Protection from the ubiquitous computer hacker is paramount for any business. Each year, billions of dollars are spent on security systems to keep confidential and sensitive data safe from those seeking to exploit it. How is it then, that we’ve forgotten about the one place where all of our vital business decisions are made?

Boston based Rapid7 is a security company that specializes in finding holes in computer systems, and earlier this year their chief security officer, HD Moore, found a way to remotely spy on top firms’ conference rooms across the nation.

Moore wrote a program that scans the Internet for unsecured videoconferencing systems, and found that by simply calling in, his researchers could not only see and hear inside boardrooms, but they could also move the camera and utilize its zoom. In less than two hours, they had gained access to 5,000 video conference systems.

Information at Risk

If a hacker can access your boardroom through your videoconferencing equipment; your company is left extremely vulnerable. Private conversations, trade secrets and privileged financial information are all up for grabs. By operating the camera using mouse gestures, a hacker could see who is present at your boardroom meetings. Silence will afford anonymity no longer.

Once in, a hacker could also see who’s on your speed-dial and connect to any boardroom on your list, negating security measures that your colleagues or customers may have put in place.

Protect Company Information

While time and money have been put into ensuring your videoconferencing equipment’s visual and audio clarity, it’s time to make security your number one priority. If you are still using unsecured systems set up outside firewalls, it’s time to evaluate the system and look at alternatives.

In addition, systems that include a feature that automatically accepts inbound calls so users do not have to press an “accept” button every time someone dials in are adding to your security risk. Anyone can dial in and look around a room, and the only sign of their presence is a tiny light on a console unit.

There are trade-offs with every connection you make from your business to the outside world. Make sure that you are aware of the risks and taking the security steps that are right for your company. Call us if you would like to make your boardroom more secure.

 

Wireless hotspots are convenient – but not terribly secure. While allowing you to work from anywhere, they can also expose your device and data to security threats. Read on to find out how to protect yourself.

Wireless internet access, or WiFi, is now so common that it can be found virtually anywhere—in airports, shops, restaurants, and other public spaces. The near ubiquity of these wireless “hotspots” can be a great boon for many of us who need Internet access to check on emails for work or updates from friends on our favorite social network.

Unfortunately not a lot of people know about the risks these wireless hotspots potentially pose. Here are 8 ways to ensure you can surf securely from wireless hotspots:

1. Disable your WiFi adapter when not using your wireless device. This ensures that your device does not connect to any wireless hotspot without you knowing it.
2. Connect only to secure hotpots. In many places, open networks implement no password and no encryption, potentially exposing everything you send out from your computer to malicious hackers. Therefore, whenever possible it’s best to connect in places where some encryption—either WEP or WPA, is employed. Often your device will show a lock icon to identify secure, password protected and encrypted hotspots vs open and unsecured ones.
3. Use VPN or Virtual Private Networking. VPNs allow you to establish a secure channel of communication to your office network over the public Internet.
4. Use only secure software. The use of software is also something you should be aware of—some browsers , instant messengers, email clients, and online services are more secure than others. So use the more secure ones such as those that implement some sort of encryption or similar methods whenever possible.
5. Disable sharing. If your device or operating systems share resources such as folders, printers, and other items, consider turning them off to lessen the possible entry points into your system which malicious hackers or software can exploit.
6. Use a firewall. For example, most modern desktop computers have a firewall built in which acts as a barrier between your device and malicious software and hackers. These can bar from entry or filter out any attempts to access to your system without your approval.
7. Encrypt files. If you have sensitive files on your computer, consider encrypting them so you can avoid having them fall into the wrong hands if your system does get compromised.
8. Remove sensitive or confidential information from your device before using hotspots. This is the safest way of ensuring that your valuable data isn’t compromised when connecting to hotspots.

Wireless hotspots can be great for anyone traveling on business or for those always on the road. Being proactive regarding the security issues that you might encounter can go a long way in ensuring your safety and privacy when using them. If you or others in your business need to go online using hotspots, we can help you set up your machines for secure access by implementing security software, consulting on software security, and more. Contact us today to find out more.

 

The words “hacking” and “printers” usually don’t go together, but recent research on the vulnerabilities of IT systems are now suggesting otherwise. A flaw in many printers (those connected to the Internet) has been discovered which allows hackers and online thieves to infiltrate an otherwise secure network.

When it comes to printers, we usually think about ink, paper jams and minor irritations – but certainly NOT getting hacked. But recent research suggests that printers can be used by hackers to infiltrate computer systems.

According to researchers at Columbia University, printers that are connected to the internet are the weakest (and almost always unnoticed) link that can compromise an otherwise secure system. Details are emerging, as the research was done under government and corporate grants. The Federal Bureau of Investigation got the first look at the research results, followed by people from Hewlett-Packard. What is clear is that this new research reveals that printers CAN be used by hackers or online thieves not only to infiltrate networks, but also to steal personal information and even identities.

The security flaw involves the printer software used to run “embedded systems” which enables both advanced functions and connects the printer directly to the Internet. Alarmingly, researchers were able to hack into a printer, and give it instructions to continuously heat up the part of the device that dried the ink after it’s applied to the paper. The resulting heat caused the paper to turn brown and smoke.

The implications of this type of security flaw are concerning, but can be addressed properly and promptly with the right planning. HP is looking into the study for their own line of printers and business owners should also take precautionary steps to protect already installed devices on their networks.

If you want to know more about how you can ensure that your systems are secure, give us a call so we can sit down with you and discuss a security blueprint that meets your specific needs.

 

It doesn't matter how solid your security system is –any hacker or online thief can figure out a weak password in a couple of hours through trial and error. Don't risk being a victim of a security breach and data theft. Avoid these passwords that are especially easy to crack.

If you think using 'password' as your password is no big deal, then it's time to rethink.

Security experts have recently compiled a list of the worst passwords users can choose, and 'password' is at the very top of the list. Weak passwords make your information more vulnerable simply because hackers can guess them. It may be easier to pick a password that you don't have to think about, but it's a choice that you may come to regret.

To help you avoid common password choice mistakes that users make, management application provider SplashData has compiled a list of the 25 worst passwords to use:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Make a smart password choice Experts advise using a combination of letters and numbers when creating your passwords, and to avoid things that anyone might be able to guess, such as birthdays and anniversary dates. Passwords with eight characters or more are safer and it's best to use different passwords for different accounts and websites. Use a password manager to help you keep track of all of your passwords if you're finding it difficult to remember them all..

No matter how sophisticated your security system is, a weak password gives hackers and online thieves an advantage. Helping all the users in your organization understand the importance of password strength will help you secure the IT systems in your organization.

If you're interested in learning more, please contact us so we can develop a comprehensive and custom security blueprint that meets your specific needs.

Reference: Worst Internet Passwords

In an unprecedented move against online fraudsters and hackers, the United States Federal Bureau of Investigation (FBI) and authorities in Estonia, aided by information from security firm Trend Micro, recently conducted a raid that brought down an enormous bot network made up of at least 4 million bots.

Four million is a big number – which makes four million bots, in security terms, a staggering and frightening number as well.

It is a good thing, then, that four million is also the number of bots taken down in a recent bust by the United States Federal Bureau of Investigation, the Estonian Police, and security firm Trend Micro. Data centers in New York City, Chicago, and Estonia were raided by authorities, shutting down hundreds of servers used to create a network of bots that spanned some 100 countries.

The said bust, dubbed “Operation Ghost Click”, is one of – if not THE – largest cybercriminal bust in history, putting to sleep a sophisticated scamming operation that victimized 4 to 5 million users and was said to have generated at least $14 million in illegal revenue.

The scam mainly involved hijacking Domain Name Server (DNS) settings in infected computers, which can be used not only to introduce more malware into an IT system, but also to hijack search results and replace advertisements loaded on websites visited through an infected computer.

While this bust does bode well for all IT users everywhere in the world, it also illustrates the scope of influence and level of organization behind security threats. Since this is probably not the only scam / fraud / botnet operation in the world, it is always best to have a comprehensive security policy for your IT infrastructure to minimize the risk of compromising your company’s data and information.

For more details on the bust, check out Trend Micro’s blog post here.

Employees using their own mobile devices for work may seem like a good idea at first – it's less expense for you, the employer, and they can also make employees more productive. However, it also means that you are allowing potentially unsecure devices to access your company's data. The solution? An effective IT security policy that balances personal freedom to use these devices and your need to secure important business information.

As technology continues to become more affordable and accessible to consumers, it's an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company's IT system.

This can be a dangerous thing. Since these devices aren't company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It's important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data's security. Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don't forget that while Android seems to have a bigger problem with malicious software, Apple isn't exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data. If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don't hesitate to give us a call so we can sit down with you and discuss a custom security blueprint that's just right for you.