• Protecting your IT equipment from theft whether its your own employees or from being burglarized. This can simply be done by using anti-theft products for computer security to protect laptop computers when traveling or using a mobile office. It is also recommended the businesses install tracking software on your computers to allow for tracking in case of workplace theft.
• Securing remote access is to begin by carefully evaluating your employees’ need to connect remotely, and only granting access on a per-user basis. It is also recommended that your business provides better security for users who work from home or another static location by implementing caller ID verification or setting callback security. It is also recommended that you have a system to verify user authentication.
• Prevent data theft by using removable devices such as a USB drive also known as a jump drive. You’ll want to ensure that the data is always in a secure location whether it be in a workplace safe or with the individual(s) at all times.
• Protect your workplace for cyber security threats by using encryption. Encryption allows for the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. It is essential especially with wireless communications. Encryption is also necessary for any kind of sensitive transaction, such as a credit-card purchase online, or the discussion of a company secret between different departments in the organization.
• Protecting your business or corporate website for security threats.
• Avoid risk when selling your commercially on any auction website such as eBay.
• Controlling unauthorized individuals access to critical business information via internet and network security.
• Preventing business fraud and identity theft will by vigilante with your business network and security protection.
• Remembering as a business its your duty and obligation to comply with the Data Protection Act.

About the Guest Post Author: This is a guest post by jian, who is active blogger and a member in Kumon. She writesvarious articles on technology and on personality development. Her last read article is “how to become a tutor” on Kumon.

No related posts.

Documents that are transferred in clear text can be captured and data can be transmitted to a third party. The same is true for passwords. Data breaches occur when HTTP sites are not secure. HTTP with SSL encryption should be used to transfer sensitive data across networks. Banks often use this protocol. If data is not secured, the information can be intercepted by hackers at the stop intervals on servers when traveling over the Internet. Even MySQL and Telnet do not protect company sensitive data.

How to Encrypt Email

There are two ways to encrypt an email. The email can be encrypted at the email server and at the email client. Experts recommend that business owners encrypt the message during transmission and storage. A web-based client with a HTTPS login is one solution to this problem. When the browser is secure, a padlock will appear in the lower right hand side of the browser. Both Outlook and Thunderbird have the SSL encryption available.

PGP encryption is another method of data security. This method of data security requires digital certificates. Thawte, Ascertia and Comodo provide the user with private and public encryption key to send encrypted messages. Only people who sign up for the service with a public key can decrypt private messages.

Services such as Hushmail offer additional security features to assist secure document transmission. “Send” also allows a client to send and receive secure messages without creating a new email address.

These types of email clients are more intuitive to use than PGP encryption. Clients can easily convince others to sign up for these email protocols so that your company can ensure that the documents are sent securely. For larger files, other solutions are available. Many companies use FTP alongside SSL/TLS encryption to ensure that larger files are sent fast and secure. FilleZilla Server is one FTP client that handles larger files. This particular file on requires to install and configure.

Other online services allow clients to send documents securely without actually hosting an FTP service on a server. This includes ShareFile, Hosting 4 less, Microsoft’s SkyDrive or Box.net.

Content Raven is another application that allows clients to share confidential documents securely on mobile devices. The documents are compatible with iPhone, iPad, Android and Blackberry. Content Raven uses four different applications to accomplish this task. Content Raven will securely transmit video, Microsoft Office documents and PDFs.

The application works with businesses 24 hours per day and seven days per week to decrease the company’s risk for malicious attacks that may result in lost revenue. The application can not only send and receive securely, but also track the progression of documents as they travel through the business.

Why Do I Need an Encryption Device?

Clients that are not convinced they need encryption should try devices such as EffeTech HTTP Sniffer and SniffPass to determine how easy it is to hack into someone else’s passwords. After using this application, companies will recognize how easy it is to recover a person’s password and quickly move to a more secure network. Demonstrations such as these occur daily. Companies must communicate the importance of sending data securely, especially Social Security Numbers and other company sensitive data, that could compromise the integrity of the company.

Many physicians also share patient data via mobile phones and iPads. To keep patient data safe, it is important to use secure networks and email protocol to send documents. Compromised patient data could result in major lawsuits that could be detrimental to a small practice. Physicians in the practice of transmitting patient data via a mobile device should ensure that emails, networks and other web-based applications are encrypted according to HIPAA standards.

Conclusion

Sending documents securely is easy with the proper application. Web-based applications are preferred, because they do not require a server to transmit the data. Clients simply log onto the server and send documents securely almost automatically.

About the Guest Post Author

Tom Demers is a frequent contributor to a number of online publications from tech publications to senior care blogs like Assisted Living Today, a leading provider of news and information on senior living which features a database of assisted living properties, such as assisted living facilities in Texas.

No related posts.

Determining the Level of Security You Need

The level of security you need depends on who will be viewing your business documents on a regular basis. If it is exclusively you and your fellow co-workers or employees, you need a different level of security than if you are allowing documents to be viewed by people outside the physical confines of your business. Make a list of who you want to have access to your documents and the common methods you use to disseminate information between employees, other businesses, clients and customers. Ask yourself the following questions:

• Who can view your documents and how?

• Are your documents available through your business’s intranet or more widely available through the Internet?

• Do you allow access to your documents on your company’s website through password protected access for company employees?

Information Contained in Your Documents

The most important part of determining what level of security you need is the type of information typically contained in your company documents. If your company files contain sensitive employee information such as Social Security numbers, medical information, insurance information, and other private information you should consider a high level of document security. Legally, you are required to offer a certain amount of protection when it comes to personal employee information. If you are not sure who can access your company’s information, go for a higher level of security to avoid potential security issues.

Do You Want to Let Users Change Information?

Decide how interactive you want your documents to be when they are viewed by either your employers or clients. You can choose security options that allow the user accessing those documents to make changes or you can choose a setup the prohibits any changes being made to documents, except by those authorized to do so.

Peer-to-Peer File Sharing

Peer-to-Peer technology is common among many businesses these days, but has poses some risks. P2P technology makes it easier to share document and video files. It can also be used to conduct phone conversations. Files can be accessed by anyone who joins the network as long as they have the correct software. P2P can be a good way to share information quickly, but poses an increased security risk. There are ways to minimize security risks associated with P2P file sharing.

• Delete sensitive information that doesn’t need to be saved in this way.

• Restrict where files containing sensitive information can be saved.

• Reduce or eliminate the use of PSP file sharing on certain computers used to access and store confidential or sensitive information.

• Monitor your company’s network for unauthorized P2P programs.

• Block access to P2P programs by creating network firewalls or perimeters.

• Train all employees on how to properly use file sharing software.

Monitoring Your Network

Even if you choose to ban P2P programs, those accessing your network may still make an attempt to install them. Therefore, it is important to monitor your network on a regular basis for suspicious activity. Consider using administrative security controls to block who can access network sites. Sites can be filtered based on URL, file name, IP address or content. Install tools that keep track of all files installed on your network. Review your activity logs on a daily basis to scan for any unauthorized activity.

Protecting Sensitive Information

Regardless of how your documents are saved or stored on your network, you still need to develop a plan for protecting sensitive information. Restrict location where files containing confidential or sensitive information can be saved or copied. Network servers can be configured to create barriers to certain information. This allows for more widespread use of P2P file sharing programs since these programs do make it easier to share information to effectively run your business. Avoid using file names that make it clear what the file contains, especially when it comes to sensitive information such as employee files.

Establish a clear policy when it comes to document security at your business. Make sure all employees are aware of this policy and follow it anytime they post or access documents. Clearly define your security needs. By evaluating your needs you can establish a level of security that allows you to run your business without constantly worrying about security threats.

Guest Post Author bio

Stacy Gianakura writes for Brainloop, a company specializing in creating a highly secure workspace through secure online document sharing, information rights management, and other data protection services using the highly secure Brainloop dataroom environment.

No related posts.

Here are 12 tips for staying safe when shopping online:

• Look for physical addresses and telephone contacts, particularly for the smaller retailers.
• When entering credit card details, look for a padlock symbol on the bottom of browser or web address bar as it will mean that the retailer is using SSL, making it harder for your information to be cracked
• The website address should have the letter ‘s’ at the beginning – https:// instead of http:// when you are typing your credit card details
• Check the merchants’ certificate and padlock via the browser to get more information about sellers particularly from the smaller and less well-known sellers.
• Read other shopper’s opinions if you are unsure about the reputation of the merchants
• If you get a warning about a certificate, be cautious as the padlock doesn’t say anything about the business’ ethics. Look for more information about the company via the internet.
• If it’s too good to be true, it normally is. So make sure you check for more information across the internet to see if anybody had experienced any problems
• Keep your browser updated as it will feature up-to-date certificates and updated security features to protect you from scams
• Wherever possible, use credit cards instead of debit cards as you will be protected by the banks if you have suffered from any frauds.
• Check your bank statements regularly and keep an eye on any unusual transactions. If you have spotted anything out of ordinary, report it to the bank immediately.
• Make sure that the internet connection and Wi-Fi are you are using is private and not shared with anyone. At the same time, avoid using public Wi-Fi unless they are from known networks like Starbucks.
• It sounds very easy but use strong and unique passwords for each accounts that you open online.

About the author: This guest post has been written by World of Deals who promotes daily deals including electronic deals and laptop deals.

No related posts.

Patch management involves obtaining, testing, and installing several patches to the computer system in order to keep it safe against malware attacks. The tasks carried out during patch management include: keeping up to date on which patches are available, determining what patches are right for your system, making sure that these patches are properly installed, testing your system after installation, and documenting all related procedures.

Patches are issued to address a number vulnerabilities including:

• Known vulnerabilities in Operating Systems,
• Bugs discovered in software programs.

Hundreds of vulnerabilities are identified on a monthly basis and it is a race against time for vendors to issue patches before a vulnerability can be exploited. However, it is not only up to vendors to issue patches. That is but the first step. The next important step is for those patches to be deployed on systems that are at risk.

Deploying patches manually is a nightmare and the larger the network the more time-consuming the process is. It is also impossible for an administrator to be aware of every existing vulnerability or patch being released. There are additional risks when the process is done manually:

• Patches cannot be managed centrally for the whole network,
• There is no reboot control,
• They cannot answer what patches are installed and where,
• If the end users themselves install the patches it will be difficult to prevent installation of patches that interfere with business environment,
• Administrators might not be notified on installation failures,
• Patches are downloaded multiple times, once per machine.

If administrators fail to apply the right patches, malware in its various forms can exploit security vulnerabilities in the operating systems or installed applications.

Technology, though, has come to the IT team’s aid and there are excellent products that allow for the assessment of vulnerabilities and subsequent deployment of patches. With little effort an administrator can scan the whole network and patch the network’s weaknesses automatically.

There is no ultimate security which can guarantee 100% security. To every action there is always an equal and opposite reaction, and while software companies are constantly updating their security solutions to fight the latest malware, complex malicious code is being written daily. For this reason applying a good patch management solution is essential if you are to identify, assess and patch holes in your organization’s IT network.

About the author: This guest post was provided by Enrica Garroni on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on implementing patch management.

All product and company names herein may be trademarks of their respective owners.

No related posts.

Below is a copy of the scam email:

Title: It’s Urgent, Please Respond

Email: It’s me, XXXX. I really don’t mean to inconvenience you right now, I made a little trip to UK and I misplaced my luggage that contains my passport and credit cards, I know this may sound odd, but it all happened very fast. I need to get a new passport and a ticket, but I’m short of funds to pay for my ticket and other miscellaneous expense. Please, can you lend me some funds to get a ticket? I’ll be willing to pay back as soon as I get home.

Please respond as soon as you get this message, so I can forward you my details to send the funds to me, OR you can drop a message via the hotel’s desk phone if you can. The numbers are, XXXXXXXXXXX.

I await your response

XXXXXX

No related posts.

My personal recommendation is Mozilla’s firefox that rose from the ashes of the Netscape browser project. Regardless of security I’ve found every major milestone of the browser to provide improved performance and functionality. Plus bundle that with the security updates, the smorgasbord of addons and excellent rendering of web pages and it’s no wonder it’s a popular browser. Plus other popular browsers you could consider are Google’s Chrome and Opera.

Don’t forget that many people simply use the browser supplied on their computer. So I recommend you take the time to tell others, be it family, friends or colleagues. I know others may take some time to get used to a new browser and seem reluctant, but it is worth the learning curve for improved security.

Mozilla Firefox can be found here: www.mozilla.com

No related posts.

Then the thief or whoever receives the stolen logon details are completing tax returns online and stealing the rebates. i.e. have the money sent elsewhere.

Ref: http://news.bbc.co.uk/1/hi/business/8186509.stm

No related posts.

It is so tempting to use your work email for personal use and lets face it, you’ve all probably done it. I have! From sending a joke, signing up to a newsletter or joining a community etc. Now the line gets quite blurred if that community is linkedin or a similar business connectivity service.

Here are some of the problems you are faced with:

• Possible increased spam or phishing emails.
• Breaking company policy regarding email use.
• Email snooping by bosses (it happens).
• Identity theft.
• Lose of money.
• You leave the company.
• The company goes bust.

Now forgive me, but I am not going to cover the first three today.

So what happens to your email account when you leave the company? Chances are it is forwarded to your line manager for a while. Standard procedure at many places. This allows the manager to tie up any lose ends that you might of missed or to quickly respond to business contacts who were not aware you left or forgot.

This actually opens the door for identity theft or for someone to go snooping! Consider how the majority of password reminders work for online services…. they send an email! The only problem is you can’t receive it anymore and some once the email has been sent often don’t have further security to verify you. Regardless whether your ex-line manager is a lovely person and wouldn’t do such a thing, you are reliant on people currently within the organisation or working for the organisation in the future not to take advantage if you don’t log in quickly and change the contact details or have not already shut the account down. How would they find out you are signed up to services? Many send periodic newsletters via email.

Okay you’ve gathered I am not exactly being mr cheerful today. Now the next situation is quite unlikely to happen, but I wouldn’t put it past people. You sign up for a service or two, the company goes bust and down the line someone buys the domain. They setup the email to do ‘catch all’ and et voila they are receiving all emails sent to that domain and again can cause problems. Often a domain will get tied up for quite a while if a business goes bust, before it can be repurchased, this will work in your favour.

Now the first question you might and should be asking is…..why?! Why bother, why steal my identity, read my messages and look at my data? Well depending on the online services people could place orders for products, transfer money, harvest contacts, use your identity for whatever reasons they have. The fact is since the dawn of time people have been clubbing each other, stealing and in the current day and age sometimes the methods are more subtle.

So the tips:

• Stick to using your personal email address for non-work newsletters,forums,mailing lists,services, buying personal items etc
• Don’t use your company email address to send jokes or ‘warnings’ that people send each other that are not company sensitive.
• Before actually leaving a company, close accounts or unsubscribe to services you don’t use anymore on behalf of the company. Again newsletters, mailing lists, forums etc. Could someone resign up and pretend to be you? Sure, but make it harder please.
• Know what you are signed up to. Easier said than done I know.
• Never use a work email address for your personal ebay, paypal, facebook and similar services.
• If you are the owner of a business make sure you are the actual owner of the domain you use and consider buying the domain for longer periods of time.

Now the above tips don’t fully protect you and I welcome feedback in the comments to improve upon this post.

By now you’ve realised I can be quite paranoid! However I hope this post has made you think about how you and your company manage your email accounts and take steps to improve guidelines and practices.

No related posts.

I thought of the recent show whilst cleaning up and configuring some email accounts. There was an amazing amount of spam email and it can be a huge pain to many. Luckily with precautions and good filtering the pain can be reduced (I will cover that in another post sometime). I completely agree with CommandN’s views regarding spam, you can go check out the show and comments to find out what they were!

However lurking amongst the spam was the dreaded….phishing emails. Basically when someone wants to trick you into giving sensitive data, then to go and abuse your identity (identity theft) and usually try and steal money. http://en.wikipedia.org/wiki/Phishing

I am going to write about the most obvious phishing emails many people see. The ones pretending to be from your bank. However always follow the tips I mention regarding any email.

Recent bank phishing emails I have seen are for: Abbey National Bank Plc, Egg Bank, Halifax Bank Plc, HSBC Bank Plc, Lloyds TSB Online Banking, National Westminster Bank & Royal Bank of Scotland.

However you name the bank and I am sure there are phishing emails flying all over the place.

So what about the subject lines? Here are the recent ones I’ve seen:
Urgent Notice
Inportant Customer Service Message
Acount Update
Dear Customer: Account Alert !
Please Update Lloyds Tsb Internet Banking
[Spam] Your New Abbey Bank National
Account Upgrade
Lloyds TSB Security Precaution.
Lloyds TSB Security Update Message
Online Security Check
You Have One New Message
CUSTOMER SERVICE MESSAGE
Egg Bank Account Management Notification
Lloyds TSB Annual Security Update
Abbey Security Alert! You have (1) Urgent
YOU HAVE 1 NEW MESSAGE(SECURE)
SECURE YOUR ACCOUNT.
Important Information:Essential updates
Online Access Suspended
Royal Bank Of Scotland Customer Service
Alert : You have 1 new Security Message
Internet Online Account Upgrade 2008
Halifax Online Banking Alert : Important M
Important Update Concerning Your Online
Your Account Has Been Blocked – Restore
Update Your Account Security Please!!!
Lloyds Security: Secure Your Online Banking!
Internet Banking Alert
Funds Has Been Transferred To Your Account.
Periodic Account Updates

You get the point, emails not from the actual bank and from just trying to get you interested to being very concerned and tricked into opening the emails!

So the tips?

1) Setup a separate email account for your bank account and possibly for some other important services.

2) Use your email client to then filter all the emails to that email account to a separate folder in your email client. Emails going to any other folder supposedly from your bank should never be opened and deleted straight away.

3) Turn off the auto-preview pane on your email client. So you have to double click to read any emails.

4) Turn on your spam protection and make sure it is properly configured.

5) Go to your banks web site, read the material they sent you or give them a call to find out their email policy. Would they email their clients and under what circumstances?Then take this information into consideration when looking at your emails.

For instance my bank would just call me regarding an urgent matter or send a letter. Plus they have an online message service once I have passed all the security checks where they leave messages from time to time. They do have an email newsletter, but to be honest I don’t open it and just delete it!

In general also be aware of how you use your email addresses. If you don’t need to tell the online world your primary email address, then don’t. Have separate email addresses or contact forms setup for such communication purposes as you will eventually receive lots of spam and phishing emails.

Obviously these tips won’t 100% protect you, but taking precautions such as I mentioned should be taken.

I am sure there are other great tips to help protect you against phishing emails. Please leave a comment and don’t forget to add our RSS feed for this blog to your RSS feed reader or bookmark the site.

No related posts.