Privoxy Proxy Authentication Information Disclosure Vulnerabilities

April 5th, 2013

news52

Privoxy มีช่องโหว่ information-disclosure
ทำให้ผู้โจมตีสามารถเข้าถึงข้อมูลสำคัญของผู้ใช้งานได้ ซึ่งอาจส่งผลให้เกิดการโจมตีอื่นๆจามมา
Privoxy 3.0.20 มีผลกระทบ และเวอร์ชั่นอื่นอาจมีผลกระทบด้วย

ที่มา : securityfocus

Topic Articles, News
May 17th, 2012

หากเว็บไซต์จำเป็นกับองค์กรคุณ Web Application Firewall
ก็สำคัญกับองค์กรคุณเช่นกัน

คุณคงไม่อยากให้เว็บไซต์ขององค์กรคุณเสียชื่อเสียง จากการโดนแฮ็คเว็บไซต์  รวมทั้งกลายเป็นแหล่งกระจายไวรัสอย่างไม่รู้ตัว  ปัจจุบันหลายองค์กรหันมาให้ความสำคัญในการทำธุรกิจออนไลน์บนเว็บไซต์ผ่านเว็บแอพพิเคชันมากขึ้น เนื่องจากผู้ใช้งานสามารถเชื่อมต่ออินเตอร์เน็ตได้ทุกที่ ทุกเวลา ดังนั้นการเข้าถึงบริการต่างๆ ก็สามารถทำได้สะดวกรวดเร็ว  เช่น การสั่งซื้อสิ้นค้า การทำธุรกรรมทางการเงิน ผ่านเว็บไซต์ เป็นต้น  แม้ว่าการให้บริการออนไลน์จะมาพร้อมความสะดวกรวดเร็วแต่ในขณะเดียวกันภัยคุกคามที่เกิดขึ้นบนโลกอินเตอร์เน็ตมีให้เห็นอยู่บ่อยครั้ง  จากเหตุการณ์ที่ธนาคารถูกโจรกรรมก็เพราะเป็นที่รับ-ฝากเงินจำนวนมาก จึงเสมือนกับข้อมูลสำคัญบนเว็บเซิฟเวอร์ขององค์กร ซึ่งปัจจุบันหลายองค์กรเริ่มตระหนัก และหันมาให้ความสำคัญเรื่องการป้องกันการโจมตีผ่านการใช้งานผ่านเว็บแอพพลิเคชันบนเว็บไซต์ จะเห็นได้จากการพัฒนาเว็บแอพพลิเคชันให้มีความปลอดภัย และรูปแบบการเลือกใช้งานเว็บแอพพลิเคชันไฟร์วอลล์

แม้ว่าการเลือกใช้งานเว็บแอพพลิเคชันไฟร์วอลล์อาจเป็นทางเลือกที่ดีในการป้องกันเว็บเซิฟเวอร์จากภัยคุกคาม แต่ด้วยการบริหารจัดการ  ประสิทธิภาพ และราคา  ยังถือได้ว่าเป็นปัญหาสำหรับองค์กรในการตัดสินใจเลือกใช้งานอยู่ไม่มากก็น้อย  จริงอยู่ที่การใช้งานเว็บแอพพลิเคชันไฟร์วอลล์สามารถป้องกันการโจมตีเว็บเซิฟเวอร์ได้  แต่สามารถป้องกันได้เพียงร้อยละ 90 สำหรับในส่วนที่เหลือนั้นองค์กรจำเป็นจะต้องมีผู้เชี่ยวชาญในเรื่องการปรับแต่งค่า และนโยบายความปลอดภัยเพื่อลดความผิดพลาดในการป้องกันเว็บแอพพลิเคชันที่อาจจะเกิดขึ้น   ซึ่งส่งผลให้ผู้ใช้งานไม่สามารถให้บริการบนเว็บไซต์ได้ ทั้งนี้การใช้งานเว็บแอพพลิเคชันไฟร์วอลล์เพื่อการป้องกันการโจมตีอาจไม่ใช่คำตอบทั้งหมด โดยองค์กรจะต้องมีการเฝ้าระวังและตรวจสอบภัยคุกคามที่เกิดขึ้นกับเว็บไซต์ หรือเว็บแอพพลิเคชันอยู่อย่างสม่ำเสมอ  เพื่อให้ทราบถึงชนิดของภัยคุกคาม  รูปแบบการโจมตี ระดับความรุนแรง และวิธีการรับมือ หากเกิดความเสียหายในกรณีที่ถูกโจมตีได้อย่างทันท่วงที

สำหรับโซลูชันการเลือกใช้งานเว็บแอพพลิเคชันไฟร์วอลล์นั้นมีหลากหลายรูปแบบทั้งนี้ขึ้นอยู่กับโครงสร้างการติดตั้งเว็บเซิฟเวอร์   ประสิทธิภาพในการส่งผ่านข้อมูล และงบประมาณในการลงทุน   องค์กรส่วนใหญ่ในประเทศไทยนิยมที่จะลงทุนในการซื้อ ติดตั้ง และบริหารจัดการอุปกรณ์ทางคอมพิวเตอร์ด้วยตนเอง ดังนั้นหลายองค์กรจึงเลือกใช้งานเว็บแอพพลิเคชันไฟร์วอลล์ในลักษณะที่เป็นฮาร์ดแวร์ ซึ่งมีข้อดีคือ ได้อุปกรณ์มาติดตั้งในองค์กรตนเอง รวมถึงได้ประสิทธิภาพด้านระบบเครือข่ายที่ดี  และไม่กระทบต่อการใช้งานเว็บไซต์ที่มีการเข้าใช้งานเป็นจำนวนมาก

อย่างไรก็ดี  เว็บแอพพลิเคชันไฟร์วอลล์ไม่ได้มีแบบที่เป็นฮาร์ดแวร์เพียงอย่างเดียว บริษัท ยูไนเต็ด อินฟอร์เมชั่น ไฮเวย์ จำกัด (UIH) ร่วมกับ บริษัท เอซิส ไอ-ซีเคียว จํากัด  ได้ร่วมกันให้บริการด้านความปลอดภัยทางคอมพิวเตอร์ด้วยการนำเว็บแอพพลิเคชันไฟร์วอลล์มาให้บริการในรูปแบบ Cloud Computing  ที่มีลักษณะการแชร์ทรัพยากรของอุปกรณ์เว็บแอพพลิเคชันไฟร์วอลล์บน Cloud Computing  ให้มีการใช้งานรวมกันได้อย่างประหยัด และมีประสิทธิภาพ  ซึ่งระบบคลาวด์เว็บแอพพลิเคชันไฟร์วอลล์มีข้อดีคือ องค์กรที่เลือกใช้งานไม่จำเป็นต้องมีการติดตั้งซอฟต์แวร์ หรือฮาร์ดแวร์ใดๆ เพียงแค่องค์กรทำการเปลี่ยนหมายเลขไอพี DNS (Domain Name Service) มาเป็นหมายเลขไอพีของผู้ให้บริการ  เพียงเท่านี้ ก็สามารถใช้บริการคลาวด์เว็บแอพพลิเคชันไฟร์วอลล์ เพื่อการป้องกันเว็บเซิฟเวอร์ได้ทันที  ทั้งนี้การใช้งานคลาวด์เว็บแอพพลิเคชันไฟร์วอลล์ยังช่วยลดต้นทุนให้กับองค์กรในการสั่งซื้ออุปกรณ์ติดตั้ง การฝึกอบรมผู้ดูแลระบบ  และที่สำคัญมีบริการเฝ้าระวัง  แจ้งเตือน รวมทั้งผลการวิเคราะห์ภัยคุกคามต่อเว็บคลาวด์เว็บแอพพลิเคชันเป็นภาษาไทย  พร้อมแนวทางการแก้ไขจากผู้เชี่ยวชาญตลอด 24 ชั่วโมง

 

Topic Articles
May 17th, 2012

ทำไมต้อง“Web Application Firewall”

ไม่ผิดนักหากจะบอกว่าในรอบ 10 ปีที่ผ่านมา เว็บไซต์คือสิ่งหนึ่งที่ทำให้มนุษย์เรานั้นใช้ชีวิตได้อย่างสะดวกสบายมากขึ้นสิ่งหนึ่ง เพราะไม่ว่าเราจะต้องการทำอะไรเว็บไซต์ก็สามารถที่จะตอบโจทย์เราไปได้เสียทุกอย่างเช่น หากเราต้องการไปยังสถานที่หนึ่งที่ไม่เคยไปมาก่อนและไม่มีคนที่เรารู้จักเคยไปมาก่อน เราก็สามารถไปสถานที่นั้นได้ด้วยตนเองโดยค้นหาเส้นทางไปยังเป้าหมายจากเว็บไซต์ท่องเที่ยวหรือเว็บไซต์อย่าง Google Map หรือหากเราต้องการนัดเพื่อนฝูงไปกินข้าวด้วยกันก็ไม่จำเป็นต้องโทรศัพท์หากันอีกต่อไป เราก็สามารถนัดเพื่อนๆผ่านเว็บไซต์ Social Network ต่างๆได้เลยเป็นต้น ซึ่งบ่งบอกถึงการที่เว็บไซต์เข้ามามีบทบาทในชีวิตประจำวันของคนเรามากขึ้นนั้นเอง

เว็บไซต์มีการวิวัฒนาการณ์อย่างต่อเนื่องในรอบ 10 ปีที่ผ่านมา จากแต่ก่อนในเว็บ1.0 (Web1.0) ที่จะมีแค่ไว้ใช้เพื่อนำข้อมูลที่ต้องการมาใส่ไว้ในเว็บเพจให้คนอื่นดูและไม่มีการตอบโต้กับผู้ใช้งานแต่อย่างใด การก้าวข้ามสู่โลกการใช้งานที่หลากหลายมากขึ้นของรูปแบบเว็บ2.0 (Web2.0) เช่น การจ่ายเงินค่าน้ำค่าไฟผ่านเว็บไซต์ การประชุมงานออนไลน์ผ่านเว็บไซต์ รวมไปถึงการสั่งซื้อสิ่งของเครื่องใช้ต่างๆผ่านเว็บไซต์ก็ทำได้เช่นกัน เพราะฉะนั้นการเข้าถึงได้ง่ายและการใช้งานที่ทำให้ชีวิตสะดวกสบายมากขึ้นนี่เองที่ทำให้ผู้คนส่วนใหญ่หันมาใช้งานเว็บไซต์เพื่อทำกิจวัตรประจำวันมากขึ้น แต่เหรียญนั้นมี 2 ด้าน ยิ่งมีคนใช้ประโยชน์จากเว็บมากขึ้นเท่าใด ก็ยิ่งมีผู้ไม่ประสงค์ดีต้องการหาผลประโยชน์จากคนที่ใช้เว็บมากขึ้นเท่านั้น ซึ่งกลุ่มผู้ไม่ประสงค์ดีเหล่านั้นก็คือ Hacker นั่นเอง

การโจมตีเว็บไซต์ต่างๆของ Hacker มักจะทำไปเพื่อการขโมยข้อมูลต่างๆของผู้ใช้งานในเว็บไซต์นั้นๆหรือไม่ก็เพื่อให้เว็บไซต์นั้นๆไม่สามารถให้บริการได้เป็นต้น ซึ่งโดยปกติแล้วผู้ใช้ทั่วไปมักจะใช้ username และ password เดียวกันกับทุกเว็บไซต์ที่ได้สมัครไว้ ไม่ว่าจะเว็บไซต์นั้นจะเก็บข้อมูลที่สำคัญหรือไม่สำคัญของผู้ใช้ก็ตาม ทำให้ Hacker อาจจะนำ username และ password จากการโจมตีเว็บไซต์ที่เก็บข้อมูลไม่สำคัญอะไรนักของผู้ใช้งาน ไปใช้หาข้อมูลบัตรเครดิตหรือข้อมูลทางการเงินที่สำคัญของผู้ใช้งานในเว็บไซต์อื่นก็เป็นได้ และการที่จะมาบังคับให้ผู้ใช้ทั่วไปสมัครเว็บไซต์ต่างๆโดยใช้ username และ password ไม่ซ้ำกันเลยก็คงเป็นไปได้ยาก ดังนั้นสิ่งที่สำคัญในการป้องกันเพื่อไม่ให้เกิดเหตุดังกล่าวได้ก็คือการป้องกันหรือตรวจจับการโจมตีเว็บไซต์แทนนั่นเอง

เทคโนโลยีการป้องกันในปัจจุบันไม่ว่าจะเป็น Firewall, Intrusion Detection System/Intrusion Prevention System (IDS/IPS) ก็ไม่สามารถป้องกันเหตุการณ์ภัยคุคามที่เกิดขึ้นกับเว็บไซต์ได้ เพราะการที่เราส่งข้อมูลไปที่เว็บไซต์ใดๆก็แล้วแต่ ก็เหมือนกับการที่เราส่งจดหมายไปยังเว็บไซต์นั้นโดย Firewall จะมีเห็นแค่ว่าเราส่งจดหมายนั้นไปได้ถูกที่ถูกทางหรือไม่ รวมทั้งการเข้าใช้งานเว็บไซต์ตามปกติและการโจมตีเว็บไซต์นั้นจะเป็นการใช้งานพอร์ต 80/TCP ( HTTP) และ 443/TCP(HTTPS) ซึ่งยากแก่ Firewall ธรรมดาที่จะบล็อคการใช้งานได้ ขณะเดียวกัน IDS/IPS ก็จะเห็นแค่ลักษณะของการส่งจดหมายเท่านั้น ซึ่งเทคโนโลยีทั้งสองดังกล่าวไม่สามารถรับรู้ได้เลยว่าในสิ่งที่อยู่ในจดหมายนั้นมีข้อความหรือสิ่งใดที่ประสงค์ร้ายต่อผู้รับหรือไม่ ดังนั้นจึงได้มีการพัฒนา Web Application Firewall (WAF) ขึ้น มาเพื่อตรวจสอบข้อมูลข้างในจดหมายดังกล่าว เปรียบเหมือนกับการที่เมื่อจดหมายถูกส่งมาถึงกล่องจดหมายหน้าบ้านแล้ว WAF ก็จะทำหน้าที่ส่งต่อ โดยการเปิดจดหมายเพื่อตรวจสอบข้อมูลภายใน เมื่อ WAF เห็นแล้วว่าข้อความภายในนั้นไม่มีจุดประสงค์ร้ายต่อผู้รับ (เว็บไซต์) ก็จะส่งจดหมายนั้นต่อไปยังผู้รับอีกทีหนึ่ง และอีกทั้งเรายังสามารถระบุหรือบอกกับ WAF ได้อีกด้วยว่าผู้รับสามารถอ่านจดหมายได้มากขนาดไหนในช่วงเวลาหนึ่ง เมื่อจดหมายเยอะถึงที่ได้ตั้งไว้ WAF ก็จะทำการถือไว้ให้ก่อนหรือไม่ก็สามารถทิ้งจดหมายที่เกินเข้ามา ทำให้ผู้รับสามารถอ่านจดหมายหรือทำงานได้อย่างต่อเนื่องอีกด้วย

การ WAF เข้ามาขวางหรือรับการใช้งานจากผู้ใช้งานเว็บไซต์แทนนั้น ทำให้เว็บไซต์สามารถทำงานได้อย่างสะดวกมากขึ้นและลดความกังวลของผู้ดูแลได้อย่างมาก เพราะจริงๆแล้วบริษัทส่วนใหญ่มักจะมีทีมที่ดูแลการเขียนเว็บไซต์และทีมที่ดูแลเซอร์เวอร์ของเว็บไซต์ทำหน้าที่แยกจากกัน หรือบางครั้งทีมที่พัฒนาเว็บไซต์ก็อาจจะเป็นบุคคลภายนอก (Outsource) ที่ถูกจ้างเข้ามาเพื่อพัฒนาเว็บไซต์นั้นๆ และเมื่อหมดสัญญาทางทีมผู้ดูแลเซอร์เวอร์ก็ต้องจัดการและดูแลเว็บไซต์ด้วยตัวเอง ซึ่งเมื่อเกิดเหตุการณ์โจมตีเกิดขึ้น ผู้ที่ต้องรับผิดชอบและแก้ไขเว็บไซต์กลับกลายเป็นผู้ดูแลระบบ ซึ่งอาจไม่ได้มีความเชี่ยวชาญทางด้านโปรแกรมมิ่งเว็บไซต์มากนัก ทำให้การป้องกันหรือแก้ไขเป็นไปได้อย่างยากลำบากหรือบางครั้งอาจจะไม่สามารถแก้ไขได้เลยทีเดียว ดังนั้นสิ่งที่เสียไปจะไม่ใช่แค่ข้อมูลของผู้ใช้งานภายในเว็บไซต์เท่านั้น แต่จะรวมถึงการเสียชื่อเสียงที่ทำผู้ใช้งานไม่มีความมั่นใจที่จะเข้ามาใช้งานเว็บไซต์จึงทำให้การใช้งานลดลง ซึ่งบางทีก็ยังต้องเสียค่าจ้างบุคคลภายนอกเพื่อให้เข้ามาแก้ไขซอร์ดโค้ด (Source code) ที่มีช่องโหว่ของการโจมตีอีกด้วย

แต่เหนือสิ่งอื่นใด การที่ WAF นั้นจะทำงานกรองหรือป้องกันเว็บไซต์จากการโจมตีของ Hacker ได้มากขนาดไหนนั้น ก็ขึ้นอยู่กับการปรับแต่งการป้องกันให้เข้ากับสภาพแวดล้อมนั้นๆด้วย รวมทั้งประสิทธิภาพของผู้ทำการปรับแต่งนั้นๆควรจะมีความสามารถหรือตระหนักการโจมตีในรูปแบบต่างๆที่ Hacker สามารถทำหรือคิดได้ เพื่อที่จะสามารถรู้เท่าทัน Hacker ดังคำกล่าวที่ว่า “รู้เขา รู้เรา รบร้อยครั้ง ชนะร้อยครั้ง” นั่นเอง

 

Topic Articles
November 28th, 2011

As the worldwide use of Facebook continues to grow, more and more scams are appearing on the popular social networking website. Using promos, “interesting” links and all other sorts of strategies to trap you, a grain of salt is always needed when dealing with things outside of what Facebook offers.

As more and more people continue to use Facebook both for personal and business purposes it seems to follow that all sorts of unscrupulous individuals and groups will find ways to exploit this popularity for their own illicit benefit.

In the same way people are phished through email, hackers and scammers use similar techniques to fool Facebook users into falling for their tricks. The combination of curiosity and trust is what hackers rely on to make users fill in contact details for non-existent promotions, visit suspicious websites, or download fake software, all through Facebook. While Facebook has instituted some additional security measures to counter this threat, the consensus is that it is a generally lukewarm, or even cursory response to the issue.

What makes it worse is that you aren’t usually the first victim – those links and whatnot appear on your News Feed courtesy of a contact who has fallen into the same trap. So always be wary of events or promos your contacts invite you to join.

The most important thing is to have both the right knowledge and software to prevent getting scammed not only on Facebook, but anywhere else on the Web. Facebook is just a new medium for scammers and hackers to steal information and data and they’ll do the same thing once the next big thing on the Web comes along.

If you want to know more about Facebook scams and how you can better protect yourself both through training and the right software solutions – please feel free to give us a call so we can help you set up a more secure system for your business that’s custom-built to meet your specific needs.

Published with permission from TechAdvisory.org. Source.

 

Topic Articles
November 28th, 2011

Managing an effective network security solution is a demanding challenge for organizations of any size. IT departments are increasingly burdened by the need to manage independent point solutions such as anti-virus, content filtering and intrusion prevention, in the face of increasingly sophisticated online security threats.

At the same time, business managers are concerned with keeping costs low and optimizing their infrastructure investment in an uncertain economic climate, as well as fulfilling various regulation requirements and ensuring business continuity through properly configured, managed and maintained security.

Many businesses are also hampered by a lack of allocated resources and the high cost of hiring full-time security experts.

These challenges demand comprehensive, affordable and hassle-free managed security services that provide enterprise-class protection to set up an equivalent in-house system at a fraction of the cost.

The Managed Security Service Advantage for Business

To address these challenges, SonicWall Inc., the leading provider of integrated security, productivity and mobility solutions, offer proactive managed security services for Managed Security Service Provider (MSSP) to enable your business to focus on its areas of core competence.

These outsourced security services provide your organization with:

  • Onsite and remote management of security services
  • 24/7 real-time monitoring, protection, escalation and response processes

Managed Security Service Providers (MSSPs) are trained to offer expert advice and affordable services related to network security management to organizations of all sizes. An MSSP can also handle system changes, modifications and upgrades.

Equipped to align your IT needs with your business objectives, the MSSP also brings specialized expertise in processes such as PCI compliance, human resources, finance and specific software applications relevant to your market sector.

Key features and benefits of SonicWall Managed Security Service

The SonicWall Managed Security Service enables your organization to gain access to leading IT infrastructure with no capital outlay and little operational expense, helping to attain rapid ROI.

The service reduces IT complexity and risks, improves operational efficiencies, employee productivity and complements your in-house IT skill sets. It provides:

1. Worry-free protection with access to security expertise and the latest technology (Next-Generation Firewall: NGFW). SonicWall network security experts help you define security policies that meet your business objectives and provide up-to-the minute protection against the latest threats.

Every NGFW solution starts with deep-packet-inspection firewall, providing a first level of defense for your network. Security modules for anti-virus, intrusion prevention, content filtering and SSL VPN add layers of protection to the NGFW under the single management console.

2. Pay- as- you-go, utility-based services
MSSP tailors service levels to suit your needs. This is based on the number of users supported, bandwidth supported with basic or advanced security, number of site-to-site VPN tunnels, frequency of reports on security incident, firewall, and network activities.

Avoid paying for more than you need with SLAs that incorporate policy and configuration changes, emergency changes and URL access controls. Depending on your unique business needs, you can add:

  • Per-case incident investigation
  • Firewall policy management
  • Anti-spam service
  • Bandwidth management service
  • Integrated and external 802.11n and 802.11a/b/g wireless access points
  • Licensing options for high-availability firewall hardware failover; encrypted traffic inspection; high-speed SSL VPN access to home or offices from anywhere; and client anti-virus protection

Comprehensive reports provide insight into attack and intrusion attempts and the cost and type of traffic being generated on a per-VPN basis. With granular understanding of network usage, you can control bandwidth and costs effortlessly. As your business requirements change, the MSSP will work with you to fine-tune your service levels and security policies.

3. Improved staff efficiency and productivity
The MSSP alleviates your need to add IT headcount, so you not only reduce internal staffing costs, but also free-up existing staff to focus on key activities. MSSPs are available 24/7 to address your IT problems, add new security services and proactively monitor network traffic to prevent downtime.

Topic Articles
November 9th, 2011

Over the past decade or so, the Web has simplified our hectic social and working lives to a staggering degree. The possibilities of the Web seem limitless, and even the process of arranging a dinner with a friend has been revolutionized. We can easily search for a great restaurant on review sites, find directions on Google Maps and can even make appointments with friends through social networking sites, and not make a phone call as we may have in the past.

In the past, Web has been developed from Web1.0, which is only used to present information to people but doesn’t allow user interaction. However, many Websites are now using Web2.0 to simplify processes including payments, meeting online or E-commerce. Though it has certainly made life simpler, it is still vulnerable to intrusions and exploitation from hackers.

Normally Web attack patterns are made by a hacker to steal user’s data or to try to interrupt the services on a Website. Problems can arise if the user opts for the same username and password for authentication on several Websites, so even if a Website keeps a user’s information secure, when another credential is hacked, the hacker can use the information found and apply it to other Websites for credit card or banking information. It’s hard to restrict users to different usernames and passwords on every site, but it is important that Websites are protected and can detect potential attacks.

Currently, high-tech devices such as Firewall, Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) cannot efficiently protect Websites from these threats. Just like sending a letter out to a Website, normally the Firewall will be visible only if the letter is sent to the legitimate destination. When a Website is accessed or attacked, it usually passes through port 80/TCP (HTTP) and 443/TCP (HTTPS), which makes it hard for a normal firewall to protect and block the usage of the Website. IDS/IPS has similar issues, as it is also only able to “send a letter”. However, both Firewall and IDS/IPS technologies have proven that they are not able to know if the letter contains an inappropriate message or malware attacks to the receiver (Web server) or not. That’s why Web Application Firewall (WAF) has been developed. It detects the information inside the letter, compares it to the letter sent out from the mailbox then opens the letter to check the information inside. When WAF has found there is no harmful information WAF will forward the letter to the Website securely. Additionally, WAF has the potential to help Websites manage these letters. When the amount of letters sent exceeds the limit, WAF has the ability to hold the letters or even discard them. This helps the receiver (Web server) to read the letters and to work on service processes more efficiently.

By blocking or receiving the workload from the user to Website, WAF can make Websites’ processes more comfortable and reduce the administrator’s concerns. Large companies have either a Web developer team, an independent Web server administrator team or they outsource someone to develop Websites as a one time job, but when the contract expires and attacks occur, the responsibility will turn to the system administrator to control, maintain and solve the problems themselves. If their knowledge of Web programming is limited, this can make protection and problem-solving hard and time-consuming. This costs not only the user’s data on the Website, but it will also cost the Website’s reputation in terms of confidentiality.

WAF works to protect and filter attacks from a hacker efficiently because it can be tuned to suit various Websites. Because WAF has the ability and awareness to identify attack patterns, it can also anticipate future threats and keep Website as secure as possible.

Topic Articles
August 29th, 2011

Email plays a big role in the way people do business. Whether you work from a fixed location at an office desk or from a mobile device on the go, the kind of email you use can define your level of productivity. Are you sure that the email system you are using is the right one for you?

Whether you work from an office or are productive while on the go, email most likely plays a big factor in the way you go about your business. Unbeknownst to many, some types of email systems have certain limitations that by extension can also limit the level of productivity of your business, and especially for people in the organization who must also work while out in the field.

One major issue for many people is synchronicity. Many people need their emails to be accessible on their mobile phones, PDAs, or other mobile devices, and they need them to be properly synchronized with their desktop workstations. The need to constantly update conversations and email threads from mobile devices to desktops with certain types of email can prove to be tedious and unproductive– and some email system types don’t include this ability at all.

Depending on the way you use your email, especially when on the go, having full access and full control of your account can define how productive you and others in your organization can be. Besides providing a much better degree of synchronization and integration with mobile devices, certain types of email systems also have features for sharing and collaboration features that allow you to set schedules and share files from your mailbox, as well as central storage for emails that allows you to access your account seamlessly with any mobile device, regardless of where you are located.

Of course, having a full-featured email system might not be best for everyone. The key is to know whether adapting a more bare-bones system is cost-effective for your business (especially in the long run). Sometimes the top of the line may be needed, and sometimes all you need is a bit of tweaking on your less fully featured system. Not sure which is best? Call us and we’ll be glad to sit down with you and assess what kind of email system is best suited for you and your business.

Published with permission from TechAdvisory.org. Source.
Topic Articles
August 23rd, 2011

Someone, somewhere could be talking about you or your company, anddepending on what’s being saidit can be either helpful or damaging to you or your business. This is of special concern in the online world, as the proliferation of websites and social media tools make it easy to share opinions with the world. In this article we point you to tools and online resources to help monitor and manage what’s being said about you or your businessand thereby build or defend your reputation.

Besides your own eyes and ears, there are plenty of toolsfor free or for a priceavailable to help you monitor your presence online. The simplest of these is your familiar search engines such as Google or Bing. By simply searching online, you can find where your name or your company’s name appears in various websites. With Google in particular, you can set up “alerts” which will email you when a specific word or term appears in their website index.

What words or terms should you use? Start with your name, or your company name, then try the name of your products and/or services, and maybe even the names of your employees, directors, and other stakeholders. It might also be helpful to search for the competition as well. As results come in you can refine your search by expanding or narrowing the scope of terms you would like to search or be alerted on. If you want to be able to search across all different search engines and not just one or two, you can use Monitor This.

Next you can use specialized website or social media monitoring tools to search only specific sites or services as opposed to the entire Internet. One example is Greplin, which allows you to search all of your accounts or accounts that you own. This is very helpful to be able to execute highly filtered searches on specific information in your Facebook, Twitter, or LinkedIn accounts, or your blog. Another option is Rollyo, which allows you to set up your own specialized search engines that cull content from public or open websites of your choosing.

Other more generalized tools include RSS feed readers—which allow you to consume news or information feeds from news sites or blogs. Examples include Newsgator.com, Bloglines.com, Google Reader or Pluck.com. Other generalized tools include those that monitor specific newsgroups or message boards like BoardReader.com, ForumFind.com, Big-Boards.com, BoardTracker.com, iVillage, Yahoo Message Boards, and MSN Money. Still others track changes to content of specific sites (Copernic Tracker, Website Watcher and WatchThatPage.com), as well as their domain information (DomainTools.com and BetterWhois.com).

The really interesting new services actually give you an explicit idea of the status of your reputationespecially if you are a relatively well known name or your business has an established brand. In this category are sites like Amplicate, which monitors general feelings or impressions about brands, businesses, or services; Klout, which tries to measure the influence of individuals based on their social interactions; and SendLove.to, which focuses on celebrities and media personalities.

There are literally dozens more tools you can use to monitor and manage your reputation online. To find out more, a great resource is here at the Duct Tape Marketing blog. If you have any additional suggestions, feel free to let us know!

Published with permission from TechAdvisory.org. Source.
Topic Articles
August 17th, 2011

For companies interested in trying out cloud-based services, email maybe something worth trying. Here’s a breakdown of two options from two industry giants that may be worth considering.

Google Apps
Google Apps is a service from Google that started in 2006, with the introduction of Gmail—a hosted email service, and which later incorporated other apps such as Google Calendar, Groups, Talk, Docs and Sites. Google Apps allow customers an independently customizable version of these Google products under their own domain name. The entry level option is free, but the package offered for Businesses is a paid service with an annual fee per user and additional storage space.

  1. Storage. Gmail, Google Apps’ email service starts with a sizable 7GB of free storage. Business users get 25GB. Bear in mind however that this storage space is shared with any data you have in other Google properties such as Picasa Web Album and Google Docs. Extra space can be bought however starting with USD $5 per year for an extra 20GB of storage. E-mail attachment sizes are limited to 25MB.
  2. Calendaring and Task Management. Gmail can be integrated with the overall excellent Google Calendar application. Google Calendar allows you to easily share personal calendars with colleagues, or create shared calendars used by groups of people (such as a calendar to track meeting room reservations, marketing events and others). Google Calendar also offers a built-in, but somewhat underpowered task management tool. Tasks can readily be added with due dates, but not readily shared or cannot be nested or linked with other tasks.
  3. Spam filtering, security and reliability. Gmail’s spam filtering features a community-driven system. Email tagged as spam by users help identifies similar messages as Spam for all other Gmail users. Generally the system works well, although some have complained that it can get over aggressive in its filters. In terms of security and reliabilityGmail has been criticized in the past with showing ads in its free Gmail service that display based on key words in the user’s messagespotentially violating their privacy. Its paid service offers however the option of disable these ads. Reliability is generally good with very few, but widely publicized disruptions in service.
  4. Usability. Gmail offers a host of unique usability enhancements that make it different from most other mail services. For one for a web app it loads really fast, as Google has been known to studiously optimize web page loading performance for their products. Another is that it offers a threaded view of messages by default. It also uses a starring/labeling system to tag and segregate messages instead of using folders. Another interesting enhancement done recently is the ability to sort messages by “importance” where it learns based on your usage over time what email messages it thinks you think are important.
  5. Mobile access. Gmail offers a version optimized for mobile devices, as well as support for a variety of devices for their native mail applications such as iOS and Android.

Overall Gmail is a solid mature choice if you are thinking of moving email to the cloud and are not afraid of being on the bleeding edge of cloud services and technology.

Microsoft Office 365
Microsoft Office 365, like Google Apps, offers a host of applications such as online versions of productivity tools which we all already know and use such as Word, Excel and PowerPoint. Most however work best when they are used in conjunction with your desktop-installed Office applications. Focusing on email, Office 365 offers a Hosted Exchange service, which transforms the mature, business-proven on-premise application to an on-demand service. Compared to Google Apps, it is quite newbeing introduced only last June this year, although its suite of products in an alternate form has been around for much earlier.

  1. Storage. Microsoft’s Hosted Exchange email service gives users 25GB of storage. Attachment file sizes are limited to 35MB. Additional storage can be purchased for $2.5 per GB per user per month.
  2. Calendaring and Task Management. Exchange integrates a mature feature set for personal productivity including calendaring, resource management, and task management. As an example tasks can be grouped, color coded and easily sorted. Emails can be converted as tasks and so on.
  3. Spam filtering, security and reliability. This is an area where perhaps Microsoft easily outshines Google with Exchange’s roots as an enterprise-class application. It offers spam protection, antivirus and others via Microsoft’s Forefore Online Protection for Exchange technology. It offers other features such as more full features user management, identity access management, mail archiving, etc. If you are in a highly regulated industry like financial services or healthcare these features may be essential for your business.
  4. Usability. While the web apps of Office 365 is not as fast loading or as slick as Google, it does offer familiarity. Modeled after their desktop brethren, or directly integrating with themthey offer a smoother migration experience for users specially if they have been weaned on Outlook.
  5. Mobile access. Like Gmail Microsoft made sure to support a variety of devices on launch, as well as integration with a variety of devicesspecially enterprise stalwarts like Blackberry mobile phones.

Overall Office 365 is a solid choice if you are thinking of moving email to the cloud but may be hesitant with changing the apps your users already know and use. Also if you are a business with strict policies related to security and compliancethis service may be something your auditors and IT people may be more comfortable with.

Interested in learning more? Can’t decide which to try? Let us know and find out how we can help get you the right balance between your existing IT systems and infrastructure and the cloud.

Published with permission from TechAdvisory.org. Source.
Topic Articles
August 15th, 2011

Smaller businesses usually face the difficulty of having their voices heard in the market today. While traditional marketing and advertising methods cost a lot more than many of these firms can afford, an effective alternative has arisen that is both efficient and cost-effective: marketing through social networking.

One of the most difficult challenges smaller businesses face is having a bigger presence in the market. While many of these companies offer good, quality services at much more affordable rates, they are many times overshadowed by larger firms that have bigger budgets to spend on marketing, advertising, and the like.

Things have changed, though, with the advent of social networking. What was once a simple, social, get-to-know-each-other tool between people on the internet has now evolved into a tool that small businesses can take advantage of in order to get their voices heard.

The gist of social networking for business is the simple concept of reaching potentially millions of people at a mere fraction of what is normally spent on advertising and traditional marketing. The wide reach of social media allows businesses to find their voices and showcase what they can do. The playing field then moves from an unfair balance of advertising budgets to a battle of service quality and value for money, as it should be and many smaller firms can compete effectively in this arena.

There are many ways to tap into the social networking phenomenon to boost your online presence and aid in your marketing. If you are interested in knowing more about this, please contact us and we’ll be glad to assist you in developing strategies that fit your specific requirements and needs.

Published with permission from TechAdvisory.org. Source.
Topic Articles
August 11th, 2011

Part of establishing a proper security cordon around your business data is having the right hardware like a router/firewall to get the job done, and done well. Resorting to cheap and basic equipment might cut it for simple personal or home use, but it’s not ideal for business applications.

In business, protecting important information and data is paramount. This is why it is recommended for any sort of business to invest in a security system that will prevent any cyber-attacks that might be launched against you.

Unfortunately, though, it’s lost on many that a security system is not just made up of one single thing software, better staff, better hardware, et cetera. A good and solid security system is composed of several factors working together to create a virtual chain that envelops your business and keeps it safe.

And one of the most underestimated links in this chain is the router/firewall. Many businesses are content using the most basic and cheapest option available on the market, without realizing that their security chain is only as strong as its weakest link. And if you make do with a cheap router/firewall, odds are you’ll get what you pay for not much.

While basic routers might work fine for homes or individual users, it is a much different scenario when it comes to business operations where basic just doesn’t cut it. Plus, there’s more at stake with business data, so why take the risk with cheap routers that lack the proper security features?

With viruses, malware, and the cyber thieves behind them continuing to grow and evolve, it is important that you understand what it takes to protect your system and your data – and invest in the best solution. Remember that it can take only one incident, one infiltration, to bring your whole business down.

We realize that every system is different and every business has its own specific needs, so if you want to know more about getting the right router/firewall for you, please don’t hesitate to contact us.

Published with permission from TechAdvisory.org. Source.
Topic Articles
August 8th, 2011

With so many smartphones out on the market these days, many would-be users find it difficult to choose which one works best for them. There is no right brand or model, only the right set of features for the intended use. Here are a few tips that might help confused buyers consider the right smartphone for them.

For many people these days, smartphones have become more of a necessity than a luxury. Being able to stay in touch through constant access to the internet and the thousands of mobile smartphone applications available has made smartphones an indispensable tool.

But with the boom in smartphone use, there also comes a conundrum for many: Which smartphone should I get? With so many choices out there, it’s becoming difficult and confusing to pick the right one. Here are a few quick and simple tips that you might find useful when canvassing the market:

1. Know what you want.
What do you need a smartphone for? Each handset has its own strengths and weaknesses. There are smartphones that integrate email and web browsing and put more focus on multimedia such as audio and video while there are other no-frills, no-nonsense models that trim features down to those that are the most basic and essential.

2. Consider your carrier.
Carriers are important because there are some smartphones that are only available with certain carriers, or carriers that limit certain features of a particular smartphone. You do have the option of getting an unlocked phone (meaning the device does not come with carrier requirements), but this has its own set of pros and cons that you have to weigh as well.

3. Get a feel for your choices.
Nothing beats actual experience, so visit local stores to get the physical feel of each phone. Is the keypad big (or small) enough for you? Is the device too thick or too thin? Do you like the user interface or is it too complicated for you? These are just some of the questions that you can answer once you get an idea of how it actually feels to use them yourself.

4. User feedback is important.
Talk not only to sales people but also to other people you know. Your friends and acquaintances have actual experience with various smartphones, so ask them what concerns and issues they have with their particular models.

If you have additional inquiries about how you can better use your smartphone for your business, please give us a call and we’ll be happy to assist you.

Published with permission from TechAdvisory.org. Source.
Topic Articles
August 1st, 2011

Check out these top ten reasons why you should consider switching to VoIP phones for your business. Voice-over-Internet Protocol (VoIP) is basically technology that allows you to make and receive calls over data networks. Instead of traditional phone services which channel analog signals such as the sound of your voice over copper wires, VoIP converts these sounds to digital form firstso that they can be sliced, diced, packaged, and routed over a digital network.

Because VoIP technology uses the same ideas behind data networking, and allows the use of the same networks used by computers, voice traffic can also be routed through the Internet as well. Suddenly you can now dramatically reduce the cost of voice communications, as well as achieve creative combinations of both services to create new applications for use.

With today’s advancements in technology, and the constant lowering of prices as technology achieves mass adoption, VoIP is now within easy reach for most businesseseven small ones. In fact, many have already made the switch to an all-VoIP infrastructure, using a combination of VoIP phones and VoIP communication systems.
Here are ten reasons why you may want to consider switching to VoIP for your phone and office communication systems:

  1. VoIP can allow you to dramatically reduce the cost of communications, especially for interstate or international communications, since everything can go through the Internet instead of having to go through expensive long distance toll charges.
  2. You can make and receive calls from multiple devicesfor instance, on a dedicated phone, your PC via a software-based phone, or even a mobile phone with VoIP capabilities.
  3. It’s easier to add extensions to your phone. You can provide a local number or extension for all your staff without additional costs or cabling.
  4. VoIP allows companies to maximize investments already made in their network infrastructure. The same network that handles the flow of data such web access and email can now accommodate voice as wellno need to add and maintain additional wires and devices.
  5. VoIP allows your employees to be more productive and efficient by giving them the ability to receive and make calls anywhere with a data connection.
  6. VoIP reduces the complexity associated with having to manage multiple networks and devices for communication. A company can potentially set up their office network so that each employee can use a single device such as a computer or a smart fixed or mobile phone to handle everything from email, chat, messages, faxes, and more.
  7. You can use VoIP as a tool for real-time collaboration along with video conferencing and screen sharing.
  8. You can potentially unify your communication channels, streamlining communications and information managementfor instance, marrying email with fax and voice in one inbox.
  9. You can employ presence technologies that come standard with VoIP phones and VoIP communication systems. This technology can tell colleagues about your presence or give you info on the status and whereabouts of your staff.
  10. You can employ intelligence into how your calls are handled, such as: providing automatic call routing based on the number, time of day, etc; providing an interactive voice response when a call comes in, such as voice prompts that guide callers; call reporting; and more.

VoIP is certainly a technology that has come of age. It’s cheap, ubiquitous, and easy to use. Interested? Contact us and we can help you make the switch to VoIP for your business today!

Published with permission from TechAdvisory.org. Source.
Topic Articles
July 29th, 2011

There is no doubt that the iPad has changed the computing market, specifically the tablet computing segment. With nearly 25 million sold so far, with 9.25 million of that just last quarter alone, more and more of these devices are being bought and used, making it just a matter of time before they start becoming a more common sight in the workplace. For many large companies this may already be happening. Citing numbers released by Apple recently, nearly 86 percent of Fortune 500 companies in the US report deploying or testing the iPad. Is your business thinking of doing the same? Read on to find out how you can use the iPad in your business.

The iPad for many is a revolutionary device in that it brings the full power and experience of computing into a form that is easy to hold, easy to transport, and easy to use. Manufactured by Apple, the device uses the same operating system as its earlier iPod Touch and iPhone devices. And just like its smaller brethren it does away with conventional input devices like the mouse or keyboard, instead requiring just the user’s fingers to touch, navigate, and interact with the operating system and installed applications.

Key to the success of the device has been the availability of thousands of applications from third-party software vendors – in fact, nearly a hundred thousand of them. These applications range in categories from entertainment, media, education, and even productivity and business. Using these productivity and business applications for the iPad, you can effectively use these devices in the workplace. Here are some specific work scenarios in which you may want to consider the iPad in your business operations:

For presentations. Because of its portability, the iPad makes a great device for showing and sharing presentations. Applications like Apple’s Keynote allow you to import and edit PowerPoint presentations. Accessories allow you to connect the device to a monitor or projector. If you’re thinking of doing virtual presentations, there are iPad apps that allow you to do that as wellletting you stream your presentation via the Internet.

For Communication and Collaboration. The iPad has built-in applications for emailing, plus more can be added to support audio and even video conferencing. If you want to manage meetings, the iPad’s built-in calendar and address book apps make it a great replacement for a planner, while its larger screen makes it easier to read and manage than your cellphone or smartphone. It has built-in support for third-party mail and calendar applications like Microsoft Exchange, Google Mail, and Calendar. You can also download and use additional applications to help you manage your tasks, monitor projects, share files, post and read stuff in your social networks, and much more.

For field assignments. The iPad’s light weight and portability make it a great companion while out on the road. You can install and configure VPN clients to securely connect to your office network when in the field, or use any of the business applications you use in the officeespecially cloud-based ones. Again, using the built-in productivity tools you can use the iPad to manage your itinerary while on assignment.

For travel. As a travel companion the iPad is unmatched, with a wide breadth of apps for managing flight and hotel booking information, expenses, and more. Use the built-in tools to manage your travel itinerary, and use the communication and collaboration tools to check on progress at the office. During lulls, breaks, or after office hours, easily shift modes and use the iPad as a media viewer or news reader for information and entertainment.

Industry-specific apps. There are dozens more business cases in which the iPad can be put to work. For example, as a store or point-of-sale display, or even a point-of-sale device. Companies are using it to replace manuals, and schools are using it to replace stacks of books.

There are many more ways the iPad can be used for business. Are you considering using it for your business as well? Do you know of other uses? Let us know!

Published with permission from TechAdvisory.org. Source.
Topic Articles
July 11th, 2011

While Microsoft’s Internet Explorer continues to enjoy a wide audience – businesses included a new flaw has been discovered in the browser. Called “cookiejacking”, the flaw allows hackers to access passwords and other personal information stored in any cookie from any website.

Despite a few flaws, Internet Explorer remains one of the most commonly used browsers in businesses today, making it a ripe target for hackers looking for security flaws to exploit.

One such flaw has been discovered recently by a security researcher in Italy. Dubbed “cookiejacking”, the flaw allows hackers to hijack a cookie of any website, thereby allowing them to gain access to passwords, credit card information, and various other data stored in the cookie. The flaw is found in any version of Internet Explorer in any version of Windows.

However, users must first drag and drop an item before the exploit can be activated. It might sound like a bit of a stretch, but hackers are known for their creativity, so expect that a seemingly appropriate situation will be presented in which you will find it perfectly normal to do a drag-and-drop action.

Microsoft responded to the threat by labeling it as “low risk”, citing the level of user interaction required for cookiejacking to occur. It did, however, encourage users to be more vigilant and alert, as well as to refrain from clicking suspicious links and visiting dubious websites.

Regardless of what platform or OS you use, there is always the constant threat from cyberattacks all it takes is one attack to break through and put important business data at risk. It is essential to always educate users on how to avoid being victimized by scams and hacks, and to have the right security software to ensure that your company’s information is safe and secure.

If you are interested in user training for security and / or better security protocols, please give us a call and we’ll be happy to draw up a custom security blueprint that’s tailor-made to meet your needs.

Published with permission from TechAdvisory.org. Source.
Topic Articles
July 4th, 2011

Keeping your IT system safe is more than just getting the right security software it also entails training your employees to become more responsible users and making them more aware of how to prevent becoming unwitting accomplices in letting malware into your system.

One of the things many people fail to realize is that securing business data from malware and other sorts of cyber-attacks doesn’t stop with implementing the right security software. These days, cyber-criminals also use all sorts of tricks to bait unsuspecting employees into being catalysts for malware entering your system.

Reports cite that as much as 60 percent of cyber and malware attacks on businesses are done through social engineering meaning that instead of a direct attack on your system, hackers are using ploys found on email and social networks to get people in your organization to unwittingly introduce malware into your IT infrastructure.

This is why it’s equally important to put emphasis on training your employees to recognize common cyber-attack strategies such as phishing, or how to use proper virus scanning software so any external or thumb drives they plug into their computers are malware-free. Remember, it only takes one mistake from a gullible employee to open the gates of your system to keyloggers and other sorts of malware and viruses.

Keeping your company’s IT system safe is an investment. Getting the right security protocols and then training your employees to not only use and respect these protocols but also be more aware about security risks goes a long way in keeping your data safe and your operations stable.

Published with permission from TechAdvisory.org. Source.
Topic Articles
June 30th, 2011

If you’re one of those people who believe that Macs are impervious to virus attacks, it may be time to rethink that belief: A new threat to Mac systems has been discovered. Called MacDefender, this malware deceives and bullies users to pay for fake anti-virus software.

It is a widely held belief that one of the reasons Macs are superior to other systems is because of their ‘invulnerability’ to viruses, malware, and similar threats. All well and good, except for the fact that a recent rogue anti-virus malware that specifically attack Mac OS X systems has been discovered.

So much for the ‘Mac = no virus’ myth.

Called the ‘MacDefender’ and also known as Mac Security and Mac Protector, this malware tricks users by having them think that their system is under attack. It begins when users visit a malicious website where the program automatically downloads itself to the computer. If you have the “Open safe files after downloading” option selected, it automatically installs itself onto the system. The original installation package is then also automatically deleted.

Next, a new menu item appears on the Mac OS X menubar. You’ll see a small orange shield that becomes red, which supposedly means that there are viruses in your system. You’ll then be prompted to “register” which involves giving out your credit card information – to a website to clean the virus. If you don’t, the malware will then direct your browser to porn sites to ‘encourage’ you to register and pay up.

To know more about how MacDefender works, check out this video.

While Macs are certainly targeted less than Windows systems, the threat of getting infected by viruses and malware is very real, especially if myths like Macs being impervious to viruses persist. To know more about protecting yourself from threats like these, please contact us so we can draw up a plan to keep your system safe and secure.

Published with permission from TechAdvisory.org. Source.
Topic Articles
June 28th, 2011

Want to pay for merchandise without whipping out a credit card? Google makes this possible with an electronic internet-based service called Google Wallet. You simply swipe your smartphone over a participating outlet’s cashier, and the transaction is complete.

Smartphone technology has grown by leaps and bounds these past few years, and having a smartphone these days is almost synonymous to being online all the time. Software giant Google has decided to tap into this phenomenon with a new service called “Google Wallet”, which enables users to make purchases and payments from their smartphones.

Partnering with Mastercard, Macy’s, Subway, American Eagle, Citibank, and Sprint, Google assures users that their e-wallet service is safe. The service requires that smartphones have a special chip that allows the user to simply “tap” or “swipe” the phone at participating stores to pay for merchandise or services. When you swipe your smartphone’s e-wallet, you also earn coupons and points for rewards.

The technology is also designed so that the user can turn the chip off when Google Wallet is not being used, making it safe from hackers. If the smartphone is lost, the data can also be wiped remotely.

A similar system to Google Wallet has been operational in some countries including Japan for some time now, but its use is limited to only certain areas and stores there.

While the concept of Google Wallet has great potential, there are still several limitations to the system as Google continues to look for more partners for the enterprise before its official launch, which is slated for within a month or two.

Published with permission from TechAdvisory.org. Source.
Topic Articles
June 20th, 2011

Identity theft is one of the most common cyber-crimes these days, as more and more people become dependent on the internet for many of their needs. Fortunately, following some simple tips can do wonders to help your online experience become much more secure.

Security experts are seeing a rise in the incidence of cyber-crime these days as more and more people use the web for their day-to-day needs. No one is spared both businesses and private individuals have become victims of opportunistic cyber-criminals who take advantage of loopholes in security systems and a lack of foresight and alertness on the part of users.

One common cyber-crime is identity theft, in which hackers steal and assume the identity and personal information of someone else. Under the guise of the usually unknowing victim, these unscrupulous individuals commit fraud or other crimes.

While there is no 100% guaranteed way to be safe from identity theft when online, there are a number of steps you can take to protect your identity and your data.

  1. Have the right security software. One of the keys to keeping your identity and data secure is having the proper security software in place to protect your system. Also make sure to update the software regularly.
  2. Know the modus operandi. It’s also important to be aware of the different scams and techniques hackers use, such as phishing, which involves duping the user into clicking a legitimate-looking (but fake) link that has the victim enter personal information or download a file that introduces malware into the system. The rule of thumb is that if an email is unsolicited, there is a high probability of it being a scam or phishing email.
  3. Be stingy with your personal information. Be sure to only fill out personal information on sites that are legitimate and that you trust, and even then, only if you absolutely need to. Check and double check things like the URL or the company’s tag line to know if a site is what it says it is and whether it is secure. Phishing sites also look legit but a careful look should be enough to tip you off that something’s amiss.
  4. Create unique passwords. The more complicated your passwords are, the harder they are to guess or hack. So don’t pick generic passwords like “password” or “12345″ or things like your birthday or wedding anniversary. The best passwords are alphanumeric – a combination of both letters and numbers.
  5. Secure wireless networks. It’s important to allow only the right people to have access to your wireless networks. Besides saving bandwidth, this also prevents leechers and hackers from using your connection to tap into your system or use it for unscrupulous activities.

To know more about keeping your identity and data secure, please give us a call and we’ll be happy to discuss a custom security solution that meets your specific needs.

Published with permission from TechAdvisory.org. Source.
Topic Articles
June 13th, 2011

One of the most dangerous yet common mistakes business owners make is assuming “it will never happen to me”. However, there are only two types of people: those who have had a data loss and those who are about to.

What would happen to your business if you had a major data loss? The possibility is definitely there; this can’t be denied. Data loss disasters come in many forms, ranging from simple human errors to “acts of God” that cannot be controlled. However, you can control how you prepare for them.

Here are eight questions you can ask yourself to test your disaster preparedness.

  1. First: Do we back up our data?
  2. It’s amazing how many small businesses do not have a backup system in place. It’s so easy to assume disaster won’t strike you. But data loss doesn’t always come from huge, cinema-worthy disasters. They can result from simple everyday errors – yet have huge disastrous results. Don’t let this be you.

  3. Do we back up all of our account information?
  4. Many small businesses tend to keep their accounts data on one employee’s PC, instead of the network which is on their backup schedule. But what if you lose your customer database? Be sure it’s included in the files to be backed up.

  5. Do we back up our email files?
  6. Ever wish you had that one email from a few months back, in which a customer gave you the “go ahead” but now they’re refusing to pay for your work? These days, email is increasingly used as legal evidence of agreements or notices to proceed. If they’re included in your backup, you can easily pull up even deleted emails received or sent.

  7. Is our Calendar and Contact information backed up?
  8. What if you came to work one morning and your online calendar and address book was gone? What appointments and communications would you miss, and at what cost? Most of the time, by default your Outlook Contact and Calendar files are stored on the individual PCs. Make sure these files are included in your backup set.

  9. Do we back up folders and files from each computer?
  10. In addition to important information that is stored in shared networks, think about the files that each of your employees create and use on their own hard drives. Spreadsheets, letters, memos, databases wouldn’t it be a shame to lose all that work?

  11. Are we always saving our files to an area that will be backed up?
  12. Consider where each and every file your work on is being saved. Will it be included in your backups? Develop policies and educate your employees on where to save their work so it’s included in your backup schedule.

  13. Do we back up data frequently enough?
  14. This answer to this question is – how much work are you willing to risk? Say you complete an important contract on Tuesday morning, and an employee accidentally deletes it that afternoon. But you only run backups on Monday, Wednesday, and Friday. Bye-bye contract! A more frequent backup schedule would have saved the day.

  15. Do we know where our backups are and how to use them?
  16. If you use USB drives, external hard drives, or backup tapes for your backups, are you storing them offsite in a safe place? Even if your files are backed up to the cloud, do you know how to recover them in case of an emergency? Knowing your backup system and keeping it safe will ensure you can get back to business quickly and efficiently.

Even if you already have a backup system in place, take a few moments to think about your specific business. If the unthinkable happened, exactly what data would you need to get back up and running? What could you not operate without? Once you identify these things, simply make sure they are included in your backup.

Need help? We’re experts in guiding small businesses in setting up a backup system that meets their unique needs. Give us a call today to discuss the options available to keep your business data safe and sound.

Published with permission from TechAdvisory.org. Source.
Topic Articles
June 9th, 2011

Cost savings are usually important to small businesses even in the best of times. New technology solutions may be necessary for survival and growth, howeverand they may not be as expensive as you think when you consider their return on investment (ROI). In this four-part series, we’ll explain what ROI is, help you understand indirect ROI, and provide guidelines for predicting and measuring the ROI of a technology investment.

Part 4: Measuring ROI

If you’ve been following this series, you’ve already learned what ROI is and how you can use it to make sure your technology implementations are profitable. But the process doesn’t stop there: it’s important, once you’ve implemented a new technology solution, to track its benefits.

There are many direct and indirect benefits of implementing new technology, as we’ve describedbut in most cases, companies don’t know what they are.

In many cases, what you measure is clear. Consider a service company that implements customer service software designed to help phone representatives more quickly resolve customer issues. To determine ROI, the company simply measures the number of calls per employee before and after implementing the software.

In other cases, companies don’t measure what we call the relevant “value drivers.” Some companies don’t know what to measure; others know what to measure but don’t know how to do it. The end result: only 17 percent of CFOs measure ROI for outsourcing projects, according to Hewitt Associates.

As an example of how this could happen, consider a manufacturing company that implements software designed to reduce errors in a product line, thereby improving quality. While the company may be tracking the increase in quality (in the form of fewer returned goods, for example), it may not be considering other value drivers. How about waste? We can assume that quality has improved, fewer products have been scrappedbut the company doesn’t have a business process in place that can track costs incurred from waste.

How do you identify value drivers? Follow the workflow. IT will always impact your business processes in some way. For example, it might eliminate, create, or change a business process. So to identify value drivers, look at the results you hope to achieve from these business process changes.

As an example, consider the service company we referenced previously. As a result of its new customer service software, the company might reduce its customer service employees from five to four. This change in business process shows that one value driver is the reduction in labor costs due to increased efficiency, resulting in a direct ROI. Another value driver might be improved customer service, resulting in an indirect ROI.

As another example, consider a company that implements software to track employee performance against objectives. In the past, it has paid bonuses randomly; now it has a methodology. This change in business process shows that one value driver is the savings in bonuses not paid due to non-performance, resulting in a direct ROI. Another value driver might be improved employee morale and effort, resulting in an indirect ROI.

Generally, a year of data collection should be sufficient to determine the changes in costs and revenues that will drive both direct and indirect ROI, providing you with solid data to determine just how effective your IT investment has been.

Published with permission from TechAdvisory.org. Source.
Topic Articles
June 6th, 2011

Many small and medium-sized businesses have the misconception that they are safe from cyber-attacks because of the lesser profits cyber-thieves can make from them. But recent studies show that hackers are now starting to exploit the less strict and intricate security protocols of SMBs.

There is a misconception among many SMBs that they are small targets for would-be cyber-attacks. “We’re too small a company to be of any worth” is the mindset of many. However, there is an ongoing trend in which smaller companies actually find themselves victims of the most elaborate and vicious cyber-attacks.

Why? Security experts are discovering that SMBs tend to have less or inferior security protocols in place to counter cyber-attacks. While this was of little consequence in the past, cyber criminals are now starting to take notice of the fact, and are exploiting it to their advantage. And it’s profitable too an attack on one SMB might not amount to as much as a larger organization, but given the greater ease through which hackers can attack smaller businesses, they more than make up for the difference in the volume of companies they target. According to several news reports, these cyber-thieves can make off with as much as $70 million.

The more unfortunate fact is that smaller companies are less able to counteract the effects of losses from cyber-attacks. This is why you should stay one step ahead of cyber-thieves by updating your security systems. Short term or long term, it’s a practical solution to keep information and data safe, and your operations stable. Give us a call today we can help.

Published with permission from TechAdvisory.org. Source.
Topic Articles
June 2nd, 2011

Cost savings are usually important to small businesses even in the best of times. New technology solutions may be necessary for survival and growth, howeverand they may not be as expensive as you think when you consider their return on investment (ROI). In this four-part series, we’ll explain what ROI is, help you understand indirect ROI, and provide guidelines for predicting and measuring the ROI of a technology investment.

Part 3: Predicting ROI

As we explained in part 2 of this series, you can’t measure ROI simply by asking what a technology implementation will do for your bottom line. However, if the new technology leads different parts of your company to collaborate, which in turn produces better goods and services that lead to top-line growth, then your ROI is likely strong. Getting at those indirect ROI numbers, however, may be the greatest challenge of ROI analysis. Few models exist to guide you, and with good reason: determining ROI involves looking at many components, then applying those components to your particular situation. But there are things you must take into account, from both a cost and a benefit perspective, when considering the ROI of a technology investment.

  • Your existing technology infrastructure. There are few companies without existing technologies in place, and any new solution will need to work with these systems to be effective. There will likely be costs associated with the new technology’s impact on existing systemsbut there will also be benefits. For example, a new technology might automate the tracking of hourly employees’ work hours. Or, it might offer more efficient collaboration.
  • Your business processes. A new technology can clearly improve your business processes by reducing downtime, improving productivity, and lowering costs. But implementing the new technology will likely involve training staff in using the technologyand that can have associated costs.
  • Your external relationships. Finally, no business is an island. Your systems may link to customer and vendor systems. As a result, any new technology may impose constraints on or require changes of external organizations or individualsin the way information is delivered or received, for example.

To solve this puzzle, it can be helpful to ask three different but related questions about the technology solution’s direct and indirect costs as well as its efficiency.

  • Direct costs: Can you afford the technologyand will it pay for itself? To answer these questions, you’ll need to know the cost of the solution itself and the monetary value of the resources used to implement it, measured in standard financial terms. You’ll then compare the dollar cost of all expenditures to the expected return in terms of the projected savings and revenue increases. You may need to project the cost and return over a multi-month or multi-year time span in order to show a payback period.
  • Indirect costs: How much bang for your buck will you realize? Now the analysis becomes more complex. Analyzing the effectiveness of a technology solution requires you to look at its costs in relation to how effective it is at producing the desired resultsin essence, to expand your measurement of ROI beyond cost savings and revenue increases to include performance relative to your company’s goals.
  • Efficiency: Is this the most you can get for this much investment? Finally, you’ll want to ask whether the technology will produce the greatest possible value relative to its direct and indirect costs. That can present difficulties, as it will require you to conduct a similar analysis on many alternatives, perhaps simulating the performance of the alternatives in some way.

These three types of measurements differ in several ways. While the first is based simply on financial metrics, the second includes the quality of goods or services, customer satisfaction, employee morale, or in the case of some companies (such as manufacturers of “green” products or non-profits), social or political benefits. All of these measurements, however, will help you answer the same basic question: Which technology investments will pay off in the long term?

In the next part of this series, we offer specific tips for measuring ROI.

Published with permission from TechAdvisory.org. Source.
Topic Articles
June 1st, 2011

Free WiFiPublic Wi-Fi is all well and good, but its very nature makes it easy to exploit and allow hackers access into your system unless you have the proper security protocols in place.

These days, Wi-Fi is everywhere. Airports, coffee shops, train and bus stations, malls almost every public place you can think offers Wi-Fi connectivity. Being connected to the internet has evolved from luxury to necessity, and whether it’s for personal or business reasons people are online as much as possible.

This is all well and good, except when you consider that hackers have started to extend their playing field to public Wi-Fi networks. With the volume of sensitive information such as passwords and financial transactions, it’s inevitable that crooks and fraudsters move to public networks where there is more potential to illegally farm large chunks of information.

Two things are important about this emerging trend. First, it’s the very nature of public networks that makes them vulnerable to attack. Second, hacking has become much easier these days, with very simple hacking programs such as Firesheep easily downloadable from the web.

However, the solution is simple as well: have the proper security protocols on your smartphone or laptop. It’s unfortunate that many people neglect to recognize the importance of such policies, and only have minimal security (if any at all) to guard against attacks. But as long as you have the proper protocols in place, you can stay connected even through public Wi-Fi without fear of hacking or any sort of intrusion into your system.

If you want to know more about keeping your portable devices safe from attacks, please feel free to contact us. We’ll be glad to explain the issue in more detail and draw up a solution customized to fit your needs.

Published with permission from TechAdvisory.org. Source.
Topic Articles
May 30th, 2011

While the cloud can be a good place to store data and backups, you need to make sure you can quickly get it when you need it. Restoring data is a critical component of any disaster recovery planning initiative. In case of a disaster or unforeseen occurrence that requires you to recover your data, you need to ensure that you can bring it back online within a time frame that meets your business needs.

A few weeks ago, Amazon suffered several days of outage in its EC2 and RDS service, bringing down dozens if not hundreds of services along with itincluding such high-profile sites as Reddit, Heroku, Foursquare, Quora, and many others. Although the cause of that outage has been analyzed extensively in many forums, the discussion is interesting and relevant because it brings attention to the lesson that wherever or whomever you entrust your data to—be it in the “cloud” or to a big company like Amazonit pays to be smart about how you manage your data, especially if it’s critical to your business.

Understand your options. When someone else is managing your data, it’s easy to leave the details to them. However, making sure that you at least have some understanding of what your options are in what different service providers can offer you will pay dividends later if something goes wrong, since you’ll be better equipped to make an informed decision on the spot. Things you should look at include:

  • Who is the service provider? What is their history? Who is behind them? What is their track record?
  • Where do they store your data? Do they own the servers where your data is stored or do they rely on someone else?
  • Is your data stored within the local area (i.e., a drive away) or is it distributed all over the map?
  • Do they provide a mirror of your data within your own server, or is everything in their data centers?
  • What measures do they employ to make sure your data is safe?
  • What methods do they employ to ensure you can get to your data when you need it?
  • Do they provide service level assurances or guarantees to back up their claims?

These are just some of the basic questions you should be asking of your service provider.

Do a test drive. Often you will not know exactly how a service works until the rubber hits the road, so to speak. Ask your service provider for a demo or a trial period. Test how fast it is to back up your data, but more importantly how fast you can bring it back when you need it. This is especially important if you’re talking about gigabytes of data. Understand that doing backups in the cloud can be hampered by your bandwidth and many other components of your system and theirs.

Don’t put all your eggs in one basket. Some service providers give users the option of storing data in multiple sites, to ensure that your data is safe if one site goes down. But why rely on just one service provider when you can get the services of multiple providers instead? Or perhaps better yet, why not manage some of your data on your own? While it may be complex and costly to reproduce what many service providers can provide today, it is relatively easy to set up a simple system to keep at least some of your really, really important data locally by using an unused computer or a relatively cheap, network-attached storage device or secondary/removable drive that you can buy at your local store.

Create a plan and write it down. Unforeseen occurrences can and will happennot only from your side but from your service provider’s as well. When they do happen, you will need to have a contingency plan ready, often referred to as a Business Continuity Plan. Make sure to document your plan in writing, and communicate it to everyone in your organization so they will know what to do in case disaster strikes.

With its promise of unprecedented efficiency, reliability, scalability, and cost savings, cloud computing and storing your data in the cloud is the topic du jour these days. However, it’s sometimes easy to overlook the basic due diligence that’s necessary regardless of how or where your data is stored. Ultimately, it is your business on the line—and being prudent and proactive about how your data is stored, managed, and (most importantly) recovered in times of need will save you much grief when you actually need it.

Published with permission from TechAdvisory.org. Source.
Topic Articles
May 26th, 2011

Cost savings are usually important to small businesses even in the best of times. New technology solutions may be necessary for survival and growth, however—and they may not be as expensive as you think when you consider their return on investment (ROI). In this four-part series, we’ll explain what ROI is, help you understand indirect ROI, and provide guidelines for predicting and measuring the ROI of a technology investment.

PART 2: The Indirect Benefits of Technology Implementation

It’s easy to see the direct benefits of new technology, such as reduced headcount or increased revenues. That’s because they show up as line items on financial statements. But it’s also important to consider the indirect benefits: an ROI that cannot be easily quantified but is nonetheless realized.

A good example of an indirect ROI is employee productivity. When you implement new technology, employees can perform their jobs better and faster. For example, an application that facilitates better communication between attorneys and clients at a law firm may not generate a direct return by reducing head count, but it can significantly improve the quality of service clients receive while giving attorneys more time to focus on value-added tasks, such as sales. That, in turn, will increase clients and profits—a very clear indirect return.

All technology generates some indirect returns, but how much is direct and how much is indirect? One research firm found that direct returns account for only half of technology ROI. Less than 50 percent of companies that implemented a document management system saw a direct ROI, while 84 percent saw an indirect ROI in the form of measurable increases in employee productivity.

To determine how much of a proposed implementation’s ROI is indirect, you must consider three key factors: the kind of technology being implemented, the areas in which it will be implemented, and your current IT environment.

  • The kind of technology being implemented. While all technology provides some indirect ROI, some technology generates more. For example, supply chain software can improve productivity, but most of its ROI is direct, in the form of reduced inventory and transportation costs. On the other hand, collaboration software may have a huge impact on worker productivity by reducing the time it takes to execute group-oriented tasks, such as sharing information and coordinating meetings. Likewise, content management systems tend to generate significant indirect ROI by leading to faster filing and decreased retrieval times.
  • The areas in which technology will be implemented. Where and how you deploy technology will also impact the portion of its ROI that is indirect. As an example, consider a business intelligence dashboard. Depending on how it is used, ROI could be more direct or indirect. If it is used to give a logistics manager the ability to better monitor and control transportation costs, the ROI is primarily direct. If it is used to provide financial analysts with quicker access to monthly metrics, the primary benefit will be time savings, an indirect ROI.
  • Your current IT environment. Finally, the extent to which a new technology’s ROI is direct or indirect may depend on how much change the technology leads to. Consider an application that tracks employee hours. A company that has manually collected time will see significant direct ROI in a reduction of the number of timekeepers needed. On the other hand, a company that already has an automated attendance process will see more indirect ROI in the form of efficiencies through time savings.

Indirect ROI may not be readily visible, but it is critical to driving business value. A business that ignores indirect ROI, choosing not to improve its technology because there is no direct ROI, will not be able to keep up with competitors.

In the next part of this series, we offer specific tips for predicting ROI.

Published with permission from TechAdvisory.org. Source.
Topic Articles
May 23rd, 2011

hand drawing graphAre you investing in IT to winor just to keep up? Many, if not most, companies use IT as a tool, and in doing so they tend to focus on its cost. A better approach is to consider it a strategic asset. Doing so can differentiate your company and increase your profits.

Differentiate your company and increase your profitswith IT

It’s easy to think of IT as a tool that comes with a costbut doing so is a big mistake. That’s because IT, when used properly, can be a strategic asset. It can make your information more accurate, improve your employees’ response time, and even differentiate your company in the marketplace.

To make IT a strategic asset as opposed to a tool, it needs to add value. To determine where to make improvement, you’ll want to look at your value chain, which includes all the activities your business performs, and ask which ones earn profits. For example, if you’re a manufacturer, better IT could result in more efficient supply purchasing. If you’re a retailer, better IT could result in fewer units needing after-sales service and repair. Focus on improving IT in those areas and you’ll likely improve profits.

An added benefit of this exercise: The use of IT in a new way may create even more opportunities for your company. For example, the Internet allowed Apple to invent iTunes, and now mp3 downloads have overtaken CD sales. Even small businesses can experience this. Case in point: The invention of iTunes has given many startup software companies a distribution channel for apps that otherwise may not have been invented. But the idea doesn’t have to be visionary in this way: YourLittleFilm.com, a small business that creates custom short films, used customer relationship management (CRM) software to help follow up on business leads, and got a 10 percent response rate.

How and where you add value with IT developments will depend on your business model. There is little point, for example, in automating production if your customers cherish hand-made products. However, you might find that investing in a CRM system might give you a more efficient way to track your customers’ preferences and provide them with a more personalized service.

Using your IT as a strategic asset gives you tools to manage clients worldwide, increases your visibility, and lets you compete with much larger players. Contact us to find out how you can use technology to gain an edge.

Published with permission from TechAdvisory.org. Source.
Topic Articles
May 19th, 2011

Cost savings are always important to small businessesbut that doesn’t mean you should skimp on technology. New technology may be necessary for the survival and growth of your business, and may not be as expensive as you think when you consider its return on investment (ROI). In this four-part series, we’ll explain what ROI is, help you understand the types of ROI, and provide guidelines for predicting and measuring the ROI of a technology investment.

PART 1: ROI Basics

There are two ways to look at the value of technology: total cost of ownership (TCO), which quantifies only the cost of a project, and return on investment (ROI), which quantifies both the cost and expected benefit of the project over a specific timeframe.

Traditionally, businesses have used TCO when analyzing the cost of internal infrastructure projects such as upgrading an e-mail system. But even with internal systems, ROI can be a better method. If your old e-mail system goes down, for example, your sales team can’t contact customers electronically and must spend more time making phone calls. If your employees spend two more hours on calls than they would on e-mails, you’ve actually lost money by not upgrading your e-mail system.

As an example of how ROI works, consider the case of a small, high-end electronics boutique. The current point-of-sale (POS) software is beginning to show strains from the company’s expansion and increasing inventory, and customer service issues are arisinga problem since the company’s mission is to provide exceptional service. The company’s owner believes implementing a new POS software program will help address these issues, but deploying it will be costly.

The key question is which will cost more in the long term: spending the money to provide a solution, or the losses the boutique will incur by not doing so?

That question may be easier to ask than to answer. As important as determining ROI is, there is still little consensus about how to measure it accurately. That’s because ROI has many intangiblesthings that don’t show up in traditional cost-accounting methods but still maximize the economic potential of the organization, such as brand value, customer satisfaction, and patents.

In the next part of this series we’ll discuss these intangibles

Published with permission from TechAdvisory.org. Source.
Topic Articles
May 18th, 2011

We are seeing Macs and PCs together in more and more offices. Here are some tips to make sure these devices can get along with each otherwhether it be sharing files between the two systems, sharing printers, having them talk to each other on the same network, and even running apps on both systems.

Unlike a few years ago when Microsoft’s Windows operating system virtually dominated office desktops everywhere, today we are increasingly seeing the use of other operating systems in the office. Typically these other systems are some model of Apple’s Macintosh running its own operating system called the OS X. The OS X, known for its sleek graphics, great multimedia handling capabilities, and easy-to-learn user interface, has gained favor among many users and businesses.

Sometimes, however, problems arise when having to use different systems in the same office or network environment. Here are some tips to eliminate common issues your users might face when working with others on a different system:

  • File Sharing. There was a time when transferring files between a Mac and a PC was a painful process requiring understanding different file system structures, resource forks, file name limits, and other such nonsense. Thankfully those days are over. Many Mac applications today can open files created on a PC and vice versasuch as office documents, images, video, and more. Getting files from one system to another is also easy as you can transfer via a removable drive. Both systems should recognize the file system on the driveespecially if it was formatted using Window’s file system (doing it the other way around might be a bit more difficult). OS X “Leopard” Macs can also read or write to drives that have been formatted using a special format from Microsoft called NTFS, and other freely downloadable utilities can also help. If this sounds like too much work to understand, you can also simply burn a CD or email files from one system to anotheror better yet, set up a network for file sharing.
  • Making Macs and PCs talk on the same network. If you’re a little more tech savvy, you can connect your Macs to your PCs directly or via a network. Typically this requires a network cable connected to both devices and having network sharing turned on. Enabling network sharing is outside the scope of this tip, but many online resources are available to help you connect a PC to a Mac or a Mac to a PC.
  • Running the same desktop applications on both a Mac and a PC. For really advanced users, did you know that you can run Windows on a Mac or OS X on a PC? The former is bit easier and more common, thanks to techniques such as dual booting or virtualization. In dual booting (what Apple calls “Boot Camp”), you essentially install both operating systems on a Mac and on power up, you can choose which operating system to boot. Virtualization on the other hand is way slicker as you can run both operating systems at the same time. In virtualization, you boot Windows in a window within OS X, allowing you to effectively run Windows applications on a Mac. There are also many commercial applications that can help with this.
  • The future: Cloud Applications. As we all start to access more cloud-based applications, the operating system you use is no longer as critical. As long as your systems have an Internet connection and a browser, then you can use different systems and it doesn’t matter what operating system or hardware is being used.

So running both Macs and PCs in the same office is not necessarily a bad thing, as it has been in the past. Dozens of options exist today to make the situation manageable, if not downright easy. If you need help, don’t worry we’re here to assist. Call us today to find out how you can get Macs and PCs to work together for your business today.

Published with permission from TechAdvisory.org. Source.
Topic Articles
May 16th, 2011

One of the world’s leading email service providers, Epsilon, found itself the victim of a phishing attack that saw a significant amount of data lost to cyber-thieves. It’s important to learn from mistakes like these and make sure that both your own and you clients’ data is kept secure and safe from thieves.

There’s been a lot of buzz recently about Epsilon, one of the biggest email service providers in the world, as it suffers from the backlash of allowing itself to be a victim of phishing efforts which has affected the business data of as many as 50 major companies who are clients of theirs.

Reports are also citing Epsilon’s failure to heed an alert from a business partner which advised the provider to be on its toes against potential attacks from cyber-criminals targeted towards email service providers. The damage estimates vary, with Epsilon citing only about 2% of their data being stolen, but the impact is undeniable. Cyber-criminals now have access to a sizable number of personal data stored through Epsilon passwords, account numbers, and even the purchasing / buying habits of the customers of Epsilonงs clients. Many of Epsilon’s clients are now sending out messages to their own customers, warning them that their email addresses may have been compromised.

It’s a lesson to companies, big and small, to pay more attention to beefing up their security protocols, since all it takes is one breach to endanger all of your data. In addition to having the right security software, it also helps if you require your employees undergo proper user training to make sure that they won’t be easily baited by scams like phishing, and will be more aware of how to contribute to the safety of your business data. Failing to do so puts not only your company, but also your clients, at risk.

If you’d like to make sure your systems are safe, call us and we’ll evaluate your current security measures and suggest ways to make critical improvements.

Published with permission from TechAdvisory.org. Source.
Topic Articles