savings. If you resell ping -pong balls (no offense to ping- pong ball resellers) than the risk is relatively low and the savings from cloud computing outweigh the security and other considerations.

Have you conducted an adequate risk assessment before deciding to move to cloud computing?

Dick Lush http://www.firealarmmarketing.com or dick.lush@firealarmmarketing.com or phone 508-643-0411

Fire Alarm Marketing is a marketing and business development consulting team that focuses on product introductions, revenue generations, building partnerships and creating new opportunities and markets. We are a New England based company with more then 40 years of collective experience.

Being secure, is a concept which most human beings want to experience in their everyday lives. It is something we no longer take for granted in our fast technological age. There are all types of security, including national security, public security, and in the physical realm we encounter airport security, school security, shopping center security and home security, just to mention a few. There is also financial or monetary security.

In the world of computing, there are also all types of security, whether it be, network security, computing security, data or information security and application security. You can try free antivirus programs for windows xp and free antivirus protection software download. There are some concepts which occur throughout varying areas of security.

1. Threat. This is a way of setting off a risk that is malicious.
2. Vulnerability. A weakness that can be exploited by a threat.
3. Exploit. This is a vulnerability which has been triggered by a threat.
4. Countermeasure is a way to stop a threat from triggering a risk event
5. Assurance involves the guarantee that your security system will deliver what you expect it to.
6. Defense insures you never rely on only one security measure. There are free antivirus programs for windows xp and free antivirus protection software download for you to try.

With all this in mind, it makes sense to ensure that you have countermeasures in place to defend your system from threats and vulnerabilities when on the Internet. Every user is continually at risk and is a potential target.

Take all the precautions necessary to keep your network, information and applications free from attack. While it should be remembered that no user is one hundred percent secure, the main objective is to keep your system as resistant as possible from attack.

All software should be the latest version. Site Advisor or similar software is recommended along with the latest version of WordPress. Your Java run time (jre.exe) also should not be forgotten.

Do all you can to keep your cyber space secure.

MaryAnn Hay
http://allfreeantivirus.com

Security seems to be the last thing on a doctor's minds when they open and run a practice. Security goes hand in hand with liability and HIPAA rules. Failure to comply with HIPAA can result in the following:

- HIPAA allows both civil and criminal penalties, including fines and possible jail time.

- HIPAA allows fines of up to $100 for each violation of the law, to a limit of $25,000 per year for violations of the same requirement.

- Criminal sanctions for knowing misuse or disclosures carry fines of $50,000 to $250,000 and one to ten years imprisonment.

Having said that, there have been only a few fines actually imposed. The liability equation changes drastically depending on the types of patients you have. There are countless lawsuits where the staff is involved in leaking patient information to the media about celebrity patients.

Securing your office involves two main areas of focus: data that is paper based and data that is electronic. Paper based records need to be secured in locking storage rooms and or locking filing cabinets. All paper that contains patient information needs to be shredded. Unfortunately most practices that I perform an audit on do not shred their garbage where photocopies of patient IDs, credit cards, medical information end up when the printer, fax or copier do not perform properly. This is still the biggest threat and easiest to fix with a paper shredder.

EMR systems are great for office efficiencies but are more complex to secure.

The following is a basic outline to secure your medical practice and reduce your exposure to possible liabilities:

General Guidelines

1. Determine all points of entry into your network (DSL, VPN, Dial-up modems).

2. Make sure all entry point devices have passwords and are not set to factory defaults.

3. Make sure you have a firewall installed between your network and the Internet. The firewall needs to also have a password that is not the factory default.

4. Make sure all wireless access points have encryption enabled.

5. Make sure all computers have screen savors with passwords. Also make sure the password is not taped to the screen! Still the most common breach.

Technical Guidelines (performed by a security expert)

1. Run a network scan to determine how many computers and network devices are attached to the network. Removed all non-approved devices.

2. Run a port scan on every network attached device to determine each device's vulnerabilities. Close all non-required ports.

3. Run a port scan on the firewall from outside the office to indentify any unsecured ports. Close all non-required ports.

4. Review firewall logs for any intrusions. Reports any suspicious activity.

5. Review workflow and how staff handles patient records. Make recommendations.

6. Force staff to change passwords monthly. Don't allow them to tape password to monitor.

7. Standardize the desktops. A typical audit returns computers with Windows 95, Windows 98, NT, XP and Vista. Migrate all computers to one standard operating system such as Windows XP or Vista.

8. Remove all non-work related software. Music and file sharing software pose risks.

9. Check for remote desktop access software that users install to bypass the firewall and gain access to their desktop. (LogMeIn.com, GoToMyPc.com, VNC)

10. Make sure computers have virus protection that is up to date.

11. Make sure computers have a firewall running.

12. Turn on the screen savor with password protection to protect against the cleaning staff.

13. Make sure all patient information that is thrown in the trash is shredded.

14. Create procedures to properly secure patient records. (Don't leave a patient folder in an exam room. If you view patient records on a computer in the exam room, make sure you lock the screen when you step out. Don't leave patient files in the back seat of your car.)

Once your network is secure, your attention needs to be focused on training and staff behavior. In just about every office I visit, the staff has downloaded music applications with some applications used to find music on the internet. What starts as a harmless act of simply trying to have music to pass the time on slow day's turns into exposing the whole network to Trojans and Viruses. The computer is compromised even with the latest anti-virus software and firewall because the user was tricked into downloading harmless looking software bypassing all safeguards. The first thing the programs do is disable the anti-virus programs and Microsoft software updates. This leaves them free to propagate throughout the network.

Conclusion

Security is not a one time event. Security needs to be built into every process. I do a complete audit when I start a project and close all discovered vulnerabilities. Clients like a monthly or random security scan to discover if the new policies are being followed. You can always contact us and we will be happy to give you a free consultation and or point you in the right direction!

Globotron.com We are like your accountant who takes care of all your financial needs; we take care of all your business technology needs in the NYC area. We work with your business to properly align technology to provide you with the competitive advantage you need. We are not another vendor selling you a product but your partner managing all your technology needs including working with your existing vendors. We do not point fingers when something goes wrong, we fix it no matter whose problem it is!

We have all heard stories on the news about email viruses wreaking havoc on computer systems. To keep computer systems in top performance you will need to know the risks, and what you can do to protect yourself from viruses and computer hackers.

Our world today practically relies on the computers and the Internet. A massive attack on of a computer virus could wipe out communications, air traffic control, hospitals and credit cards. Specialists with training in computer and network security are needed to help us protect this information by preventing, detecting, and responding to attacks.

As Security risks are becoming greater, qualified people are needed to keep computer networks secure. You can learn to defend computer networks against scams, fraud, espionage and more when you earn a degree in computer network security.

This course of study will teach students how to install, maintain, and monitor existing security software for both the private and public sectors. Students will be able to build computer security programs, fix existing programs, install security software, and be able to recognize when an intruder is attempting to hack into a computer network.

Jobs in network security cover many different areas. Here are some jobs in Computer Network Security:

· Database administrators work with database management systems software and determine ways to organize and store data. They identify user requirements, set up computer databases, and test and coordinate modifications to the computer database systems. They basically manage and protect a company's data.

· Computer Systems Analysts solve computer problems and apply computer technology to meet the individual needs of an organization. Systems analysts may plan and develop new computer systems or devise ways to apply existing systems' resources to additional operations. Computer systems analysts use the computer's technical abilities to meet the needs of a particular type of industry or company.

· Network Administrators and Computer System Administrators oversee network security as part of their jobs. They also design, install, and support an organization's local-area network (LAN), wide-area network (WAN), network segment, Internet, or intranet system. They also provide day-to-day onsite administrative support for software users in a variety of work environments.

· Computer Security Specialists are employed for the sole purpose of working on computer security for a company. These specialists plan and implement computer security for an organization. They may also train others in computer security, install computer security systems, and monitor networks for breaches in security. They may even be called upon to respond to cyber attacks, and even collect data and evidence to be used in prosecuting perpetrators.

These careers are expected to continue to grow according to the U.S. Department of Labor. Salaries in this industry range from $58,190 to $66,460.

Mary Hart in an in-house writer for Online-Degrees-Today.com and has been writing about Computer Science degrees since 2004. To learn more about how to earn your Degree in Network Security, click here.

Things all computer users should know, but most do not. If you have an understanding of all of these principals you should never have a major problem with security on your computer. The average computer user does not know how insecure their computers really are.

Passwords

Passwords are an integral part of any computer use and as Bill gates says; the weakest link in the protection of information. A secure password consists of letters, numbers and capitals. For instance, using fluffy as a password, is not a secure password, The phrase is completely letters, and no capitals. however fluffy85 is better, but still not totally secure. Ideally, 19FlFfy85 is the most secure password, using capitals, numbers and letters. Other than the password itself, another top reason why a persons information is compromised is fraudulent emails and phony websites. This brings us to the next topic of Privacy policies.

Privacy Policies

On every website (at least with every company or business website) there should be a privacy policy, which is inherently agreed on when you are browsing the website. All privacy policies in Australia should comply with the privacy and information act, some guidelines are available at http://www.privacy.gov.au/publications/npps01.html. For other countries, please contact your local or state government to find relevant information. These Privacy policies, make sure that your information is protected, a simple rule is if there is no privacy policy, then do not enter in any information. There are companies that endorse and make sure that the privacy policy complies with all the relevant Laws and legislations, however for the majority are based and service sites based in the United States, a company that does this is Trustee™. This logo will only be found on U.S company websites.

SSL Certificates

What are SSL Certificates? SSL certificates, takes the data you enter on your computer, like your name, credit card number for instance, and encrypts it to 128bit key. To break down this to laymans terms, if you where to try and guess a number between 1 and 10, it could take you up to 9 times to get the right number. How about a number 1, followed by 38 zeros, this is a rough approximation of 128bit encryption? If the attacker where to try and gain access to your information, using a computer that could guess 1 trillion numbers per second (which does not exist yet), it could take up to a 2 million, million, million years to gain information. SSL certificates are very important when personal information is entered. Internet Explorer and most other browsers display a little yellow lock somewhere on the page, if the SSL certificate is recognized. However, there are a lot of SSL certificates out there, that are not picked up by Internet Explorer or other browsers. When a website has an SSL normally there is a “click to verify” Button with the organizations logo somewhere on the page. Most very secure, offering 128bit – 1024bit encryption. Generally, these logos indicate a safe site, but there is many more in addition to these two.

Firewalls

Firewalls are either programs or hardware that prevent outside influences from affecting your computer. The way this works is by limiting the information that your computer allows for it to communicate to online. Nowadays Microsoft Windows and other operating systems are integrating software firewalls in with their communications and network settings. This allows your computer to access certain protocols, and block and restricts others. Obviously, hardware firewalls are much more effective. These can make an electronic “cut” in the cord of the other protocols that are not used. Although even hardware firewalls can still be hacked, it makes the process incredibly hard, as the hacker is reduced to a protocol that could be watched or used by the computer at the time he/she is trying to gain access. Even with operating systems such as Microsoft Windows incorporating their own firewalls into their programs, it does not guarantee security.

Even though a true black hat hacker could hack through any program and bypass hardware firewalls, if they were determine enough. You can always slow them down, if you really want to secure your computer. But remember, not to fill your computer with so many programs to prevent hackers that it changes the speed or effectiveness of the computer. If you are really concerned, simply unplug that network line and work off line, then save all your work to a portable media and restart with the network cable plugged back in. That will erase most traces of the file you were working on. Most of the main stream firewalls will do a sufficient job. Such as Norton™ or MacAfee™, keep in mind the more mainstream you go the more hackers are working on getting through that particular piece of software. We use Tiny Personal® Firewall. It takes a while to setup and clarify which protocols are used by you, and which are not. But if you are prepared to take the time for a week or so, then you will find a program like that is considerably hard to break through. This is being used by the US Air force for their computer systems; you can download it at [http://www.brothersoft.com/Utilities_Security_Tiny_Personal_Firewall_81.html].

Virus Protection and removal

Viruses are one of the biggest computer problems in the world today. The majority of computer services includes or only consists of virus removal and protection. A big reason why most people get viruses is that they trust and use mainstream virus protection programs, which are targeted most by the developers of viruses. They are designed specifically to get around Norton, and MacAfee. There is nothing wrong with these mainstream virus scanners, when a new virus comes along, usually they’re on top of if within 24hrs or so. We have found that the best anti-virus, through testing and long term use is Avira AntiVir™. This is a free virus Scanner for personal use and can be found at http://www.free-av.com/.

Cookies

Cookies are temporary files used by your computer. Usually they hold information like your preferences used in a website, or which country you are from (depending on the website). However there are some websites that are able use cookies to allow virus to get through, or keep your personal information, to send off to another website. We recommend deleting your cookies every month or so, depending on your internet usage.

Trojans (Trojan horses)

A Trojan is a type of virus, the name taken from the Trojan horse mythology. It works very much like that myth. They are programs that you willingly install on your computer, and they contain and subprogram in them, to send off information, change settings for hackers, or release a virus. They can be very dangerous. The good news is that most virus scanners pick up Trojans, and a good firewall will prevent the information from sending. You do occasionally, find a program that can sneak past both programs, and you will never even know its running. It is good habit, to periodically check what is starting up when your computer starts. You can do this with a third party program, by checking your registry or by using some administration tools. PLEASE NOTE THAT THIS IS ENTERING THE ADMINISTRATION OF THE COMPUTER, ANY ALTERATIONS CAN POTENTIALLY DAMAGE THE STARTING OF YOUR OPERATING SYSTEM. Go to the start menu and click run (this may be turned off in the task bar settings). Type “msconfig” and then press enter. In the tabbed menu, there should be a tab named “startup”; click on it and you will see a list of programs that start up when your computer does. You can use the check boxes to stop a program from starting up. If you get to know this list very well, you will quickly know if a new program starts when your computer does, if it is an unknown program, it could well be a Trojan. I cannot stress enough to be careful when you are performing this. If you can, get an experienced computer technician or your local computer whiz to help.

Spy ware and Ad ware

Spy ware and ad-ware are types of Trojans. They usually represent one program, but in installing that program, the programmer puts sponsor ads on your computer. These sponsor ads are nothing but ads on your computer. Most of these are just annoying, not so much bad for your computer. Again, most of these can be fixed using the method described before hand in the Trojans section, but because they are not so much a virus or anything harmful, they can go unnoticed by all the associated programs. There are special programs that are designed to get rid of these types of programs. Programs like ad-aware™ and Spybot™ - Search & Destroy™, we have found these programs to be particularly useful. Driver Updating Another very important thing for you to do on your computer periodically is to update your drivers for all your components. Drivers are the scripts in the computer that make your components work. For instance, your graphics driver contains all the code your graphics card needs to display the right thing on your monitor. Updating these periodically can prevent some hack attempts, and also keeps your computer running smoothly.

This keeps your computer running smoothly even with the installation of newer programs and applications. The most important drivers to update are your graphics and sound drivers. Now if you do not know how to do this yourself, again seek assistance, we will run through it here with you, but there is nothing worse than stuffing up a direction and then having to spend hours trying to fix a mistake. Ok the first step is to find out the manufacturer of the component you are looking to update. You can find this in Control Panel -> System Then in a tab up the top you should find “device manager”, if you are on vista, there is a link to it on the top left of page your looking at. In vista, there is an authorize screen that blacks out the screen for you to allow the program to run. Once you are in the device manager, just browse through the categories, if you are looking to update your display adapter, then look under the category “display adapters” obviously. Then it will show you the manufacturer and the model name. From here, we just go to the manufactures website (usually [http://www.insert-manufacturers-name-here.com] but sometimes its .tw or a weird extension like that) which can be found using Google. Once you have got to the website, look for a support, downloads or drivers section anywhere. Once your there, you just need to find the right driver, download it. And with most they will just all be wrapped up in a nice .exe file. Sometimes they need to be installed another way, but in this case they will have instructions with them, as long as you follow the instructions EXACTLY you will be fine. Now remember you don’t have to update every single driver on your system. A lot of the smaller drivers are updated with a Windows Update™ (www.windowsupdate.com). Mainly your graphics drivers and your sound drivers remain the same through all the updates.

Keeping your computer from going JERKY . The number one hate of computer users is waiting for the computer to load after using a few programs, then having to restart, because everything is just frozen. THIS HAPPENS ON MACS™ TOO, even if they do not like to admit it, sorry it just had to be said. Now there is a few ways to fix this one is with added hardware, adding more RAM will let you use the computer for a lot longer and do a lot more before it gets to the jerky stage. Other ways of doing this is to only open or load one task at a time, even though this is really annoying when you want to open up for music player and your Word editor, Photoshop™, and Internet Explorer™. Opening these one at a time lets the computer process once data set then the next then the next, instead of trying to process all of them at the same time, and getting the “freezing” effect, where it is processing a section of each data-set at the same time.

If you follow everything lined out in this report, you should have no problem keeping your computer safe, secure, and running smoothly.

Tony Schirmer is the owner of the computer news reviews and How-To's site, http://www.tekfix.com.au/ Tekfix is one of the fastest growing computing sites online, striving to share articles covering every aspect of the computer and technology era.

At some point in our lives most of us will be ensnared by some kind of internet virus, whether its due to poor quality anti-virus tech, dodgy emails, phishing attacks or infection by a friends computer internet virus' affect us all. Viruses range massively in terms of effect and the dangers they pose, a virus on a personal computer can be bad enough but it can be devastating if your business networks and systems are infected. The best way to ensure that your business is protected from viruses is by utilising the skills of IT security consultants.

Dangerous viruses

Many company computers hold vital data, either from clients or the business in question as well as personal communications. This is not information you want in someone else's hands or worse, leaked onto the internet. Viruses can lie dormant in your system for months, intercepting and collecting often vital data without the users knowledge, others can crash sites or even computer software.

The higher the success, the greater the threat

The more successful and prolific a business, the higher the risk of attack. Instead of being affected by viruses intended to infect as many computers as possible at random, hackers and cyber criminals deliberately target a business in order take information and make money from it illegally. There are scores of hackers and cyber criminals searching for sites with weak security in order to exploit it for their own personal gain. Companies like Sony and Amazon have all faced difficulties with hackers and cyber criminals; everyone needs to bear security in mind.

Technology moves at an incredibly fast rate, viruses are no different. New ones are being constantly created and so security technology has to keep up with them. IT security consultants aim to make sure that your systems have the most up to date protection to deal with everything the internet has to throw at them.

Security at a business level

IT security consultants use their valuable experience to ensure that your company's website is secure and helping you move your business forward. The type of anti-virus technology you might use at home is not recommended at a business level, as previously stated your company may be directly targeted and aggressively pursued something domestic anti-virus tech was not designed to deal with.

The internet is a vital resource for modern business yet it also brings fresh dangers and security risks, IT security consultants can ensure that you get all the advantages the internet brings whilst minimising the hazards.

Trustmarque pride themselves on being able to protect your business online with their experienced IT security consultants. If you need your computers and websites protected, contact Trustmarque them on their website today.

In part one I explained why you need to secure your wireless network. I'm glad you came back to part two. Let's get started. I am going to use a Buffalo Nfinity wireless router for this demonstration. The thing to remember is that what I am going to show you here can be done on any wireless router. You may have to check your documentation to find where the settings are for what you are trying to accomplish in the web interface of your router.

Note: If this is a used router the first thing you need to do is reset it. Find the documentation for detailed instructions on doing this. It will set your router back to factory defaults. It is usually just a matter of pressing the reset button on the back of the router.

If your router came with a setup disk feel free to use it to set your network up. Once it is complete please continue with this document to make sure it did everything is was suppose to.

DISCLAIMER:

While every reasonable precaution has been taken in the preparation of this document, the author is not responsibLE for errors or omissions, or for damages resulting from the use of the information contained herein. The information contained in this document is believed to be accurate. However, no guarantee is provided. Use this information at your own risk.

The first step is to setup your router. Please follow the getting started documentation that came with your router. If you do not have documentation go to the manufacturer's web site and download it. If you do not want to do that you basically do this. Set the router up and do not plug it in. Unplug the network cable from your computer going to the modem and move it to the router in the port labeled WAN. There will be five ports on the back of your router. This will be the one that is setting by itself. Next, plug an Ethernet cable from any of the four open ports on your router and connect it to your computer.

Just to make sure there are no issues, reboot the modem. After it completely boots plug in the router and let it boot. After about a minute you should be able to access the Internet.

First we need to configure the router. You will need to find the documentation for your router for this next step. You need to find the IP address of the router. All manufacturers have a default IP address for their series of routers. Linksys uses 192.168.1.1, NetGear uses 192.168.0.1 and the default IP Address of the router I am using is 192.168.11.1. If you cannot find the documentation try this. Click on the Start button and then choose Run. Press the Enter key. A DOS window will open. Type ipconfig and press Enter. The ip address of you computer will be displayed. Normally, the IP address of your router will be the same as the first three octets off your IP adress and the final number will be a 1. For example, if your IP address is 192.168.1.2 your router's IP address will be 192.168.1.1. Some routers have the default IP address that ends in 254. If you can't find the IP address of your router, in the DOS window type tracert http://www.google.com and press Enter. The first line will show the IP address of your router.

Open Internet Explorer, or better yet FireFox ,and in the address bar enter the IP address of your router and press Enter. You will be asked for a user name and password. Again, this is in your documentation. If you do not know, or cannot find the documentation go to a site that list the default usernames and passwords for popular routers. Those links are available in this article posted on my site. After successfully passing credentials to the router the configuration interface will display. Let's look at the status of your router. Find a tab or link that shows, your guessed it, the status of your router. The one on my router is labeled System Info. This page shows your IP Address, Subnet Mask, Default Gateway and the DNS servers. Check out my website posted below and find the article labeled "Understanding the Terminology You will find it in Articles" if you would like to know what all those terms mean. You should see something like this.

You are ready to make your first change. You will set a password on your router. You don't want them to be able to change the settings you are about to make. You should set a fairly strong password, in other words, no words found in the dictionary, a minimum of 8 characters, upper and lower case and at least one number. This will make it secure. To test your password go here and see how strong and see how strong it is. Find the page to set the router password. Mine is Admin Config. You normally cannot change the administrative user name, but you can change the password. Type in your password, then verify it, then press the button to save it.

The next thing you need to do is set the name of your wireless network. This would be changing the field labeled SSID . Mine is in a section labeled Basic Wireless Configuration. Set this to anything you want. You may not want to set it to your last name if you have people around you that may try to crack your network if they know it is yours. I personally do not care about that so I set mine to HAG. Set the name and apply it. The router will reboot and place you back on that screen.

This is the name that will be broadcast to clients looking for a network. If it is secured they will be asked for a key. Without the key they cannot connect to the network. It is more secure to not broadcast your SSID, but that is not part of part one. If you want to strengthen your network just keep reading. For now, just allow the SSID to be broadcast. It will make connecting a client to it much easier if you have not done this before.

The final, but most important, piece of part one. You need to choose an encryption type for your network You will have a large number of choices, way too many to cover here. I will just give you my suggestions, and tell you which ones to not even consider, and why. Find the Wireless Security section of the router web interface. Mine is Wireless Security Settings. Here is where it gets confusing. You may see the terms WEP, WPA, WPA Pre-Shared Key, WPA2, WPA personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise, TKIP, AES, RADIUS and No Encryption. Which one do you choose? There are going to be a bunch of different opinions on this one. You want to choose the strongest one. This will vary from user to user, and you may have to back the encryption down, but I'll tell you how and why. First, what do all these acronyms stand for? Here we go:


WEP (Wired Equivelancy Privacy)
WPA (Wi-Fi Protected Access)
WPA2 (Version 2 of WPA)
TKIP (Temporal Key Integrity Prtotcol)
AES (Advanced Encryption Standard)
RADIUS (Remote Authentication Dial-In User Service)

Which one(s) to choose:


No Encryption (Answer that one yourself)
WEP (The lease secure. Avoid using it if possible)
WPA (Good)
WPA2 (Best)
TKIP (Good)
AES (Best)

Sounds pretty cut and dry doesn't it? WPA2-AES. That is the first one you will want to try. Here is going to be the problem. If the wireless card you are using does not support it then it simply won't work. If this is the case drop back to WPA2 -TKIP. Does it work? No. Try WPA-AES, then WPA-TKIP, then lastly WEP. You may also see TKIP+AES. This is fine. It will try AES first, if not successful drop back to TKIP automatically. For WPA and WPA2 use the personal settings. Enterprise and RADIUS require other hardware and is meant for what it says, enterprises.

That is only one part of this. The other is the key strength. In WEP you will have a choice of 64 bits 10 hex digits and 128 bit 26 hex digits. What is a hex digit? These are hex digits 0-9 and A-F. Hexadecimal is base 16. If you add the digits between 0-F you will have 16 digits. I got off track there, but if you didn't know, now you do. In WPA and WPA2 you will be presented with either a pass phrase, or shared key. Try to use a minimum of 8 digits, letters, upper/lowercase and words not found in the dictionary, but preferably 20 or more. I use WPA-AES with a 25 digit/character password.

Once you do this you have a secure network. You can now attach a wireless client to it to test it. This test will allow you to see if your network card will support the encryption you chose. If it will not connect start backing the encryption down as described above.

I'm going to show you how to connect using Windows Wireless Network Connection tool. If you are using a third party tool, like Broadcom Wireless Lan tool the Windows tool will not be available. To make it available you need to close the third party tool. Right click on it in the system tray (The tray by the clock) and exit the tool. If this is not available try this:


Right click on My Computer and choose Manage.
Click the plus (+) next to Services and Applications.
Highlight (Click) on Services.
To make it easier to see click on the Standard tab.

Look for the service that is handling your wireless connections. Mine is Broadcom Wireless LAN Tray Service. Right click on it and choose Stop.

Now that you have no services managing your wireless connections, while still in the services window, go down to Wireless Zero Configuration . Right click on it and choose Start. You have now enabled the Wireless Network Connections tool.

Note: When you reboot, or log off, these settings will be lost. If you want to keep them you will have to disable the service for the third party tool and make sure Windows Zero Configuration is set to Automatic.

Right click on the wireless icon in the system tray and choose View Available Wireless Networks.

You will now see all the wireless networks with range of your wireless card. If you live in a well populated neighborhood don't be surprised to see a lot of them. Some of them will probably be unsecured.

Just for the fun of it try to connect to it. You will be informed that you are connecting to an unsecured network. If you click Yes you will be connected to your neighbors network. Disconnect if you do that since we are going to connect you to you secured network. Highlight (Click) on your network and choose Connect.

You will be asked for your network key. Enter the key, press the Tab key, then enter it again. Once you are done click on the Connect button.

You will be connected to your secure network and can now surf the net.

The key word here is You! You are the only one connected to your network.

This concludes PART2 If you would like to strengthen your security please read PART3. I hope to see you there!

A direct link to this article, complete with images and links to the tools mentioned can be found at TechAlternatives

We help you Discover Your Choices

Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. You may not see it, but almost all of your company's information is in digital form somewhere in the system. These assets are critical because they describe everything about you; your products, customers, strategies, finances, and your future. They might be in a database, protected by data-center security controls, but more often than not, these assets reside on desktops, laptops, home computers, and more importantly in email or on some form of mobile computing device. We have been counting on our firewall to provide protection, but it has been estimated that at least fifty percent of any given organization's information is in email, traveling through the insecure cyberspace of the Internet.

Digital Assets are Unique

Digital assets are unlike any other asset your company has. Their value exceeds just about any other asset your company owns. In their integral state they are worth everything to your company; however, with a few "tweaks" of the bits they are reduced to garbage. They fill volumes in your data center, yet can be stolen on a keychain or captured in the air. Unlike any other asset, they can be taken tonight, and you will still have them tomorrow. They are being created every day, yet they are almost impossible to dispose of, and you can erase them and they are still there. How can you be sure that your assets are really safe?

Understanding Physical Security Architectures

Physical assets have been secured for thousands of years, teaching us some important lessons. An effective security architecture uses three basic security control areas. Let's assume you want to create a secure home for your family; what would you do? Most of us started with the basics; doors, windows, locks, and perhaps a fence. Second, we rely on insurance, police protection, and we may have even purchased an attack dog or a personal firearm. Given these controls, you may have taken one more step to provide some type of alarm. Not trusting your ears to detect an intrusion, you might have installed door and window alarms, glass break sensors, or motion detection. You may have even joined the neighborhood watch program in your area. These are the controls everyone uses, and they are similar to the controls that have been used since the beginning of mankind.

Which is most important? Looking at the three categories of security controls used, the first consists of protective devices that keep people out; doors, windows, locks, and fences. Secondly, alarms notify us of a break-in. Finally we have a planned response control; the police, use of a firearm, or recovery through insurance. At first glance it may appear that the protective controls are the most important set of controls, but a closer look reveals that detection and response are actually more important. Consider your bank; every day the doors are open for business. This is true of just about every business, home, or transportation vehicle. Even the bank safe is generally open throughout the day. You can see it from the bank teller counter, but step over the line and you will find out how good their detection-response plan is.

Evaluating your Company's Approach

Now look at your digital assets; how are they protected? If you are like most organizations, your entire security strategy is built on protection controls. Almost every organization in America today has a firewall, but does not have the ability to detect and respond to unauthorized users. Here is a simple test; run a Spyware removal program on your system and see what comes up. In almost every case you will find software installed on your system that was not installed by an authorized user. In the past this has been an irritation; in the future, this will become the program that links uninvited guests to your data. Bruce Schneier, a well known security author and expert writes in his book, Secrets and Lies, "Most attacks and vulnerabilities are the result of bypassing prevention mechanisms". Threats are changing. The biggest threats likely to invade your systems will bypass traditional security measures. Phishing, spyware, remote access Trojans (RATS), and other malicious code attacks are not prevented by your firewall. Given this reality, a detection response strategy is essential.

It's time to review your security strategy. Start by asking three questions. First, which assets are critical to your business, where are they located, and who has access to them? Second, what threats exist? Determine who would want your data, how they might gain access, and where the possible weaknesses in your security architecture lie. Finally, how comfortable are you with your company's ability to detect and respond to unauthorized access. If someone wants access to your data, preventative measures alone won't stop them.

Begin planning a balanced security architecture. Start by adding detection controls to your prevention architecture. This does not mean simply adding intrusion prevention software (IPS), but rather creating a system to proactively monitor activity. Intruders make noise, just like in the physical world, and with proper event management, combined with zero-day defense technologies of IPS, network administrators can begin to understand what normal activity looks like and what anomalies might be signs of an attack. In a recent interview with Scott Paly, President and CEO of Global Data Guard, a Managed Services Security Provider (MSSP), Scott said, "Threats such as worms and new hacker techniques constantly morph, so the most viable model for optimum security is a blend of preventive and predictive controls based on analysis of network behavior over time". By balancing prevention, detection, and response, companies can defeat most of the latest hacker attempts.

David Stelzl, CISSP is the owner and founder of Stelzl Visionary Learning Concepts, Inc. providing keynotes, workshops, and professional coaching to technology resellers. David works with executive managers, sales people, and practice managers who are seeking to become market leaders in technology areas that include Information Security, Managed Services, Storage and Systems solutions, and Networking. Contact us at info@stelzl.us or visit http://www.stelzl.us to find out more.

After the recent disclosures on Wikileaks, which have marked the "life" on the internet and further, many businesses and organizations have begun to fear for their company's security posture and corporate data.

The extended use of social networks and new technologies such as cloud services are gaining the attention of businesses and employees. This leads to a wide use even in the workplace, but without taking the appropriate security measures, so as to ensure systems' functionality against hackers.

Below, there are three important ways to address these threats:

1st Step: Authentication

The authentication process uses a system to validate user's identity. For more than 10 years businesses use this system to provide users - employees with passwords and usernames, so they can access web applications and company's information system. In this way employers give rights to users for accessing business applications and can control everything that is being processed during the use. You can separate the access policy according to the type of user, e.g. one for employees, another for partners and a different one for customers.

2nd Step: Authorization

Authorization is a security policy that defines the type of data the user has access. The documents' disclosure from Wikileaks is a great example of lack of authorization. This means that very few people should have access to confidential information, which does not apply in the previous case.

3rd Step: Accounting

Essentially, accounting controls the reliability and security of the information system. The most popular method to make this possible is electronic discovery (e-discovery), through which not only we can preserve historical records and our actions, but also it helps in forensics investigations. There are many applications that can help you with this and usually work by sending an email each time it records something. New features are in the spotlight.

The benefits that you will gain by using these technologies are huge in comparison with the efforts that you will make to implement them. Do not let Wikileaks happen to you...

Trust-IT

Wireless Penetration Test

It wasn't all that long ago when personal computers where restricted for offices and wealthy households. Moreover, computer networks where practically unheard of in residential settings, such technology was reserved for large office buildings - things however, have progressed considerably over the years.

One of the most common methods to share a broadband connection within homes and offices today is using wireless technologies.

Although such technology has revolutionised the way people can access networks and the internet it does have a major disadvantage, one that was not prevalent with coaxial cables or the more familiar CAT5 network cable; this being security.

The technology that comprises a wireless network usually consists of a wireless router; wireless receivers (generally USB dongles or built in antennas); and in some cases one or more repeaters (if the signal needs to span an exceptionally long distance).

Once set up, the wireless router will happily start broadcasting and accepting information within a certain radius. This essentially means that your next door neighbour (or anyone in range!) could be accessing your network, and leaching your internet connection - which as well as invading your privacy could be costing you money if you have a broadband usage allowance.

So, the first line of defence is to familiarise yourself with your network and your routers configuration options, which are usually accessed via a browser window

Router manufactures tend to apply the same SSID (the networks name) and login details for all of their routers, so to begin with, changing these to something more personal is the first line of defence.

Following this you should apply some form of encryption, the popular choice being WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access), the later of which is the most secure. This involves applying a specific "key" that any computer attempting to access your router will need to input.

Lastly, possibly one of the best ways to ensure only devices of your choice have access to your router is to establish MAC filtering. MAC or Media Access Control is a unique code given to every physical network device.

Therefore, finding out the MAC code for each device in your network (this can prove difficult to the untrained so referring to the manufactures manual is recommended) and inputting only these addresses on your MAC filter list will ensure only they will have access.

In conclusion, securing your wireless broadband network is relatively easy, with a wealth of broadband sites out there offering helpful information and guides you're never far from help. Such sites often allow you to compare broadband packages, as well as offering expert help.

Computer hacking happens when hackers who know your password do not have to resort to technological exploits, instead they can log on and do anything that you can do on the computer or network. Keeping your password secret is one of the most important things you can do to in information security to protect your computer against security breaches.

The first step in information security is creating strong passwords that cannot be easily guessed or deduced. Tips for creating strong passwords include the following: Do not use personal information for your password. Social security numbers, driver's license numbers, phone numbers, birth dates, spouse names, and pet names are all factual information that can be found out by others.

Do not use words that are in the dictionary, including words in foreign languages. Dictionary attacks try these words and combinations of them. Do use a combination of uppercase and lowercase letters, numbers and symbols. Do not substitute numbers for letters to make words (for example, s0ph1st1cated). Hackers are aware of this trick. Do not use sample passwords that you see in security articles or books, even if they are exceptionally complex.

Generally, longer passwords are harder to crack because a brute force attack must try more combinations before finding a correct one. Windows XP allows up to 128 character passwords, although the welcome screen only displays 12 characters at the password prompt. You can switch to the classic logon screen, or just keep typing the characters after the password field appears to stop accepting them.

Do use a combination of letters, numbers, and symbols that have meaning to you so you - but no one else - will be able to easily remember the password. For example, mfcrB&G might mean EURomy favorite colors are Blue and Green to you, but to anyone else while computer hacking it looks like a random combination of characters. Do select a password that you can type quickly, to minimize the chance of someone discovering it by watching over your shoulder when you type it. However, do not use common key sequences such as qwerty.

After you create a strong password, you must keep it secure. Tips for keeping passwords secure in information security include the following: Never share your password with anyone else. Do not write your password down. This is the reason why you need to create a password that is easy for you to remember. If you disregard this advice and do write it down, keep the written copy in a locked off-site container.

Do change your password on a regular basis, even if your network policies do not require you to do so. Always change your password if you suspect it might have been compromised (for example, if someone was standing over you when you typed it). Do not use the same password for multiple purposes. For example, some people might use the same number combination for their ATM PIN, network logon password, e-mail password, and for all protected Web sites. If this password is cracked in computer hacking, all of your accounts and activities will be compromised.

Appin Knowledge Solution is an affiliate of Appin group of companies based in Austin, Texas (US) known worldwide for education and IT training and information security training.

The absolute foundations of a firm's customer relations are confidence and trust. This makes information security and confidentiality one of the most significant duties you agree to when you choose to be a CPA. With office productivity becoming more and more dependent on online communications, and with the net becoming progressively more complex and vulnerable to internet crime, this can easily become a problem if your clients perceive you as uncertain about how online security works. Your CPA website is a main constituent of your online security strategy. Many of your clients are not especially internet savvy, and the data they routinely send you is very sensitive. To protect them you're going to want a perfunctory familiarity with your website and it's security features.

Of course, ground security is important. Let's just assume you have that covered. This means your network access is restricted to your own dedicated IP (your IT guy can tell you what that means), your computers require password protected logins, you keep your doors locked at night, and your office is protected by a good alarm system. It's fairly easy to secure your physical location, but once you start transferring data holes in your security become trickier to fill.

The weakest of weak links in any accounting firm is email.

Let me put this plainly. Email is a wonderful medium for routine communications, but it's ease of use has lured many accounting firms up the garden path. Don't allow your clients and staff to email confidential information.

When you send an email you send it "out there". Much of the process occurs on servers over which you have no control, and for which there is little or no accountability. There is a common misconception that when you send an email it goes straight to the recipient, but nothing could be further from the truth. Messages are routed through an vast network of mail servers. By the time it reaches it's destination it's likely passed through a dozen or so third party servers. If even one of these servers has been compromised by a hacker's virus or trojan, so has your email. Identity thieves harvest huge amounts of information in this way.

There are ways to make it harder to open the file. Passwords and encryption can slow a hacker down, but it won't necessarily stop one. Given time there's no password that can't be broken and every time computers become faster and more powerful encryption becomes easier and faster to hack.

Design your accounting website to compensate for these risks.

When you design your website include a Secure File Transfer feature. This feature allows your ISP server to connect directly to your web server and transfer the data. There are no third party servers relaying the information. Every client should have his or her own password protected directory on the server, rather like an online safe-deposit box, so that only you and they can access it. Encrypting the transfer adds another layer of protection that will protect your data from an "insider attack". The best of these systems will even let you store the data on the web server in an encrypted format making the system suitable for long-term document storage.

There are a few security standards you should know about.

Passwords

Passwords need to be protected from "brute-force" attacks by forcing a time-out if a login attempt fails more than a few times in a row. This will prevent automated programs from hacking the password by simply trying all the available permutations. The longer your password is the more secure it is. The absolute minimum safe password length is eight characters, and passwords should be alphanumeric (containing a mix of letters and numbers). Human beings are the most common cause of compromised passwords. Hackers call this "social engineering". You'd be shocked how many hackers get people's passwords by simply asking for them. Never tell anyone your password, and avoid leaving them written down anywhere that your staff and clients can find them.

Security Certificates

Security certificates are central to online encryption. They store the keys used to decrypt online data. Make sure you get your security certificate from a trusted source and you keep it up to date or your users will receive warnings from their browsers when they try to use it.

SSL and TSL

These are encryption protocols. SSL, or "Secure Socket Layer" is an older protocol that is still seeing widespread use. The second commonly found encryption protocol is much newer. The adoption of "Transport Layer Security" has been slow because many offices use older equipment or unsupported applications that are incompatible with it. Both work pretty much the same way. TLS has made some technical improvements, but the details are too technical to explain here. There is a third type called PCT, or "Private Communications Transport" that is relatively unused.

SAS 70

This is an accounting industry standard managed by the AICPA. It's a simple auditing statement. It's not just industry self-policing, though. Publicly traded accounting firms must be SAS 70 certified by law. A SAS 70 certification indicates that the security has been accepted by the auditor.

Gramm-Leach-Bliley Act

Also called the "Financial Services Modernization Act", this legislation includes rules that govern the privacy standards of all financial institutions which by definition includes any firm that prepares taxes. This rule has very particular requirements that has to be adhered to by all accounting firms, including in regards to information security. All accounting firms and other financial institutions to produce a written information security scheme, appoint an individual to manage security, scrutinize the security standards of every division working with customer info, establish a continuing program to monitor information protection, and keep these procedures current with changing technology.

Kenny Marshall is an internet marketing consultant and former VP of CPA Site Solutions, an Accounting Website Design firm.

Today, businesses must address and prepare for security threats that are larger and more varied than ever before. With each technological advancement that allows innovative, effective business strategies, comes a security threat that is equally innovative and equally effective.

Any assessment of an office security system should begin with specific security needs and the impacts they will have on your business as a whole. You may need a facility secure enough for UL 2050 certification or you may simply need to ensure your employees safety before and after business hours. Regardless, here are ten important ways to improve your office security system.

Effective Communication: First and foremost is communicating information to and between employees. Many companies use email alerts to warn employees about would-be hackers. Likewise, be certain that employees remain updated on procedures and potential visitors. By letting employees know what and who to expect, they are better equipped to recognize suspicious activities or persons. In order to avoid complacency, try to use a single source of information that becomes part of an employee's routine. This could be a daily server broadcast or informational email. Whatever the source, it should be brief, practical, and include positive news as well as precautionary information.
Key Control: Assign the responsibility of locking or unlocking the office to as few individuals as possible. Eliminating the "first in, last out" method ensures that all access points are secured regularly. Create a procedure for those responsible for opening or closing your office that includes checking washrooms, closets, or anywhere someone might be able to hide. Hard keys should be numbered and assigned to specific individuals. employees assigned keys should periodically be asked to produce their keys to verify a master registry.
Site-Wide Policies: Something as simple as a "clean-desk" policy, training all employees to clear and secure their desks of valuable equipment or information before leaving for the day, drastically reduces potential theft. Mandating employees to have and display ID badges or access cards at all times increases the visibility of any unauthorized persons. Don't include job titles on any directory accessible to the general public as many criminals will use a name and title to justify their presence in restricted areas. Finally, make sure to maintain a "chain of possession." Any deliveries should be handed to a person and not left in a hallway or on an unattended desk.
Small Investments: All computers, laptops especially, should be secured with cable or plate locks to avoid "walk-off." Docking stations are relatively inexpensive ways to protect electronic devices when not in use. Pay close attention to high-risk targets like state-of-the-art equipment, postage meters, check writers, and company checkbooks. Improve doors by installing peepholes and keypads. Utilize two locked doors surrounding a small lobby or foyer. This type of "airlock" system eliminates piggybacking, a method criminals use to gain entry by catching a locked door as an employee exits.
Anti-Virus: While it is extremely unusual for a company not to have anti-virus software in this day and age, it is impossible to overstate its importance. High-end protection from viruses, spyware, malware, Trojans, and worms is one of the shrewdest investments an office can make. This includes firewall protection for your main system, security for your wireless Internet routers, and securing backups of all data, preferably off-site, for recovery in the event of a cyber attack.
Lights, Camera, Layout: Be aware of "dark spots" both inside and outside your office. Install adequate lighting in parking lots and outdoor break areas for employee safety, eliminate blind areas in stairwells, and arrange hallways and offices to remove any places where someone could conceal himself or stolen items. Short of CCTV, discussed below, it may be worthwhile to install recording security cameras at key areas like loading bays and access points like after-hours entrances.
Reception: Among the more complete solutions is to employ one or more full time receptionists. From a security system standpoint, this person allows for close inspection of credentials and identification and funnels security information through a single point. If it is impractical to have each visitor greeted and checked-in by a person, consider a dedicated phone line in your lobby or at your front door that goes only to a designated receiver. This method, combined with a sign-in station, can be a cost effective strategy for many offices.
Access Control System: One of the difficulties with hard keys is reacting when one is lost or stolen. With an access control system, businesses can issue access cards to employees while maintaining complete control over what each card will open. Moreover, access control systems minimize risk by allowing only enough access to complete a job. Thus, employees, contractors, or visitors can be restricted by area or time of day. Two things are critical with access control systems. First, allow "total access" to as few individuals as possible. This will clarify who is authorized to be where and thereby enable employees to recognize and report infractions. Second, monitor the use of each card. By reviewing card activity, you can determine who needs access to where and at which times, streamlining routines and defining access.
Closed Circuit Television (CCTV): For higher end security system needs, CCTV is one of the most effective methods of protection. Through limited broadcast, each camera can be monitored through a single interface. Depending on the specifics of the system, footage can be monitored by an employee or digitally recorded. Place cameras strategically to achieve the maximum coverage for a single unit. Likewise, cameras or corresponding signs that are visible to guests and employees can be effective deterrents and create a safe environment. It is important to remember, however, that as effective as CCTV is, it should be used efficiently and in tandem with other measures. For example, installing a unit in an entry with an "airlock" door system allows extended footage of a person(s) entering or exiting the premises.
Proper Training: Above all, make sure each of your employees is adequately trained to use security equipment and follow procedures. Investment and planning in the best security system will have little impact if individuals are unclear on precaution and intervention. This may be as simple as making sure employees keep doors and windows secure or protect their personal belongings, but often entails specific training on identifying and responding to suspicious items, persons, or events.

About this Article This article was commissioned by Security Integrations and written by Braden Russom to offer businesses some key steps to take towards a more secure workplace. Security integrations is an upstate NY Security firm specializing in complete security systems for government, manufacturing, and other industries where the highest security is necessary. One of a few companies in New York State to hold UL 2050 Certification, they serve New York (NY), Pennsylvania (PA), Massachussetts (MA) and New Jersey (NJ). Their website is http://www.securityintegrations.com

Resumes provide employers with plenty of personal information, sometimes too much. Many job applicants include vital information like Social Security numbers, driver's license numbers and dates of birth. This makes it crucial for employers to take security measures to protect the identities and personal information of both job applicants and employees. Some companies do nothing more than store resumes in cardboard boxes in unlocked storage closets.

Exposing Personal Information When Resume Writing

If you have applied for a job in the past 10 years, you may be at risk for identity theft, especially if you provided any sensitive personal information. Even if you didn't get the job, many companies keep executive resumes on file where any employee can access the information. Even worse, with today's online applications, e-mailed resumes, and electronic storage, identity thieves don't even have to work for a company to get this information. A corrupt recruiter or computer hacker can hijack resumes electronically. Criminal rings have even posted fake job listings to capture the sensitive data of applicants.

Many companies don't take the necessary safeguards to protect the information provided on resumes, and most companies don't inform applicants about security practices before requesting resumes. The down economy has worked to make this situation even worse, as desperate job hunters hand over information they normally wouldn't in hopes of getting a job.

The good news is that employers now recognize the importance of protecting this sensitive data. Security breaches lead to lawsuits. In addition, job applicants can also take their own security safeguards when writing resumes.

Unsecured Data Stolen from Executive Resumes

Even employment agencies with applicant tracking systems (ATS) designed to protect job applications and executive resumes often leave data open to theft to anyone walking by an unsecured computer or due to stolen laptops or lost, stolen, or misplaced USB drives. Small companies are less likely to have security measures in place while large companies are more likely to mishandle sensitive data, leading to the capture of the Social Security numbers and other personal information of applicants and employees.

Is ATS at Fault?

Forrester Research found in a recent study that more than 62 percent of the 200 the companies surveyed experienced a security breach due to insecure ATS software in the previous 12 months. Most of these breaches were due to a SQL injection attack. A computer hacker can use a Web site's online form to get control of a database in a SQL injection attack. While there are security measures to block these attacks, hackers are never far behind in finding new ways to get into these databases.

Or Is It a Handling Problem?

Technology is definitely part of the problem, but even the world's best software won't protect the sensitive data of job applicants if employers are reckless in handling this information. With a protocol that is too relaxed, any employee within a company can gain access to executive resumes simply by looking on the right computer or getting into the right database to learn the social security number, driver's license number, date of birth, and other vital data of applicants and employees.

What's the Solution?

Companies need to realize what exactly the confidential data on executive resumes is, where it goes and how it gets there (e-mailed, regular mail, interoffice delivery, and so on), and how to prevent this information from getting to the wrong people and/or leaving the company altogether. Some big-name software companies like Symantec now have the technology to offer solutions to the problem of mishandled data provided by applicants through resume writing. This software searches the entire network of a company looking for sensitive data, including on USB drives attached to computers. It can block this data from leaving the company's network and will identify potential hackers or negligent employees. However, this advanced software will only help if the company a job seeker applies to have this software and uses it as recommended.

Unlike online ecommerce websites that have strict security practices that make buying online safe for consumers who want to purchase by credit card, few employers take precautions to protect the sensitive data contained on executive resumes or employee records. When undertaking the process of resume writing, the best advice is to keep your personal information private by not including it on executive resumes.

Matthew Rothenberg is editor-in-chief for TheLadders.com, a company offering resume writing advice, especially for executive resumes.

Change IP to protect yourself on the internet is becoming an often repeated mantra. This article will show why it is even more important when traveling on business.

Our day to day lives including our business lives are so intertwined with the internet. Our identity on the internet is IP address of our computing device. We transact confidential personal, financial and business information all the time. With identity theft rising and our privacy and vital personal and business information becoming harder to protect from hackers and thieves online, we have to use all the means at our disposal to be secure online. There are additional challenges we face when we travel on business. By changing our IP address rapidly we can alleviate many of these threats and increase our security online.

Our internet connections, networks and Wifi wireless connection are inherently vulnerable. The situation becomes even more insecure when traveling on business. In order to stay in touch and conduct business you tend to use internet from your hotel room, conference room, public library or even a book store. The internet connections invariably through wifi or other unsecured networks. Any information you send over the internet in such situations can be intercepted. Your IP address is visible on the net and you are vulnerable to all kinds of unscrupulous and unsavory characters on the internet, ready to get their hand on IP address and other sensitive personal and business information.

As a business you have a legal requirement to safeguard sensitive personal and financial information of your customers and clients. Any breach of this can have severe criminal and financial consequences for the business. It is vital for the business to transact business and use such sensitive information over the internet only under most secure internet connections and Data encryption. Therefore guarding your IP is going to prevent hackers and other cyber criminals to breach the security of your computer.

While traveling abroad on business the problems are further compounded. You may be subjected to spying or monitoring your activity on the net. You could be blocked to access sites that are important to you and certainly your sensitive business information is vulnerable. Not being able to communicate and securely transact your business over the internet will definitely impact your performance and will add to your stress from travel and separation from family.

All These issues can be tackled if you change IP frequently by using multiple proxy servers at different locations and with different IP addresses. As a result your IP address is only visible to proxy servers not to the sites you visit. They see only the IP address of one of the servers at a time. There are many software programs called IP Changers that will rotate your connection through these proxy servers. Thus your IP address is effectively hidden to the world and thus blocking the hackers and online identity thieves as well as the foreign governments that try to spy or monitor your internet activity. In short, if you frequently Change IP you will get a measure of protection and security from being targeted and monitored by the foreign governments while traveling abroad and from the cyber criminals every where. It facilitates a more secure communication with your home office and clients and reduces the stress associated with business travel.

Now that you have learned how vital it is to protect yourself on the internet when traveling on business Change IP go now to http://www.change-ip-proxy.com

"The world is changing around us at an incredible pace due to remarkable technological change. This process can either overwhelm us, or make our lives better and our country stronger. What we can't do is pretend it is not happening." Prime Minister Tony Blair on commissioning the Transformational Government strategy.

To survive in this era of accelerating technological change, and to implement the edicts of the Transformational Government strategy, every public sector organisation will have to undergo fundamental technology-enabled change. This article provides a five-point check list for senior managers responsible for developing and delivering a successful Transformational Government change programme.

Ensuring that an organisation can satisfy the necessary information security requirements to enable it to be a component part of joined-up government, requires consideration that will inform budget and strategy, reshape organisational process and procedures, and redefine culture and working practices.

As a guide to those responsible for their organisation's information assurance and implementation of the Transformation Government agenda, this article provides a five-point check list to provide a basis for ICT-enabled organisational change.

Point 1 - Be fully appraised of current Government policy and strategy

Current UK Government policy and strategy is leading public service organisations through a significant period of change to achieve efficiency gains through streamlined citizen-centric, ICT-enabled, secure shared services.

Understanding current UK Government policy and strategy will assist you in:

Understanding measures you should take to deliver ICT enabled business change

Identifying expected business benefits

Identifying costs

Identifying scope of change

Identifying risks.

A list of the key sources of UK Government policy and strategy can be found in the thought leadership section of the VEGA website.

Point 2 - Ensure board level buy-in and understanding

A board level information assurance champion should be appointed to act as Senior Information Risk Owner (SIRO) for your organisation. This recommendation meets mandatory requirement 3 from the HMG Security Policy Framework (SPF) V1.0.

Your SIRO should agree to terms of reference which clearly define their role and responsibilities with regard to the information assurance of your organisation. Additionally, your SIRO should meet regularly with your organisation's security staff to discuss security policy and discuss a risk managed approach to information assurance. This ensures that information assurance and governance is a recognised board level responsibility which includes the protection and utilisation of all of your organisation's assets (information, personnel and physical).

Point 3 - Manage your stakeholders

Obtaining stakeholder buy-in to your organisation's information assurance strategy is critical to its success. Good stakeholder management creates awareness, provides the framework for supporting delivery and assists you secure budget where resource is scarce and competition is fierce.

A communications plan should therefore be developed to identify:

Desired buy-in outcomes

Audience of stakeholders (internal and external)

How to best engage stakeholders

How messages are to be communicated

Ownership of responsibility for maintaining communications

Frequency of communications.

Stakeholders should subsequently be plotted on a stakeholder map prioritised by power and interest. This will assist you in grouping them. Your communications strategy can then focus on key stakeholders whilst ensuring other stakeholders are engaged to the level required.

Failure to gain buy-in from key stakeholders has sealed the fate of many information assurance projects.

Point 4 - Involve the experts

When pursuing an information assurance strategy, you should seek advice from recognised Government and industry experts. These organisations have faced the same challenges as you and have valuable information and knowledge to share. This will save you time and money, whilst ensuring that the information assurance solutions you plan to implement are fit for purpose and proven across Government.

The organisations you may wish to contact include:

Office Government and Commerce Buying Solutions (OGCBS)

Communications-Electronics Security Group (CESG)

Government Computer Emergency Response Team (GOVCERT)

Central Sponsor for Information Assurance (CSIA)

Centre for the Protection of National Infrastructure (CPNI)

Warning, Advice and Reporting Point (WARP)

Information Commissioners Office (ICO)

Public sector organisations similar to your own

Consultancies with expertise in enabling Transformational Government change programmes

Point 5 - Achieving and evidencing compliance

Recent data losses across Government have placed an increased focus on information assurance. Public sector organisations must comply with centrally released security policy (e.g. HMG SPF) which defines mandatory minimum security measures.

To connect to a secure network, your organisation must comply with mandatory security controls. Depending on the security impact level of the secure network, your organisation will either have to complete a Code of Connection (CoCo) or produce a Risk Management and Accreditation Document Set (RMADS).

To answer the requirements of a CoCo you should treat each control like an exam question (answer the question with relevant evidence), and sell your strengths, if you comply with standards such as ISO/IEC27001:2005 or PCI DSS.

The completion of a RMADS is much more involved. Unless your organisation has significant experience, you should involve a CESG Listed Advisor from the CESG Listed Advisor Scheme (CLAS).

Connection to a secure network will only be permitted once the relevant governing security authority is content that your organisation meets the information assurance requirements of the network you wish to connect to. This ensures that the risk your organisation poses to other organisations on the network is managed.

Once your organisation's connection is authorised, you should expect regular audits which ensure the level of information assurance your organisation has achieved is maintained and improved.

These five points will hopefully act as an aide memoiré when your organisation starts to consider its connection to a secure government network. The most important thing to understand is that information security is not just about technology; it is the catalyst for organisational change that encompasses people, training, policy and procedures.

VEGA is a member of the CESG Listed Advisor Scheme (CLAS), as well as a registered CHECK service provider. VEGA has an established track record of working across Government providing strategic advice and technological expertise to help secure public sector information through the implementation and use of secure Government networks.

By Damian Schogger, Communications Manager, VEGA

About VEGA VEGA is a professional services company that delivers technology-enabled change in complex environments, often where security and resilience are key. We have an in-depth knowledge and experience to support organisaitions planning to gain connnection to secure government networks, gained from working on several major UK government projects in this area.

Please contact us for further information. Connecting to Secure Government Networks

VEGA