Articles

April 5th, 2013

news52

Privoxy มีช่องโหว่ information-disclosure
ทำให้ผู้โจมตีสามารถเข้าถึงข้อมูลสำคัญของผู้ใช้งานได้ ซึ่งอาจส่งผลให้เกิดการโจมตีอื่นๆจามมา
Privoxy 3.0.20 มีผลกระทบ และเวอร์ชั่นอื่นอาจมีผลกระทบด้วย

ที่มา : securityfocus

May 17th, 2012

หากเว็บไซต์จำเป็นกับองค์กรคุณ Web Application Firewall
ก็สำคัญกับองค์กรคุณเช่นกัน

คุณคงไม่อยากให้เว็บไซต์ขององค์กรคุณเสียชื่อเสียง จากการโดนแฮ็คเว็บไซต์  รวมทั้งกลายเป็นแหล่งกระจายไวรัสอย่างไม่รู้ตัว  ปัจจุบันหลายองค์กรหันมาให้ความสำคัญในการทำธุรกิจออนไลน์บนเว็บไซต์ผ่านเว็บแอพพิเคชันมากขึ้น เนื่องจากผู้ใช้งานสามารถเชื่อมต่ออินเตอร์เน็ตได้ทุกที่ ทุกเวลา ดังนั้นการเข้าถึงบริการต่างๆ ก็สามารถทำได้สะดวกรวดเร็ว  เช่น การสั่งซื้อสิ้นค้า การทำธุรกรรมทางการเงิน ผ่านเว็บไซต์ เป็นต้น  แม้ว่าการให้บริการออนไลน์จะมาพร้อมความสะดวกรวดเร็วแต่ในขณะเดียวกันภัยคุกคามที่เกิดขึ้นบนโลกอินเตอร์เน็ตมีให้เห็นอยู่บ่อยครั้ง  จากเหตุการณ์ที่ธนาคารถูกโจรกรรมก็เพราะเป็นที่รับ-ฝากเงินจำนวนมาก จึงเสมือนกับข้อมูลสำคัญบนเว็บเซิฟเวอร์ขององค์กร ซึ่งปัจจุบันหลายองค์กรเริ่มตระหนัก และหันมาให้ความสำคัญเรื่องการป้องกันการโจมตีผ่านการใช้งานผ่านเว็บแอพพลิเคชันบนเว็บไซต์ จะเห็นได้จากการพัฒนาเว็บแอพพลิเคชันให้มีความปลอดภัย และรูปแบบการเลือกใช้งานเว็บแอพพลิเคชันไฟร์วอลล์

แม้ว่าการเลือกใช้งานเว็บแอพพลิเคชันไฟร์วอลล์อาจเป็นทางเลือกที่ดีในการป้องกันเว็บเซิฟเวอร์จากภัยคุกคาม แต่ด้วยการบริหารจัดการ  ประสิทธิภาพ และราคา  ยังถือได้ว่าเป็นปัญหาสำหรับองค์กรในการตัดสินใจเลือกใช้งานอยู่ไม่มากก็น้อย  จริงอยู่ที่การใช้งานเว็บแอพพลิเคชันไฟร์วอลล์สามารถป้องกันการโจมตีเว็บเซิฟเวอร์ได้  แต่สามารถป้องกันได้เพียงร้อยละ 90 สำหรับในส่วนที่เหลือนั้นองค์กรจำเป็นจะต้องมีผู้เชี่ยวชาญในเรื่องการปรับแต่งค่า และนโยบายความปลอดภัยเพื่อลดความผิดพลาดในการป้องกันเว็บแอพพลิเคชันที่อาจจะเกิดขึ้น   ซึ่งส่งผลให้ผู้ใช้งานไม่สามารถให้บริการบนเว็บไซต์ได้ ทั้งนี้การใช้งานเว็บแอพพลิเคชันไฟร์วอลล์เพื่อการป้องกันการโจมตีอาจไม่ใช่คำตอบทั้งหมด โดยองค์กรจะต้องมีการเฝ้าระวังและตรวจสอบภัยคุกคามที่เกิดขึ้นกับเว็บไซต์ หรือเว็บแอพพลิเคชันอยู่อย่างสม่ำเสมอ  เพื่อให้ทราบถึงชนิดของภัยคุกคาม  รูปแบบการโจมตี ระดับความรุนแรง และวิธีการรับมือ หากเกิดความเสียหายในกรณีที่ถูกโจมตีได้อย่างทันท่วงที

สำหรับโซลูชันการเลือกใช้งานเว็บแอพพลิเคชันไฟร์วอลล์นั้นมีหลากหลายรูปแบบทั้งนี้ขึ้นอยู่กับโครงสร้างการติดตั้งเว็บเซิฟเวอร์   ประสิทธิภาพในการส่งผ่านข้อมูล และงบประมาณในการลงทุน   องค์กรส่วนใหญ่ในประเทศไทยนิยมที่จะลงทุนในการซื้อ ติดตั้ง และบริหารจัดการอุปกรณ์ทางคอมพิวเตอร์ด้วยตนเอง ดังนั้นหลายองค์กรจึงเลือกใช้งานเว็บแอพพลิเคชันไฟร์วอลล์ในลักษณะที่เป็นฮาร์ดแวร์ ซึ่งมีข้อดีคือ ได้อุปกรณ์มาติดตั้งในองค์กรตนเอง รวมถึงได้ประสิทธิภาพด้านระบบเครือข่ายที่ดี  และไม่กระทบต่อการใช้งานเว็บไซต์ที่มีการเข้าใช้งานเป็นจำนวนมาก

อย่างไรก็ดี  เว็บแอพพลิเคชันไฟร์วอลล์ไม่ได้มีแบบที่เป็นฮาร์ดแวร์เพียงอย่างเดียว บริษัท ยูไนเต็ด อินฟอร์เมชั่น ไฮเวย์ จำกัด (UIH) ร่วมกับ บริษัท เอซิส ไอ-ซีเคียว จํากัด  ได้ร่วมกันให้บริการด้านความปลอดภัยทางคอมพิวเตอร์ด้วยการนำเว็บแอพพลิเคชันไฟร์วอลล์มาให้บริการในรูปแบบ Cloud Computing  ที่มีลักษณะการแชร์ทรัพยากรของอุปกรณ์เว็บแอพพลิเคชันไฟร์วอลล์บน Cloud Computing  ให้มีการใช้งานรวมกันได้อย่างประหยัด และมีประสิทธิภาพ  ซึ่งระบบคลาวด์เว็บแอพพลิเคชันไฟร์วอลล์มีข้อดีคือ องค์กรที่เลือกใช้งานไม่จำเป็นต้องมีการติดตั้งซอฟต์แวร์ หรือฮาร์ดแวร์ใดๆ เพียงแค่องค์กรทำการเปลี่ยนหมายเลขไอพี DNS (Domain Name Service) มาเป็นหมายเลขไอพีของผู้ให้บริการ  เพียงเท่านี้ ก็สามารถใช้บริการคลาวด์เว็บแอพพลิเคชันไฟร์วอลล์ เพื่อการป้องกันเว็บเซิฟเวอร์ได้ทันที  ทั้งนี้การใช้งานคลาวด์เว็บแอพพลิเคชันไฟร์วอลล์ยังช่วยลดต้นทุนให้กับองค์กรในการสั่งซื้ออุปกรณ์ติดตั้ง การฝึกอบรมผู้ดูแลระบบ  และที่สำคัญมีบริการเฝ้าระวัง  แจ้งเตือน รวมทั้งผลการวิเคราะห์ภัยคุกคามต่อเว็บคลาวด์เว็บแอพพลิเคชันเป็นภาษาไทย  พร้อมแนวทางการแก้ไขจากผู้เชี่ยวชาญตลอด 24 ชั่วโมง

 

May 17th, 2012

ทำไมต้อง“Web Application Firewall”

ไม่ผิดนักหากจะบอกว่าในรอบ 10 ปีที่ผ่านมา เว็บไซต์คือสิ่งหนึ่งที่ทำให้มนุษย์เรานั้นใช้ชีวิตได้อย่างสะดวกสบายมากขึ้นสิ่งหนึ่ง เพราะไม่ว่าเราจะต้องการทำอะไรเว็บไซต์ก็สามารถที่จะตอบโจทย์เราไปได้เสียทุกอย่างเช่น หากเราต้องการไปยังสถานที่หนึ่งที่ไม่เคยไปมาก่อนและไม่มีคนที่เรารู้จักเคยไปมาก่อน เราก็สามารถไปสถานที่นั้นได้ด้วยตนเองโดยค้นหาเส้นทางไปยังเป้าหมายจากเว็บไซต์ท่องเที่ยวหรือเว็บไซต์อย่าง Google Map หรือหากเราต้องการนัดเพื่อนฝูงไปกินข้าวด้วยกันก็ไม่จำเป็นต้องโทรศัพท์หากันอีกต่อไป เราก็สามารถนัดเพื่อนๆผ่านเว็บไซต์ Social Network ต่างๆได้เลยเป็นต้น ซึ่งบ่งบอกถึงการที่เว็บไซต์เข้ามามีบทบาทในชีวิตประจำวันของคนเรามากขึ้นนั้นเอง

เว็บไซต์มีการวิวัฒนาการณ์อย่างต่อเนื่องในรอบ 10 ปีที่ผ่านมา จากแต่ก่อนในเว็บ1.0 (Web1.0) ที่จะมีแค่ไว้ใช้เพื่อนำข้อมูลที่ต้องการมาใส่ไว้ในเว็บเพจให้คนอื่นดูและไม่มีการตอบโต้กับผู้ใช้งานแต่อย่างใด การก้าวข้ามสู่โลกการใช้งานที่หลากหลายมากขึ้นของรูปแบบเว็บ2.0 (Web2.0) เช่น การจ่ายเงินค่าน้ำค่าไฟผ่านเว็บไซต์ การประชุมงานออนไลน์ผ่านเว็บไซต์ รวมไปถึงการสั่งซื้อสิ่งของเครื่องใช้ต่างๆผ่านเว็บไซต์ก็ทำได้เช่นกัน เพราะฉะนั้นการเข้าถึงได้ง่ายและการใช้งานที่ทำให้ชีวิตสะดวกสบายมากขึ้นนี่เองที่ทำให้ผู้คนส่วนใหญ่หันมาใช้งานเว็บไซต์เพื่อทำกิจวัตรประจำวันมากขึ้น แต่เหรียญนั้นมี 2 ด้าน ยิ่งมีคนใช้ประโยชน์จากเว็บมากขึ้นเท่าใด ก็ยิ่งมีผู้ไม่ประสงค์ดีต้องการหาผลประโยชน์จากคนที่ใช้เว็บมากขึ้นเท่านั้น ซึ่งกลุ่มผู้ไม่ประสงค์ดีเหล่านั้นก็คือ Hacker นั่นเอง

การโจมตีเว็บไซต์ต่างๆของ Hacker มักจะทำไปเพื่อการขโมยข้อมูลต่างๆของผู้ใช้งานในเว็บไซต์นั้นๆหรือไม่ก็เพื่อให้เว็บไซต์นั้นๆไม่สามารถให้บริการได้เป็นต้น ซึ่งโดยปกติแล้วผู้ใช้ทั่วไปมักจะใช้ username และ password เดียวกันกับทุกเว็บไซต์ที่ได้สมัครไว้ ไม่ว่าจะเว็บไซต์นั้นจะเก็บข้อมูลที่สำคัญหรือไม่สำคัญของผู้ใช้ก็ตาม ทำให้ Hacker อาจจะนำ username และ password จากการโจมตีเว็บไซต์ที่เก็บข้อมูลไม่สำคัญอะไรนักของผู้ใช้งาน ไปใช้หาข้อมูลบัตรเครดิตหรือข้อมูลทางการเงินที่สำคัญของผู้ใช้งานในเว็บไซต์อื่นก็เป็นได้ และการที่จะมาบังคับให้ผู้ใช้ทั่วไปสมัครเว็บไซต์ต่างๆโดยใช้ username และ password ไม่ซ้ำกันเลยก็คงเป็นไปได้ยาก ดังนั้นสิ่งที่สำคัญในการป้องกันเพื่อไม่ให้เกิดเหตุดังกล่าวได้ก็คือการป้องกันหรือตรวจจับการโจมตีเว็บไซต์แทนนั่นเอง

เทคโนโลยีการป้องกันในปัจจุบันไม่ว่าจะเป็น Firewall, Intrusion Detection System/Intrusion Prevention System (IDS/IPS) ก็ไม่สามารถป้องกันเหตุการณ์ภัยคุคามที่เกิดขึ้นกับเว็บไซต์ได้ เพราะการที่เราส่งข้อมูลไปที่เว็บไซต์ใดๆก็แล้วแต่ ก็เหมือนกับการที่เราส่งจดหมายไปยังเว็บไซต์นั้นโดย Firewall จะมีเห็นแค่ว่าเราส่งจดหมายนั้นไปได้ถูกที่ถูกทางหรือไม่ รวมทั้งการเข้าใช้งานเว็บไซต์ตามปกติและการโจมตีเว็บไซต์นั้นจะเป็นการใช้งานพอร์ต 80/TCP ( HTTP) และ 443/TCP(HTTPS) ซึ่งยากแก่ Firewall ธรรมดาที่จะบล็อคการใช้งานได้ ขณะเดียวกัน IDS/IPS ก็จะเห็นแค่ลักษณะของการส่งจดหมายเท่านั้น ซึ่งเทคโนโลยีทั้งสองดังกล่าวไม่สามารถรับรู้ได้เลยว่าในสิ่งที่อยู่ในจดหมายนั้นมีข้อความหรือสิ่งใดที่ประสงค์ร้ายต่อผู้รับหรือไม่ ดังนั้นจึงได้มีการพัฒนา Web Application Firewall (WAF) ขึ้น มาเพื่อตรวจสอบข้อมูลข้างในจดหมายดังกล่าว เปรียบเหมือนกับการที่เมื่อจดหมายถูกส่งมาถึงกล่องจดหมายหน้าบ้านแล้ว WAF ก็จะทำหน้าที่ส่งต่อ โดยการเปิดจดหมายเพื่อตรวจสอบข้อมูลภายใน เมื่อ WAF เห็นแล้วว่าข้อความภายในนั้นไม่มีจุดประสงค์ร้ายต่อผู้รับ (เว็บไซต์) ก็จะส่งจดหมายนั้นต่อไปยังผู้รับอีกทีหนึ่ง และอีกทั้งเรายังสามารถระบุหรือบอกกับ WAF ได้อีกด้วยว่าผู้รับสามารถอ่านจดหมายได้มากขนาดไหนในช่วงเวลาหนึ่ง เมื่อจดหมายเยอะถึงที่ได้ตั้งไว้ WAF ก็จะทำการถือไว้ให้ก่อนหรือไม่ก็สามารถทิ้งจดหมายที่เกินเข้ามา ทำให้ผู้รับสามารถอ่านจดหมายหรือทำงานได้อย่างต่อเนื่องอีกด้วย

การ WAF เข้ามาขวางหรือรับการใช้งานจากผู้ใช้งานเว็บไซต์แทนนั้น ทำให้เว็บไซต์สามารถทำงานได้อย่างสะดวกมากขึ้นและลดความกังวลของผู้ดูแลได้อย่างมาก เพราะจริงๆแล้วบริษัทส่วนใหญ่มักจะมีทีมที่ดูแลการเขียนเว็บไซต์และทีมที่ดูแลเซอร์เวอร์ของเว็บไซต์ทำหน้าที่แยกจากกัน หรือบางครั้งทีมที่พัฒนาเว็บไซต์ก็อาจจะเป็นบุคคลภายนอก (Outsource) ที่ถูกจ้างเข้ามาเพื่อพัฒนาเว็บไซต์นั้นๆ และเมื่อหมดสัญญาทางทีมผู้ดูแลเซอร์เวอร์ก็ต้องจัดการและดูแลเว็บไซต์ด้วยตัวเอง ซึ่งเมื่อเกิดเหตุการณ์โจมตีเกิดขึ้น ผู้ที่ต้องรับผิดชอบและแก้ไขเว็บไซต์กลับกลายเป็นผู้ดูแลระบบ ซึ่งอาจไม่ได้มีความเชี่ยวชาญทางด้านโปรแกรมมิ่งเว็บไซต์มากนัก ทำให้การป้องกันหรือแก้ไขเป็นไปได้อย่างยากลำบากหรือบางครั้งอาจจะไม่สามารถแก้ไขได้เลยทีเดียว ดังนั้นสิ่งที่เสียไปจะไม่ใช่แค่ข้อมูลของผู้ใช้งานภายในเว็บไซต์เท่านั้น แต่จะรวมถึงการเสียชื่อเสียงที่ทำผู้ใช้งานไม่มีความมั่นใจที่จะเข้ามาใช้งานเว็บไซต์จึงทำให้การใช้งานลดลง ซึ่งบางทีก็ยังต้องเสียค่าจ้างบุคคลภายนอกเพื่อให้เข้ามาแก้ไขซอร์ดโค้ด (Source code) ที่มีช่องโหว่ของการโจมตีอีกด้วย

แต่เหนือสิ่งอื่นใด การที่ WAF นั้นจะทำงานกรองหรือป้องกันเว็บไซต์จากการโจมตีของ Hacker ได้มากขนาดไหนนั้น ก็ขึ้นอยู่กับการปรับแต่งการป้องกันให้เข้ากับสภาพแวดล้อมนั้นๆด้วย รวมทั้งประสิทธิภาพของผู้ทำการปรับแต่งนั้นๆควรจะมีความสามารถหรือตระหนักการโจมตีในรูปแบบต่างๆที่ Hacker สามารถทำหรือคิดได้ เพื่อที่จะสามารถรู้เท่าทัน Hacker ดังคำกล่าวที่ว่า “รู้เขา รู้เรา รบร้อยครั้ง ชนะร้อยครั้ง” นั่นเอง

 

February 20th, 2012

Is your staff bringing their own devices and gadgets to the workplace? There are pros and cons that you need to know before you decide to adopt this practice for your business.

You may have noticed more and more of your employees or colleagues bringing their own computing devices to work—be it their mobile phone, tablet, or laptop. Or perhaps in your company or in other companies you may have seen, they have let people decide which device they prefer because they are used to it at home. You may not realize it, but this is all part of a large trend called the “consumerization” of IT, in which the influence of consumer technology is being increasingly felt in the workplace. With the wide availability of cheap but powerful mobile devices and online services, a growing number of people are being exposed to the latest technology at home first—adopting them at a rate faster than most businesses are able to manage. This flips on its head the old paradigm in which traditionally new technologies would be rolled out to businesses first, before they would find their way to consumers.

This trend, plus the increasing sophistication of young workers today and their frustration with the tools available to them at the office, is pushing some companies to adopt a “bring your own device” or BYOD policy at work. They are not alone. According to research by technology analyst group Gartner, end users, not the IT department, will soon be responsible for 50 percent of business IT procurement decisions—ultimately bringing and running their own systems on company networks. Meanwhile, according to management consultants Accenture, around one-third of today’s younger generation of workers (a group called “millenials”) not only wants to use the computer of their choice at work, but also wants control of the applications they use too.

The benefits companies cite to adopting a BYOD policy are many, among them:

  • Savings on capital expenses and training costs in using company equipment—compensating employees instead via other means such as flexible work hours, subsidized purchases, insurance, and other benefits.
  • Less management headache—effectively letting employees decide what to use releases the company from some overhead and management responsibilities.
  • Improved employee satisfaction—by giving employees the freedom to use devices and applications that they prefer.

However, before you consider letting employees bring their own personal technology to the work place, be aware that there are also disadvantages, and sometimes very real dangers in doing so. These include:

  • Non-standardization of hardware, operating systems, and applications. If your business operations require that some equipment is integrated with others, then BYOD can in the long run actually increase IT management costs and decrease efficiency.
  • Exposing your network to malware or security vulnerabilities and breaches. When your employees bring their own devices to work, you lose important control over their security. Consumer devices often don’t employ comparable bullet-proof security technologies mandated by businesses.
  • Leakage of confidential or proprietary information. Employees will naturally do what they want with the data on their devices, even if it doesn’t belong to them, or it’s against company policies. Employees can also lose precious company data when they misplace or damage their personal devices.
  • Lower economies of scale in procurement. Essentially because everyone is buying devices on their own, you miss out on the chance to consolidate purchases and lower purchase costs for everybody.

Have you adopted a BYOD policy at work? Thinking about it? Worried about this trend? If you need to understand BYOD better so you can define a policy for your staff, contact us and see how we can help.

Published with permission from TechAdvisory.org. Source.

February 13th, 2012

Did you know that there are many free tools available on the web that can increase your productivity? Especially beneficial to small companies who can always use the savings, these free applications and software, if used correctly, can both increase productivity and help maximize the resources they have at hand.

It is a constant challenge for small businesses to meet ever-changing and ever-evolving IT requirements while balancing a budget and keeping costs reasonable. And with software applications being one of the major factors that contribute to IT maintenance costs, it is always welcome news to come across free tools that work well and efficiently despite the lack of a price tag.

ThinkFree Online Office
One of these applications is ThinkFree Online Office, which is a cloud application that enables you to create and edit documents in common formats. It also comes with free 1GB of storage and allows you to work from anywhere, since the documents are stored online. And with its own app for Android users, ThinkFree is particularly advantageous to people who need to work on the go.

ReqMan
Another free cloud-based application that can prove useful is ReqMan, an online project management tool. You can use this to manage and track your different projects using various templates the service provides. And since it’s in the cloud, mobile personnel and staff who are given access to your ReqMan account can work even when they’re out of the office.

Gliffy
Gliffy is a free tool that you can use to create all sorts of technical illustrations – diagrams, floor plans, flowcharts, and more. The basic plan is free, but you also have the option to subscribe to their more fully featured plans for a minimal fee.

ScheduleOnce
For managing schedules, calendars, and the like, ScheduleOnce allows you to keep better track of all your appointments, meetings, and deadlines through a single tool. It integrates with your calendar on Google, and then allows other people to see your open times when they can schedule a meeting with you. Think of it as a one-stop-shop for your scheduling needs.

If you want to know more about these tools and how you can best utilize them, please feel free to contact us. We’ll be happy to guide you and help you make the most out of these types of applications to improve your efficiency and bottom line.

Published with permission from TechAdvisory.org. Source.

January 9th, 2012

While the massive flooding in Thailand ravaged hundreds of thousands worth of property and infrastructure, it also has had an adverse effect on worldwide hard drive production. Since the majority of the world’s hard drive factories are located in Thailand, hard drives will be in short supply in the coming months.

In the same way the massive earthquake and tsunami damaged Japan’s electronics industry, the flood crisis in Thailand is causing concern for companies that require hard drives for production.

The majority of the world’s hard drives are produced in factories located in Thailand, where the flood crisis has put a damper on many industries, hard drive producers included.

According to reports, the shortage is already driving hard drive costs up and may just be the beginning of that trend. As companies like Hewlett Packard respond to the situation, the outlook remains unclear. PC sales could be affected well into 2012 and beyond. With flooding still an issue for some producers the shortage could expand.

As of now, there is still no concrete solution in sight for the problem with the supply of hard drives in the world, and while reconstruction efforts in Thailand are ongoing, getting the hard drive industry on its feet will take a while. As for the effects on the computing world as a whole, PC prices will likely rise as pre-flood inventories are sold out and replacement stock is delayed.

Published with permission from TechAdvisory.org. Source.

January 6th, 2012

The effect of social networks on the way companies approach their business is undeniable. Some even go a step further, creating their own internal social networks to help enhance communications within their own organizations. However, for it to function best, the proper policies that govern its use should be developed.

With the waves created by social networking in how companies do business nowadays, many have also utilized the same principle to develop internal social networks to enhance their in-house communications as well. However, the use of this new medium of communication also requires that companies develop new policies to cover its use.

One concern that may leave you apprehensive about creating an internal social network might be the fear that it could be abused by employees. However, reports have shown that introducing an in-house social network has produced generally positive results.

As long as company policies regarding the use of internal social networks are developed and implemented properly, employees will view such a network as an extension of the workplace, and will try to put their best foot forward. Such policies must specifically tackle the use of the internal social network, and many experts recommend revising existing company rules that govern the use of email, IT resources, and even external social networks. To be on the safe side, it’s a good idea to consult with a lawyer to avoid any legal problems with the policy in the future.

Who’s going to be in charge? Your managers, of course. Since the social network will be for company use, it follows that department heads should be given administrative duties and permissions which they will use for moderating communications and discussions in and pertaining do their respective sections.

While an internal social network can do wonders for your in-house communications, good policies and rules pertaining to its use will be what keep it working like a well-oiled machine.

Published with permission from TechAdvisory.org. Source.

January 3rd, 2012

Passwords are an integral part of securing both IT systems and online accounts. In order to keep your system and information safe, it is important to take the time to create strong passwords that hackers and online thieves won’t easily figure out.

If you think using ‘password’ as your password is no big deal, then it’s time to rethink.

Security experts have recently compiled a list of the worst passwords users can choose, and ‘password’ is at the very top of the list. Weak passwords make your information more vulnerable simply because hackers can guess them. It may be easier to pick a password that you don’t have to think about, but it’s a choice that you may come to regret.

To help you avoid common password choice mistakes that users make, management application provider SplashData has compiled a list of the 25 worst passwords to use:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

Make a smart password choice
Experts advise using a combination of letters and numbers when creating your passwords, and to avoid things that anyone might be able to guess, such as birthdays and anniversary dates. Passwords with eight characters or more are safer and it’s best to use different passwords for different accounts and websites. Use a password manager to help you keep track of all of your passwords if you’re finding it difficult to remember them all..

No matter how sophisticated your security system is, a weak password gives hackers and online thieves an advantage. Helping all the users in your organization understand the importance of password strength will help you secure the IT systems in your organization.

If you’re interested in learning more, please contact us so we can develop a comprehensive and custom security blueprint that meets your specific needs.

Reference: Worst Internet Passwords

Published with permission from TechAdvisory.org. Source.

December 29th, 2011

A massive network of bots an estimated at least four million of them was taken down in a raid recently. Completed with the cooperation of the United States Federal Bureau of Investigation (FBI), authorities in Estonia, as well as security firm Trend Micro, this bust is the biggest cybercriminal arrest in history.

Four million is a big number which makes four million bots, in security terms, a staggering and frightening number as well.

It is a good thing, then, that four million is also the number of bots taken down in a recent bust by the United States Federal Bureau of Investigation, the Estonian Police, and security firm Trend Micro. Data centers in New York City, Chicago, and Estonia were raided by authorities, shutting down hundreds of servers used to create a network of bots that spanned some 100 countries.

The said bust, dubbed “Operation Ghost Click”, is one of – if not THE – largest cybercriminal bust in history, putting to sleep a sophisticated scamming operation that victimized 4 to 5 million users and was said to have generated at least $14 million in illegal revenue.

The scam mainly involved hijacking Domain Name Server (DNS) settings in infected computers, which can be used not only to introduce more malware into an IT system, but also to hijack search results and replace advertisements loaded on websites visited through an infected computer.

While this bust does bode well for all IT users everywhere in the world, it also illustrates the scope of influence and level of organization behind security threats. Since this is probably not the only scam / fraud / botnet operation in the world, it is always best to have a comprehensive security policy for your IT infrastructure to minimize the risk of compromising your company’s data and information.

For more details on the bust, check out Trend Micro’s blog post here.

Published with permission from TechAdvisory.org. Source.

December 19th, 2011

Security experts are predicting a rise in the use of personal gadgets to access company data which means that you will have less control over what kind of data goes in and out of your IT system. The best way to rectify this is by having a concrete and comprehensive IT policy that secures your data without compromising the freedom of your employees to use their mobile devices.

As technology continues to become more affordable and accessible to consumers, it’s an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company’s IT system.

This can be a dangerous thing. Since these devices aren’t company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It’s important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data’s security. Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don’t forget that while Android seems to have a bigger problem with malicious software, Apple isn’t exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data. If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don’t hesitate to give us a call so we can sit down with you and discuss a custom security blueprint that’s just right for you.

Published with permission from TechAdvisory.org. Source.

December 12th, 2011

A survey by StaySafeOnline.org shows some disturbing results that a large number of small business, while largely dependent on their computer systems, do not see themselves as threatened by hackers and online thieves. This results in a significant percentage of them having poor or mediocre security.

StaySafeOnline.org, a website of the National Cyber Security Alliance, has recently released a study that chronicles the cyber security practices and attitudes of small businesses. Conducted in partnership with Visa, the study shows some interesting, if not disturbing, results.

It turns out that many small businesses (about 65% of the respondents) are highly dependent on their computer / IT / data systems, where they store important information, from sensitive company financial records to personal client information such as credit card info, addresses and phone numbers, and more. However, as many as 85% believe that they will not be targeted by hackers and online thieves, and less than half have data security systems in which they are confident. In general, small businesses have, at best, a mediocre security system.

Few realize, though, that it only takes one breach to compromise a company’s finances and relationships with clients. And if you have less than stellar security, stealing from you is easier. You might not have as many online assets as big businesses, but hackers can make a hefty profit by victimizing several easy marks as opposed to bigger and riskier efforts with more secure systems of larger firms.

Don’t take a risk with important data, and don’t compromise the relationships and reputation you’ve built with your clients over the years. Good security is always worth it. If you’re interested in knowing more about beefing up your security through company policies, software, and user education, please don’t hesitate to contact us. We’d be happy to sit down with you and discuss a security blueprint that’s cost effective and custom built to meet your specific needs.

Reference: National Small Business Study

Published with permission from TechAdvisory.org. Source.

November 28th, 2011

As the worldwide use of Facebook continues to grow, more and more scams are appearing on the popular social networking website. Using promos, “interesting” links and all other sorts of strategies to trap you, a grain of salt is always needed when dealing with things outside of what Facebook offers.

As more and more people continue to use Facebook both for personal and business purposes it seems to follow that all sorts of unscrupulous individuals and groups will find ways to exploit this popularity for their own illicit benefit.

In the same way people are phished through email, hackers and scammers use similar techniques to fool Facebook users into falling for their tricks. The combination of curiosity and trust is what hackers rely on to make users fill in contact details for non-existent promotions, visit suspicious websites, or download fake software, all through Facebook. While Facebook has instituted some additional security measures to counter this threat, the consensus is that it is a generally lukewarm, or even cursory response to the issue.

What makes it worse is that you aren’t usually the first victim – those links and whatnot appear on your News Feed courtesy of a contact who has fallen into the same trap. So always be wary of events or promos your contacts invite you to join.

The most important thing is to have both the right knowledge and software to prevent getting scammed not only on Facebook, but anywhere else on the Web. Facebook is just a new medium for scammers and hackers to steal information and data and they’ll do the same thing once the next big thing on the Web comes along.

If you want to know more about Facebook scams and how you can better protect yourself both through training and the right software solutions – please feel free to give us a call so we can help you set up a more secure system for your business that’s custom-built to meet your specific needs.

Published with permission from TechAdvisory.org. Source.

 

November 28th, 2011

Managing an effective network security solution is a demanding challenge for organizations of any size. IT departments are increasingly burdened by the need to manage independent point solutions such as anti-virus, content filtering and intrusion prevention, in the face of increasingly sophisticated online security threats.

At the same time, business managers are concerned with keeping costs low and optimizing their infrastructure investment in an uncertain economic climate, as well as fulfilling various regulation requirements and ensuring business continuity through properly configured, managed and maintained security.

Many businesses are also hampered by a lack of allocated resources and the high cost of hiring full-time security experts.

These challenges demand comprehensive, affordable and hassle-free managed security services that provide enterprise-class protection to set up an equivalent in-house system at a fraction of the cost.

The Managed Security Service Advantage for Business

To address these challenges, SonicWall Inc., the leading provider of integrated security, productivity and mobility solutions, offer proactive managed security services for Managed Security Service Provider (MSSP) to enable your business to focus on its areas of core competence.

These outsourced security services provide your organization with:

  • Onsite and remote management of security services
  • 24/7 real-time monitoring, protection, escalation and response processes

Managed Security Service Providers (MSSPs) are trained to offer expert advice and affordable services related to network security management to organizations of all sizes. An MSSP can also handle system changes, modifications and upgrades.

Equipped to align your IT needs with your business objectives, the MSSP also brings specialized expertise in processes such as PCI compliance, human resources, finance and specific software applications relevant to your market sector.

Key features and benefits of SonicWall Managed Security Service

The SonicWall Managed Security Service enables your organization to gain access to leading IT infrastructure with no capital outlay and little operational expense, helping to attain rapid ROI.

The service reduces IT complexity and risks, improves operational efficiencies, employee productivity and complements your in-house IT skill sets. It provides:

1. Worry-free protection with access to security expertise and the latest technology (Next-Generation Firewall: NGFW). SonicWall network security experts help you define security policies that meet your business objectives and provide up-to-the minute protection against the latest threats.

Every NGFW solution starts with deep-packet-inspection firewall, providing a first level of defense for your network. Security modules for anti-virus, intrusion prevention, content filtering and SSL VPN add layers of protection to the NGFW under the single management console.

2. Pay- as- you-go, utility-based services
MSSP tailors service levels to suit your needs. This is based on the number of users supported, bandwidth supported with basic or advanced security, number of site-to-site VPN tunnels, frequency of reports on security incident, firewall, and network activities.

Avoid paying for more than you need with SLAs that incorporate policy and configuration changes, emergency changes and URL access controls. Depending on your unique business needs, you can add:

  • Per-case incident investigation
  • Firewall policy management
  • Anti-spam service
  • Bandwidth management service
  • Integrated and external 802.11n and 802.11a/b/g wireless access points
  • Licensing options for high-availability firewall hardware failover; encrypted traffic inspection; high-speed SSL VPN access to home or offices from anywhere; and client anti-virus protection

Comprehensive reports provide insight into attack and intrusion attempts and the cost and type of traffic being generated on a per-VPN basis. With granular understanding of network usage, you can control bandwidth and costs effortlessly. As your business requirements change, the MSSP will work with you to fine-tune your service levels and security policies.

3. Improved staff efficiency and productivity
The MSSP alleviates your need to add IT headcount, so you not only reduce internal staffing costs, but also free-up existing staff to focus on key activities. MSSPs are available 24/7 to address your IT problems, add new security services and proactively monitor network traffic to prevent downtime.

November 21st, 2011

With IT’s ever-changing and ever evolving demands, it’s important that businesses, especially those with fewer resources, be able to keep themselves up to date – and there’s no better, more efficient, and more cost-effective solution than Managed Services.

Many large businesses prefer the use of Managed Services to meet their IT needs, but many smaller organizations continue to be skeptical of this solution. Here are five reasons that will make you think twice about dismissing Managed Services:

Managed Services help control costs.
In any kind of business, it’s important to be as cost-effective as possible. Especially in IT, where unbridled or poorly managed systems cost way more that they’re worth, it’s essential to have a system that works with your budget but doesn’t compromise on quality. Managed Services is the most feasible and practical way to accomplish that, especially in the long term.

Managed Services help you deal with increasingly complex IT solutions.
With both hardware and software components of IT systems constantly evolving, businesses with limited resources may very well find themselves left behind after a while. But with Managed Services, you are able to enjoy the advantages of the latest IT solutions at a fraction of the cost – enabling you to provide the best possible service to your clients.

Managed Services give you a better, more dependable IT infrastructure.
Especially for smaller businesses, it can be tedious to maintain an in-house IT arm; and you run the risk of stretching resources too thinly, which can compromise the quality and output of your IT department. Managed Services allow you to have a stable and dependable IT arm that’s dedicated to meeting your specific needs in a cost-effective manner.

Managed Services offer more comprehensive and complete IT solutions.
More often than not, small and undermanned IT departments are more of a burden to the organization they belong to – errors are more likely to occur, response and problem solving is a slow process, and staff members are probably overworked and underpaid, making them both unhappy and less productive. Managed Services, on the other hand, are completely the opposite, allowing you to utilize efficient and comprehensive solutions that are tailor-made to fit your specific requirements.

Managed Services help you maintain compliance.
With the marketplace becoming more and more competitive, meeting different regulatory compliances has become a fundamental need. From Sarbanes-Oxley to the Health Insurance Portability and Accountability Act (HIPAA), smaller companies can often find themselves lost. It’s Managed Services that helps these companies not only fully understand the requirements of these regulations, but also comply with them.

If you want to know more about how Managed Services can directly benefit your day to day operations, please do not hesitate to give us a call – we’d be happy to sit down and discuss a custom solution that works for you.

Published with permission from TechAdvisory.org. Source.

November 14th, 2011

With social networks like Facebook and Twitter on the rise, businesses must be able to utilize them to their advantage. One social network, LinkedIn, offers unique benefits since it is specifically targeted toward professionals and businesses.

Among the many social networks on the World Wide Web today, one stands out from the pack: LinkedIn. It stands out because it is one of the few (if there are any like it to begin with) that uses the principle behind social networking but adapts it to suit business and professional purposes.

If regular social networking sites like Facebook and Twitter can help a business, LinkedIn can do so even more since it is specifically targeted for businesses and professionals. With LinkedIn, you make contacts that are more relevant to your line of work minus the clutter, noise, and nonsense compared to the more social feedback, comments, and discussions you are inevitably going to have from content you put out on Facebook and Twitter.

Another advantage to LinkedIn is that you are more likely to connect with people and businesses that help you move forward be it additional staff, suppliers, or clients. The site’s recommendation feature and referrals from other contacts will help you find what you are looking for faster. Also, you are able to better connect to people who are in your own industry or are doing similar things, allowing you to better assess what else you can do to give your business an added edge.

Using LinkedIn is a definite advantage, regardless of what business you are in. If you are interested in knowing more, please don’t hesitate to contact us so we can sit down with you and talk about various custom LinkedIn strategies that meet your specific needs.

Published with permission from TechAdvisory.org. Source.

November 9th, 2011

Over the past decade or so, the Web has simplified our hectic social and working lives to a staggering degree. The possibilities of the Web seem limitless, and even the process of arranging a dinner with a friend has been revolutionized. We can easily search for a great restaurant on review sites, find directions on Google Maps and can even make appointments with friends through social networking sites, and not make a phone call as we may have in the past.

In the past, Web has been developed from Web1.0, which is only used to present information to people but doesn’t allow user interaction. However, many Websites are now using Web2.0 to simplify processes including payments, meeting online or E-commerce. Though it has certainly made life simpler, it is still vulnerable to intrusions and exploitation from hackers.

Normally Web attack patterns are made by a hacker to steal user’s data or to try to interrupt the services on a Website. Problems can arise if the user opts for the same username and password for authentication on several Websites, so even if a Website keeps a user’s information secure, when another credential is hacked, the hacker can use the information found and apply it to other Websites for credit card or banking information. It’s hard to restrict users to different usernames and passwords on every site, but it is important that Websites are protected and can detect potential attacks.

Currently, high-tech devices such as Firewall, Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) cannot efficiently protect Websites from these threats. Just like sending a letter out to a Website, normally the Firewall will be visible only if the letter is sent to the legitimate destination. When a Website is accessed or attacked, it usually passes through port 80/TCP (HTTP) and 443/TCP (HTTPS), which makes it hard for a normal firewall to protect and block the usage of the Website. IDS/IPS has similar issues, as it is also only able to “send a letter”. However, both Firewall and IDS/IPS technologies have proven that they are not able to know if the letter contains an inappropriate message or malware attacks to the receiver (Web server) or not. That’s why Web Application Firewall (WAF) has been developed. It detects the information inside the letter, compares it to the letter sent out from the mailbox then opens the letter to check the information inside. When WAF has found there is no harmful information WAF will forward the letter to the Website securely. Additionally, WAF has the potential to help Websites manage these letters. When the amount of letters sent exceeds the limit, WAF has the ability to hold the letters or even discard them. This helps the receiver (Web server) to read the letters and to work on service processes more efficiently.

By blocking or receiving the workload from the user to Website, WAF can make Websites’ processes more comfortable and reduce the administrator’s concerns. Large companies have either a Web developer team, an independent Web server administrator team or they outsource someone to develop Websites as a one time job, but when the contract expires and attacks occur, the responsibility will turn to the system administrator to control, maintain and solve the problems themselves. If their knowledge of Web programming is limited, this can make protection and problem-solving hard and time-consuming. This costs not only the user’s data on the Website, but it will also cost the Website’s reputation in terms of confidentiality.

WAF works to protect and filter attacks from a hacker efficiently because it can be tuned to suit various Websites. Because WAF has the ability and awareness to identify attack patterns, it can also anticipate future threats and keep Website as secure as possible.

November 5th, 2011

With more and more businesses using online banking for its convenience and ease, more and more hackers and cyber-thieves are also making it their mission to infiltrate and manipulate these transactions for their benefit. More than ever, it is important for businesses to ensure that they have the proper security protocols in place to prevent cyber-theft.

Online banking is a tool that many businesses utilize because of the ease, efficiency, and convenience it offers. Especially when it comes to small and medium-sized businesses, online banking is a great way to manage and track finances for day-to-day operations.

However, the increase in online banking also has the unfortunate effect of luring unsavoury parties such as cyber-thieves and hackers who target and steal from the businesses who use it. This is why security experts are urging companies to beef up their security systems to keep them safe from cyber and identity theft. The more companies rely on the internet, especially when it comes to managing finances through online banking, the more prudent it is to take steps to prevent that hard-earned money from being stolen.

One tip experts give is to establish proper protocols for transacting with the bank, such as requiring two people to verify a transaction before it is approved. This helps create a checks-and-balance system that hackers will be hard-pressed to get around. Having a dedicated workstation used for only online financial transactions is also recommended, as this lessens the likelihood of it being infiltrated by Trojans, viruses, spyware, and other malware that may come from the machine being used for other purposes. Having the right anti-virus and anti-malware software as well as regularly updating it can also go a long way in keeping your online banking transactions safe from unfriendly eyes.

Your finances are the lifeblood of your business, so if you are interested in how you can make your online banking experience safe and secure, we’d be happy to sit down with you to discuss security solutions that are tailor-fit to your specific requirements and needs.

Published with permission from TechAdvisory.org. Source.

November 1st, 2011

The knee-jerk reaction to Facebook of most businesses is to throw it out the door. But many companies also need to realize the value of using a massive social networking platform like Facebook to help the business grow and put itself out in the market more.

When it comes to Facebook, the usual default attitude of businesses is to shun it completely. And while there is merit to the argument that social networks, Facebook especially, can hamper and derail productivity in an organization, there is also a lot Facebook can do to help your business grow.

Reports cite that as many as 800 million people around the world are on Facebook that’s a larger-than-life audience that makes marketing experts giddy with excitement. When you think about it, Facebook presents a huge marketing opportunity for you and your business to connect with a lot of people who may become potential clients in the future. Think of having a Facebook page as a mini-website of sorts, one that supplements and complements your main website.

Since it’s a medium to establish rapport with potential clients, experts suggest that a business Facebook page must contain more interesting content related to your business, of course designed to attract readers and visitors, rather than hard-sell information about your products and services. Your Facebook page serves as a complement to your website, not a duplicate of it. If you consistently serve up interesting and useful information, people will then go to your website to see what you’re all about.

Also, don’t hesitate to establish more personal relationships with people who visit your Facebook page the ‘likers’ and the people who comment and ask questions. Answer queries promptly and make yourself visible. One of the points of having a Facebook page is so people won’t feel intimidated by a stiff corporate front a Facebook page tells them that you’re a company that’s willing to hear them out and listen to what they want.

If you want to know more about how to use Facebook pages to help your business grow, please give us a call and we’ll be happy to sit down with you to draw up potential strategies to increase your online presence and potential client base.

Published with permission from TechAdvisory.org. Source.

October 3rd, 2011

Studies and news reports are showing a marked increase in the number of small and medium-sized businesses that are being targeted by hackers. One major reason for this is their general lack of security systems, making them very vulnerable to theft.

In physics, there’s a concept called ‘the path of least resistance’. The meaning is plain enough objects that move in a system take the path where they will encounter the least challenges and hurdles in order to quickly move to wherever they are going.

Apparently, the same principle applies to hackers nowadays. Instead of targeting larger firms for that big ‘score’, hackers are now considering it more feasible and much easier to victimize smaller firms and companies, even for a much smaller amount of money.

Why is that? First, smaller companies generally have much more vulnerable IT systems. Security is minimal or average at best, and the hackers don’t get as much heat or attention when compared to trying to breach the much more complicated, state-of-the-art security systems of bigger firms and businesses. Take a small newsstand business in Chicago: cyberthieves were able to install a Trojan in the cash registers which sent swiped credit card numbers to Russia. When the jig was discovered, Mastercard subsequently demanded an investigation – at the expense of the business owner – and the proprietor had to shell out a hefty $22,000.(i)

A survey in the United States reveals that more than half of small or medium-sized businesses believed that they ran no risk of being victimized by hackers, and less than half of the respondents had security systems in place.(ii) That looks like a path of least resistance, as far as hackers are concerned.

The loss of a few thousand bucks may not be much for a big business, but it can make a significant dent on the profits and sustainability of smaller organizations. And in the case of implanted viruses that steal credit card information, your reputation can also take a big hit. So if you want your business to stay truly safe before it’s too late, please contact us so we can discuss options and blueprints to make your business secure.

References: (i) and (ii)

Published with permission from TechAdvisory.org. Source.

September 28th, 2011

With Microsoft’s move to transition users to the newer Windows 7 and Windows 2008 R2 platforms through XP support discontinuation announcements, it may be high time to start thinking of an upgrade and how you can execute it efficiently and cost effectively.

One of the standard expectations when using technology is the inevitable need to change and upgrade. Technology moves forward on the principle that things that already seem great can be made even better and more often than not, the improvements are worth the change.

This principle applies to the operating system and SMB platform you may be using now. While it may have served you well so far (after all, if it ain’t broke, why fix it, right?), that doesn’t mean that things can’t get any better and in a measureable way that improves your productivity. With systems like Windows 7 (which isn’t exactly ‘new’, since it’s been around for a good while) and Windows 2008 R2 gaining ground in the market and proving their worth, it may be time to start thinking about moving up and upgrading your current software.

Here are some thoughts to start the ball rolling: studies and tests have shown that Windows 7 and 2008 R2 outperform their predecessors in almost every conceivable situation. And considering Microsoft’s recent announcement that they will discontinue support for Windows XP by 2014, the possibility of needing to upgrade becomes more pressing. Like it or not, you will eventually get left behind as technology marches on.

Of course, we realize that it’s not as simple as waving a magic upgrade wand and that’s that. It’s important to understand the way you do business in order to accurately assess how an upgrade will affect your operations. So please contact us and we’ll be happy to sit down with you and find ways to implement an upgrade in the most efficient and cost-effective manner possible.

Published with permission from TechAdvisory.org. Source.

September 26th, 2011

Will the Windows Desktop PC become extinct? Is it going the way of the dinosaur? Are we seeing the beginning of an era in which a new wave of devices and operating systems will dominate the computing world? Read on and weigh in with your thoughts.

Last year, Steve Jobs, then CEO of Apple, proclaimed the beginning of what he called the “post-PC” era. This, just after news of stellar numbers for Apple, surpassing Microsoft in market valuation for the first time in recent historylargely on the back of strong sales from its iPhone and iPad computing devices, threatening to displace the market for traditional desktop PCs according to many analysts. In some ways this is an ironic turn of events, considering that it was this same CEO and company that ushered in the PC era to begin with, more than thirty years ago.

But in that era, it was really the IBM PC that was the iconic symbol of that period. In August of this year, the IBM PC celebrated its 30th anniversary, which was introduced nearly five years after the arrival of Apple’s own desktop devices. But again in an interesting turn events, for nearly twenty of those thirty years, it was actually Microsoft and Intel, and not IBM, that reaped the benefits of the success of the PC device. It was Microsoft’s Operating System and Intel’s chips which earned the lion’s share of profits from the rise of the Desktop PC, not the manufacturers and assemblers. And as PCs decline as Steve Jobs predicted they will, this has prompted even the largest PC manufacturers such as HP to reassess their future.

But is the PC truly dead, if not dying? Even one of the IBM PC’s original inventors thinks so. In an interview with IBM Executive Mark Dean, who was one of the IBM PC’s original engineers, he predicts a day when the desktop PC will go the way typewriters did when desktop PCs came along. They will still be around for several years, he says, but in the future people will primarily use handheld or mobile PCs for work and play.

That may be true, but the future is not here yet. Earlier, Microsoft gave a statement that it still expects over 400 million desktop PCs running its operating system to ship this yeara business well worth over $19 billion dollars for the company. There are still several things that a Desktop PC, in particular those running Windows, can do better than handheld or mobile devices today, such as:

  1. Running business applications. Although many applications may be moving to the cloud, many business-critical applications such as accounting and financials, operations, project management, and customer management still require a Windows PC.
  2. Content creation. Have you ever tried to create a blog post, edit a photo, or animate or render a movie from a tablet? It may be possible but it’s still not easyeven for the pros. Most will still be doing their work on desktop workstations for still several years in the foreseeable future.

Do you agree? Are we in the beginning of a post-PC era or do you think it will be a PC-plus era as Microsoft believes? Weigh in and let us know!

Published with permission from TechAdvisory.org. Source.

September 22nd, 2011

login-page-with-padlockHaving difficulty keeping track of all your online passwords? Here are some tools that may help you manage and make sense of the different passwords you have for your favorite social networking sites, blogs, phones, photos, games, documents, news, bank account, expenses, stores, books, and dozens of other services where a secure password is critical.

A few months ago, news and social networking sites warned users of the website RockYou that their account and password may have been compromised. Security firm Imperva warned users that a hacker may have made off with an alarming 32 million accounts from the social gaming website. While this is nothing new, what’s interesting is the results of the security firm’s analysis of the accounts and passwords stolen.

From the data that they were able to gather, it seems that a great number of users still tend to use insecure passwords for instance, passwords with lengths equal to or below six characters (30% of users), words confined to alpha-numeric characters (60%), passwords that include names, slang words, or dictionary words, and trivial passwords (consecutive digits, adjacent keyboard keys, and so on–50%). These types of passwords can easily fold in the face of automated brute force attacks designed to guess users’ passwords.

The reason these sorts of insecure passwords continue to be used may be simple. It’s just too hard to track all of the online accounts we have, especially as more and more specialized services are introduced and become popular. While in the past users may have only needed to memorize their email and possibly their bank’s password, today they must contend with passwords to access each of their favorite social networking sites, blogs, phones, photos, games, documents, news sites, bank accounts, expense tracking services, stores, books, and dozens of other online services.

The question for many is how can we possibly remember all of these passwords, especially if we’re using different highly secures ones (that are therefore not easily remembered) at each site as recommended? Here are some quick tips to help you be able to recall and easily manage them:

Use desktop password management tools. There are several desktop tools available that can help you manage and safely store your passwords by requiring you to download software that stores your passwords encrypted on your hard drive. You only need to provide one “master” password to access the rest. Examples of such tools include Keepass, LastPass (free and fee versions are available), 1Password for Macs, and more. These tools give you the feeling of security since your password information is stored solely within your device – but be aware that should that device get lost, stolen, or hacked, you can lose your password information as well as open yourself to attack.

Store your passwords in the Cloud.
An alternative is to use password managers that are solely accessible online and are hosted in the Cloud. These work the same way as desktop password managers but with the extra benefit of not having to download and install software on your PC. Another advantage is that they are available on any device or system as long as it is connected to the Internet, and losing your device does not put your passwords at risk. Examples are tools like Clipperz and LastPass. Be warned, though, that these sites can themselves be hacked, as LastPass experienced a few months back.

Use Browser Plugins. Some tools work as add-ons for your browser. Examples of such tools are many. Some generate passwords on the fly, some store the information within your PCs, and others store it in the cloud as well as sync it to your device. These services offer a compromise between solely desktop bound password tools vs. purely online ones. They are however often tied to the browser you use.

Trust a single site with your Identity. Another alternative is simply entrusting the security of your online identity to a single provider who hopefully has the resources to manage it in a more secure manner than you can on your own. These include large sites like Facebook, Google, and Yahoo, which often allow many third-party sites to use your identity at their own sites with your permission. If you don’t trust these sites, you can manage such an online identity on your own from sites such as OpenID. This way you only need to secure and manage one password and identitywhich shares this to other sites as you see fit. The disadvantage of course is that not all sites may use or be compatible with these federated identity management systems. You may also have to consider the possibility that these large sites may become compromised themselves.

Managing your passwords can be a pain. Hopefully these tools can help you do so more efficiently and more effectively. Do you have other suggestions? Do you need assistance in setting these up for you or your company? Let us know we’re happy to help!

Published with permission from TechAdvisory.org. Source.

September 19th, 2011

man on the phone with surprising faceA new scam has been making the rounds recently scammers calling through the phone and posing as people from Microsoft, scaring victims into paying for bogus services and stealing their credit information. These fraudsters can be very persistent so it’s important to always be alert and informed.

You have to give it to scammers for constantly finding new ways to victimize people. One such new scam has been making the rounds recently, and more than a few people have fallen for it. This particular modus operandi involves a person calling you claiming to be from Microsoft customer support, and insisting that you have a virus or that you need to install a certain program to help speed up your system.

Actually, Microsoft will NEVER call you up unless you ask them to. And when they do call, they will not ask for credit or personal information, and they will always have a support reference number assigned to you which you should already have beforehand from filing a report or request for support from Microsoft. While it’s possible that Microsoft MIGHT call you unsolicited if they have a new promotion or products, but they’ll NEVER call to alert you regarding the status of your computer system.

Knowing scammers, it’s highly likely that you’ll see this scam applied in various forms in the near future a call from your bank, credit consultant, or even IT support. The best thing is to have the proper security protocols in place so you can verify the identity of the people who will call you, as well as keep your system safe.

Having the proper security system in place will do wonders for your business not to mention your peace of mind. And it’s not just in terms of hardware or software: don’t discount the human factor as well. Please give us a call if you’d like to know more, and we’ll be happy to discuss a security system that’s tailor fit for your specific needs.

Published with permission from TechAdvisory.org. Source.

September 16th, 2011

Consumerization is the trend in which new information technology first makes waves in the consumer market, and its popularity then prompts businesses to adopt strategies to incorporate it into their processes. But the real questions are: how does it really affect your business, and what should you do about it?

“People say you have better technology at home than at work. That’s true. Thirty-seven percent of U.S. info workers are solving customer and business problems using technology they master first at home, then bring to work.”i

So says Vahé Torossian, corporate vice president of the Worldwide Small and Midmarket Solutions and Partners (SMS&P) group at Microsoft. His comment illustrates the growing trend in IT referred to as consumerization, which is when new IT comes out first in the consumer market and is then adopted by business organizations.

With more and more organizations adopting this trend, many companies find it hard to catch up with everything else that comes with the package. For some, consumerization works fine and is beneficial, but there are also those whose operations become more open to risk because of it.

It’s become quite clear that, at the very least, companies need to look at both the short and long term effects of consumerization on the way they do business. Studies should be completed on its effects, and policies need to be developed to properly address the trend. The benefits can be significant, but the risks such as the increased vulnerability of your system due to decreased security when work is done outside the office can pose a serious threat as well.

While the general consensus is that new trends mean better business, it’s the way you handle the details that determines how they affect your organization and your productivity which is why it’s best to fully understand the trend and its impact on you. We encourage you to give us a call so we can sit down with you and discuss strategies and policies you can use to respond to consumerization based on your specific needs.

i Reference

Published with permission from TechAdvisory.org. Source.

September 12th, 2011

In today’s increasingly hyper-connected world where anyone can easily post photos, videos, and other personal information about themselves online for everyone to see, it’s becoming more and more important to be smart about exactly what and how much to post online. After all, what you put up in cyberspace today (such as those raucous pictures of last year’s Christmas party) may come back to haunt you later on.

There is no denying that the Internet (and especially online social media such as blogs, Facebook, and Twitter) has brought about great change in people’s behaviormany of them for the better. These tools have allowed easier information sharing, greater collaboration, and the fostering of communities like never before. However, these tools also have a darker side, and if not used properly they can be a source of problems for you or your organization later on.

One problem is how these media can potentially misrepresent you or your organization. Online, the line between the personal and the professional can get blurry, and the moment you do something inappropriate, even during your personal or private time, whether right or wrong, it can affect how you are perceived. It’s becoming more common to screen the personal profiles of job applicants or potential business partners, and an inappropriate picture or even a little tweet can leave a damaging mark on your reputation.

Engaging in inappropriate behavior even behind the cover of anonymity can also be problematic. Examples include commenting in blogs or forums where you obviously have a vested interest. There are countless stories of unscrupulous people or businesses that clearly mislead others by posting good reviews or endorsements about their business, product, or service, only to have their real identity discovered later on. If you must do this, it’s better to be up front and honestand disclose any vested interest so you won’t be judged poorly later on.

If you must express an opinion, weigh carefully how it relates to your work and your career. If you are identified with an organization, be clear about whether you have the authority to speak on its behalf. If you don’t, state clearly that you are speaking on your own behalf by providing a disclaimer. This can come in handy later if your employer happens to see your posts online. An example disclaimer might be a statement similar to this: The opinions expressed here are my own and don’t necessarily represent my employer’s position or opinion.

Be sure to also respect the ideas, privacy, and property of others. You would not want to be called a plagiarist or a thief. Online etiquette requires that you provide references, links, or attributions to the ideas or material you use that are not yours. When in doubt, get permission first. It’s always better to be safe than sorry.

These are simple guidelines for conducting yourself and your affairs online. To share your own experiences, ideas and thoughts, or just to provide feedback or suggestions, drop us a line we would love to hear from you!

Published with permission from TechAdvisory.org. Source.

September 8th, 2011

Microsoft has introduced into the market a nifty little cloud-based service called Microsoft Office 365 that allows users / subscribers to have access to Microsoft products without the hassle of needing to update and maintain software. Since it’s also in the cloud, it offers additional advantages to those who work on the go.

Small businesses now have the option to subscribe to a new service from Microsoft called Office 365. A cloud-based service that offers a particular set of Microsoft products based on different plans, Office 365 is designed to be a more manageable and cost effective means for smaller businesses to enjoy all the advantages of using Microsoft products without worrying about software maintenance and updates all the time.

Included in Office 365 are the set of Microsoft Office desktop applications as well as Microsoft’s Server products (hosted versions) which include Exchange Server, SharePoint Server, and Lync Server. All these are delivered and accessed through the Internet.

Depending on the needs of a particular organization, Office 365 offers several plans companies can subscribe to. Whether you are a mid-sized business with an internal or partner-supported IT arm, or a smaller one completely without dedicated IT staff, or even an educational organization, there is an Office 365 plan (plus add-ons) for you. Office 365 can also be accessed virtually anywhere and with any device, which allows for maintained or even increased productivity because of the ability it affords the user to work when on the go.

If you want to know more about how Office 365 can improve your business or organization, please do not hesitate to get in touch with us. We’ll be more than happy to discuss the impact of Office 365 both short term and long term on the way you do business.

Published with permission from TechAdvisory.org. Source.

September 5th, 2011

The use of Facebook, Twitter, LinkedIn and other popular social networking websites is simply exploding. More and more people are spending time on these siteseven when they are at work. Should your company do something about this? Read on to find out.

The use of social networking websites such as Facebook, Twitter and Linkedin is exploding, with some using them even while in the workplace. While these sites offer work-related benefits such as fostering better workplace communication and collaboration, they also expose the organization to risks as well. Some of the risks borne out of social networks include the mundanesuch as potentially embarrassing the company through inappropriate posts online, to the serious—such as security threats via viruses and malware or through the inappropriate sharing of proprietary or confidential material. This begs the question: are companies properly managing the use of social networking sites of employees at work?

In a survey recently published by the Society of Corporate Compliance and Ethics with the Healthcare Compliance Association, it was discovered that for most companies, this was clearly not the case. With a sample of almost 800 respondents from for-profit, non-profit and government organizations, the survey revealed that half, or 50%, did not have a policy covering the use of social networking sites at work. Of those companies that do have a policy, 34% include it in a general policy on online usage, and just 10% specifically address the use of social networking sites.

About half of the respondents also reported that their employer also does not monitor the use of these sites, or at best has passive systems in placeusually being done by their security department. Yet despite this, a significant number, nearly one fourth of those surveyed, or 24%, report that their organization has had to discipline some employees for improper use of these sites.

Despite the suggestion from the research that a lot of companies do not yet have formal policies and governance systems in place to manage the online activities of employees in social networking sites, it suggests that over the long term it is something that they should do. Employees may be engaging in risky activities that the company is not aware ofand therefore, as with other online activities such as email, should be managed properly.

Do you agree? Or do you think that the fears of some organizations are bigger than the actual risk? Let us know. We help companies understand more fully the risks associated with online activity and how to better monitor and manage them. We would be happy to speak with you on this subject and help you make sure that your data and systems are safe.

Published with permission from TechAdvisory.org. Source.

September 1st, 2011

A recent survey on the perception of cloud computing shows that almost half of small businesses are unconvinced of the benefits that cloud computing can offer. With better and easier IT management through the Internet as well as features like secure off-site data storage, cloud computing is at least worth a second look.

A recent survey by Newtek’s SB Authority Market Sentiment shows that almost half of small businesses do not see how cloud computing can cut down on costs and help increase their productivity, with an additional 32 percent still unsure about the whole idea.

At the very least, what these results show is that there is a pressing need for a more widespread and comprehensive information campaign about cloud computing. While many companies see the cloud as a mere fad, there’s much more to it than meets the eye, and what it offers can make a definite and concrete difference in the way a business conducts its operations.

What sets cloud computing apart from other hosting services is the way it’s managed and used. Management is handled completely by the service provider, and subscribers can adjust the specific features they use and pay only for those, similar to how on demand IT services work. Cloud computing usually also includes virtual data storage, with most if not all data stored off-site and in the cloud service’s servers.

Of course, the way the cloud impacts each particular organization will vary, and how it will affect your business in the short and long term depends on your needs and requirements and whether you even need it in the first place. There are pros and cons to any cloud-based service, but at the very least it deserves some serious thought.

If you want to find out more about cloud computing and how it may affect your business, please give us a call and we’ll be happy sit down with you and discuss any issues and concerns you have, and help you determine whether the cloud is right for you.

Published with permission from TechAdvisory.org. Source.

August 29th, 2011

Email plays a big role in the way people do business. Whether you work from a fixed location at an office desk or from a mobile device on the go, the kind of email you use can define your level of productivity. Are you sure that the email system you are using is the right one for you?

Whether you work from an office or are productive while on the go, email most likely plays a big factor in the way you go about your business. Unbeknownst to many, some types of email systems have certain limitations that by extension can also limit the level of productivity of your business, and especially for people in the organization who must also work while out in the field.

One major issue for many people is synchronicity. Many people need their emails to be accessible on their mobile phones, PDAs, or other mobile devices, and they need them to be properly synchronized with their desktop workstations. The need to constantly update conversations and email threads from mobile devices to desktops with certain types of email can prove to be tedious and unproductive– and some email system types don’t include this ability at all.

Depending on the way you use your email, especially when on the go, having full access and full control of your account can define how productive you and others in your organization can be. Besides providing a much better degree of synchronization and integration with mobile devices, certain types of email systems also have features for sharing and collaboration features that allow you to set schedules and share files from your mailbox, as well as central storage for emails that allows you to access your account seamlessly with any mobile device, regardless of where you are located.

Of course, having a full-featured email system might not be best for everyone. The key is to know whether adapting a more bare-bones system is cost-effective for your business (especially in the long run). Sometimes the top of the line may be needed, and sometimes all you need is a bit of tweaking on your less fully featured system. Not sure which is best? Call us and we’ll be glad to sit down with you and assess what kind of email system is best suited for you and your business.

Published with permission from TechAdvisory.org. Source.
August 23rd, 2011

Someone, somewhere could be talking about you or your company, anddepending on what’s being saidit can be either helpful or damaging to you or your business. This is of special concern in the online world, as the proliferation of websites and social media tools make it easy to share opinions with the world. In this article we point you to tools and online resources to help monitor and manage what’s being said about you or your businessand thereby build or defend your reputation.

Besides your own eyes and ears, there are plenty of toolsfor free or for a priceavailable to help you monitor your presence online. The simplest of these is your familiar search engines such as Google or Bing. By simply searching online, you can find where your name or your company’s name appears in various websites. With Google in particular, you can set up “alerts” which will email you when a specific word or term appears in their website index.

What words or terms should you use? Start with your name, or your company name, then try the name of your products and/or services, and maybe even the names of your employees, directors, and other stakeholders. It might also be helpful to search for the competition as well. As results come in you can refine your search by expanding or narrowing the scope of terms you would like to search or be alerted on. If you want to be able to search across all different search engines and not just one or two, you can use Monitor This.

Next you can use specialized website or social media monitoring tools to search only specific sites or services as opposed to the entire Internet. One example is Greplin, which allows you to search all of your accounts or accounts that you own. This is very helpful to be able to execute highly filtered searches on specific information in your Facebook, Twitter, or LinkedIn accounts, or your blog. Another option is Rollyo, which allows you to set up your own specialized search engines that cull content from public or open websites of your choosing.

Other more generalized tools include RSS feed readers—which allow you to consume news or information feeds from news sites or blogs. Examples include Newsgator.com, Bloglines.com, Google Reader or Pluck.com. Other generalized tools include those that monitor specific newsgroups or message boards like BoardReader.com, ForumFind.com, Big-Boards.com, BoardTracker.com, iVillage, Yahoo Message Boards, and MSN Money. Still others track changes to content of specific sites (Copernic Tracker, Website Watcher and WatchThatPage.com), as well as their domain information (DomainTools.com and BetterWhois.com).

The really interesting new services actually give you an explicit idea of the status of your reputationespecially if you are a relatively well known name or your business has an established brand. In this category are sites like Amplicate, which monitors general feelings or impressions about brands, businesses, or services; Klout, which tries to measure the influence of individuals based on their social interactions; and SendLove.to, which focuses on celebrities and media personalities.

There are literally dozens more tools you can use to monitor and manage your reputation online. To find out more, a great resource is here at the Duct Tape Marketing blog. If you have any additional suggestions, feel free to let us know!

Published with permission from TechAdvisory.org. Source.