Let’s Talk About Information Security

In this age of data breaches, fraud, hackers, (and yes, maybe even competitors willing to steal your book of business), the term “information security” is being heard more and more. Indeed, with so many criminals out there ready to steal your information—if not your profits—businesses need to protect themselves.

But What Does Information Security Really Mean?
The definition of information security, sometimes called InfoSec, is “the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of information.”

That being said, what exactly are the key concerns and accompanying processes and measures that will ensure your company’s information security?

Key Concerns:
• DATA PRIVACY
Businesses and individuals have a right to expect data privacy. The collection and dissemination of data involves the public’s expectation of privacy and the legal issues surrounding it.

To be considered is the information shared when users visit websites— how that information is used, who that information is shared with, and if that information is used to track them.

Another consideration is a business’ right to privacy of their financial data and other confidential files, such as legal, medical, or other information. They need to protect their data from those with malicious intent.

What Does the Law Say About Data Privacy?
Data privacy is not highly legislated or regulated in the U.S. Access to private data contained in, for example, third-party credit reports may be sought when seeking employment or medical care, or when making credit purchases like automobiles or housing. Although partial regulations exist, there’s no all-encompassing law regulating the acquisition, storage, or use of personal data in the U.S. But any existing regulations are difficult to enforce—all the more reason to take steps to protect your data.

• DATA STORAGE
Data storage is of the utmost importance when it comes to information security. Choices include DVDs, compact disks, external hard drives, flash drives, in-house servers, magnetic tape backup, and web-based (cloud) backup.

DVDs, compact disks, external hard drives, and flash drives are easy to use for storage, but not the most secure. Electronic media doesn’t last forever, and can be lost, damaged, or stolen.

In-house servers take up space and require much technical support. But they’re very secure because they generally only connect to the computers that back up to them.

Magnetic tape backup is outdated and the amount of tapes you must buy to back up a business can be overwhelming, but it’s secure because it’s not hooked up to the Internet and not susceptible to cybercriminals. Like any electronic media though, they’re vulnerable to fire, flood, and other physical damage.

Cloud-based backup services are now very popular and are some of the most secure and convenient methods of storage. Files can be sent over the Internet to a secure server for a monthly fee. But choose your cloud- based backup service carefully, as all are not highly secured. For very sensitive files, encrypted cloud storage is probably the most secure. (Encryption is the process of converting data into code to prevent unauthorized access.)

We recommend varying your storage and having more than one storage device/service.
Information Security Management: What Do Businesses Need to Do?
According to McAfee (and other industry experts), the following tips will protect you, your computer(s), and your business:

1. Invest in trusted, multi-faceted security software—comprehensive, multi-faceted PC security software that protects you from viruses, spyware, adware, hackers, unwanted emails, phishing scams, and identity theft.
2. Always access the Internet from behind a firewall—it adds a security layer between your PC and the Internet, and helps stop hackers from stealing your identity, destroying files, or using your PC to attack others.
3. Use a PC you know is secure—hackers can easily retrieve sensitive data sent over unsecured Internet connections. When sending sensitive information or making online transactions, use a PC you know is secure and remember there are many flavors of security. Some computers have bare minimum; others have comprehensive security.
4. Watch out for phishing scams—fraudulent emails and websites, masquerading as legitimate businesses, which lure unsuspecting consumers into revealing private account or login information. Even with PC security, you might visit malicious websites unknowingly. Legitimate businesses never ask you to update your personal or business information via email. Verify Web addresses before submitting such information.
5. Secure your wireless network—if you access the Internet from a Wi-Fi network you’re at risk. Wireless network’s radio waves travel through walls, and hackers with antennas can attack you from miles away to steal your information and use your wireless network for their own communication. Use additional Wi-Fi security protection.
6. Never install potentially unwanted programs (PUPs) like spyware or adware—many seemingly harmless free programs are downloaded via the Internet, specifically designed to be malicious and monitor your keystrokes, track Internet logins, transmit confidential information, or redirect browsers to fake sites. Some can be installed on your machine by clicking on an Internet ad’s link. Security software stops installment of these programs. Never install programs unless you’re familiar with the website and program and have read the end-user license agreement.
7. Monitor your business credit reports—check your credit history once a year. This is a good way to find out if someone is using your finance information without your knowledge.
8. Make regular backups of critical data—keep a copy of important files.

For businesses, an outsourced IT provider such as Tech Solutions can ensure your information security with their experienced staff of expert technicians. Many companies find it difficult to find the time or expertise within their own staff to keep up with the demands of information security’s constantly changing technology.

Tech Solutions can handle all your workstations, servers, network, and other devices. Our goal is to work hard to prevent problems from occurring, but when problems arise, our expert IT Support team provides a quick response.

Contact Tech Solutions at (888) 225-2672 or info@tsboston.com. Visit our website at www.tsboston.com.

Tech Tip: Wifi Printers – Leave ‘Em at Home

Many people have printers at home that work with their Wifi. These are usually consumer-grade devices, and really aren’t meant for the workplace. Sure, it seems easy enough to set up, just punch in your Wifi info, and you’re off to the races.

However, these devices are not created with businesses in mind, they are usually not up to the task. Here are some issues that can arise:

  • The printer goes to sleep after 30 minutes—someone will have to “wake up” the printer every time it goes to sleep, and sometimes it doesn’t reconnect to the Wifi.
  • The printer changes it’s number (IP Address) and now no one can print to it. In which case you either have to reprogram the printer, the workstations, or most likely both.
  • The printer disconnects from the Wifi for whatever reason. Again, no printing.
  • Slow printing—Wifi will never be as fast as the fastest hardwire.
  • Some printers can only do Wifi or Wired, not both. So if you plan on connecting your printer to Wifi, you may not be able to plug a network or USB cord into it to use it direct.

Remember, wired anything is always better. What’s more reliable, a home phone line or your cell phone? So please, leave the Wifi printers at home.

Tech Solutions offers comprehensive IT Service and support for businesses, including onsite support, technology consulting, remote monitoring, maintenance, unlimited Help Desk support, and 24/7 emergency support. Take advantage of our FREE Network Health Assessment for new clients. Call (888) 225-2672 or email info@tsboston.com. www.tsboston.com

Beware of Internet Scams During Tax Season

Beware of Internet Scams During Tax Season

We thought it would be appropriate to remind our readers of the possibility of dangerous frauds and scams that occur over the Internet during tax season. You can never be too careful with regard to your home and business at this time of year.

According to the IRS, “phishing” is the top computer scam for tax year 2015. Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication (Wikipedia).

Tax scam victims can find themselves in trouble with the IRS for not filing a proper return after scammers have filed fraudulent returns with stolen personal information. The IRS warns taxpayers to watch out for fake emails or websites that can steal taxpayers’ personal information. “The IRS won’t send you an email about a bill or refund out of the blue,” said IRS Commissioner John Koskinen.

According to CNN Money, if you get an unexpected email claiming to be from the IRS or a related agency, such as the federal tax payment system, do not reply to the email. Also, don’t open any attachments or click on any links. Doing so can allow tax scammers access to your personal information or download viruses or malicious code to your computer.

The IRS warns of a phony e-mail claiming to come from the IRS that has been circulating in large numbers. The subject line of the e-mail often states that the e-mail is a notice of underreported income. The e-mail may contain an attachment or a link to a bogus Web page directing taxpayers to their “tax statement.” In either case, when the recipient opens the attachment or clicks on the link, they download a Trojan horse-type of virus to their computers.

Malicious code (also known as malware), of which the Trojan horse is but one example, can take over the victim’s computer hard drive, giving someone remote access to the computer, or it could look for passwords and other information and send them to the scammer. The scammer will then use whatever information they gather to commit identity theft, gain access to bank accounts and more.

Lastly, the IRS warns about Return Preparer Fraud. Believe it or not, the IRS says “there are some dishonest preparers who set up shop each filing season to perpetrate refund fraud, identity theft and other scams that hurt taxpayers.” They recommend shopping for a tax professional who has a history in the community.

If you receive a suspicious email from someone claiming to be from the IRS, report it immediately to Phishing@irs.gov.

Tech Solutions offers comprehensive IT Service and support for businesses, including onsite support, technology consulting, remote monitoring, maintenance, unlimited Help Desk support, and 24/7 emergency support. Take advantage of our FREE 2-hour service for new clients. Call (888) 225-2672 or email info@tsboston.com. www.tsboston.com

Protect Your Computer from Viruses and Other Security Hazards

Every business owner knows that viruses and spyware can destroy data and software, which can be expensive if not impossible to replace. Not to mention company downtime. Believe it or not such a catastrophe can be easily—and usually inexpensively—prevented by installing and maintaining security software.

Viruses, spyware, or other potentially unwanted software can try to install themselves on your computer any time you connect to the Internet. The worst culprits are music, video, game, and art files. But any software can infect your computer when you use a CD, DVD, flash drive, or other removable media.

Some Common Computer Security Terms You Should Know

Antispam: The prevention of unsolicited electronic mail or text messages that are simultaneously sent to a large number of e-mail addresses or mobile phones.

Firewall: A computer system that isolates another computer from the Internet in order to prevent unauthorized access.

Malware: Software intended to damage a computer, mobile device, computer system, or computer network, or to take partial control over its operation.

Phishing: To try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one.

Spyware: Software that is installed surreptitiously and gathers information about an Internet user’s browsing habits, intercepts the user’s personal data, etc., transmitting this information to a third party.

Windows Security Patching: Windows Update is a service offered by Microsoft, which provides updates for Windows components. The service provides different kinds of updates. Security updates or critical updates protect against vulnerabilities to malware and security exploits. Microsoft routinely releases security updates on the second Tuesday of each month (Patch Tuesday), but can provide them whenever a new update is urgently required to prevent a newly discovered or prevalent exploit targeting Windows users.

System administrators can configure Windows Update to install critical updates automatically so long as the computer has an Internet connection, without the user needing to install them manually, or even be aware that an update is required.

So What Is the Best Security Software Out There?

At this time we recommend two programs, each with their own merit:

  • AVG—Antivirus and antivirus only, no firewall, parental controls, etc.
  • Malwarebytes—The paid version will prevent spyware from being installed. The free version can only clean after the damage is already done.

These recommendations may change in the future, as there are many other solutions that may become better over time.

You should also have patch management software so you can control what patches get installed, in order to increase the stability of your PC and not install every single patch out there.

When (not if) you install approved Internet security software, accompanied by professional software monitoring and management, you’ll be protecting your company and your employees from a multitude of sins. You’ll be ensuring against loss of data, company downtime, and huge expenditures to repair a preventable crisis. And the peace of mind you’ll gain is priceless!

Tech Solutions offers comprehensive IT Service and support for businesses, including onsite support, technology consulting, remote monitoring, maintenance, unlimited Help Desk support, and 24/7 emergency support. Take advantage of our FREE 2-hour service for new clients. Call (888)225-2672 or email info@tsboston.com. www.tsboston.com

 

Best Practices: Protect Your Company’s Computer Network

Happy New Year! Tech Solutions would like to wish you a happy, healthy, and PROSPEROUS 2016.

We’d like to help you start the New Year right, and what better way than a review of “Best Practices” with regard to your company’s computer network? Following are some of our most important recommendations for “proactive” rather than “crisis” computer network management.

Install and maintain security software.

You need to make sure that your computer is running software that protects against malicious software. Viruses, spyware, or other potentially unwanted software can try to install itself on your computer any time you connect to the Internet or infect your computer when you use a CD, DVD, or other removable media.

This can result in ruined files, lost company info, company downtime, and costs to repair or replace.

Therefore, the first best practice is to install approved antivirus and antispyware software, Windows security patching, and other recommended safeguards, accompanied by professional software monitoring and management.

Backup your data.

We can’t stress enough the importance of backing up your data—frequently. Situations beyond your control can occur and wreak havoc on your computer network: system crashes, hardware failures, or virus attacks, all of which result in downtime, increased costs, and possibly lost and irretrievable valuable company data.

We recommend backing up your files in multiple places using two different forms of media. There are fast and easy ways to backup these days, e.g., cloud storage, flash drives, and others; you hardly have to think about it at all once the backup of choice is implemented.

Practice the principle of least privilege (PoLP).

This computer security term means, quite simply, don’t log into a computer with “administrator rights” unless you must perform specific tasks. Many CEOs do not realize that running your computer as an administrator makes your network vulnerable to security risks, damage, lost data, and hacking. When you must log in as administrator there are secure procedures that you should follow.

Deploy encryption whenever it is necessary and available.

For highly sensitive data, such as financial, legal, or medical files, encryption is a process of encoding messages or information in such a way that only authorized parties can read it.

Maintain current software and updates.

Install software that alerts you when your current software applications are out of date or require security updates.

Additional best practices to safeguard security and privacy for your company data and your employees include:

• Never share passwords or passphrases.
• Do not click random links.
• Beware of email/attachments from unknowns or with strange subject lines.
• Do not download unfamiliar software off the Internet.
• Log out of or lock your computer when not in use.
• Restrict remote access.

Some of the above suggestions can affect how your computers interact with the network. You should consult with a provider like Tech Solutions before making any changes to avoid disrupting your network connection.

You may have already implemented some of these best practices. If so, good for you. If not, contact us and we’ll be happy to provide you with maximum protection and maintenance of your computer network.

Take advantage of our FREE 2-hour service for new clients. Now that’s starting the New Year on the right foot!

Tech Solutions offers comprehensive IT Service and support for businesses, including onsite support, technology consulting, remote monitoring, maintenance, unlimited Help Desk support, and 24/7 emergency support. Call (888)225-2672 or email info@tsboston.com. www.tsboston.com

Zoom zoom…

Bank Wire Fraud

We have been apprised about a very aggressive form of fraud going around now, and we just wanted to give you a heads up.

What will usually happen is an email from a Top Executive (John Smith) will go to the CFO/Accountant, etc and say something to the effect of:

“Dear Bill, We have been looking into acquiring another company in City/State/Country, and will be moving forward in acquiring this company in XXX. Please keep this strictly confidential. In the next few days, a Mr. William Tate (or whatever name they choose) will be contacting you regarding this. Please coordinate with him anything he will need for this acquisition, etc etc”

In a couple of days, you will probably get an email or even a phone call from “William”. He will probably tell you that he is reaching out to you, and that John Smith wanted him to reach out to you. He will then start to discuss a wire transfer. And in short, after this wire transfer is completed, you will never see the money again.

They are getting pretty sneaking and bold. Not to get too technical, however, the email may “look” like it’s from the President/Exec, however, hidden in every email is a ReplyTo that will basically route your reply to the scammer and not the Exec. Very sneaky, but effective.

Our recommendation is to have ANY and ALL bank transfer requests, or even unusual check requests or invoices, to have a verbal confirmation from the Executive themselves, no matter how desperate the email sounds. If we remain alert and vigilant, we can stop these frauds before they start.