Cincinnati computer repair | PC Laptop Mac Server 513-661-4333

The SMB security gap in network security

kcook7 — Sat, 05 May 2012 21:44:54 +0000

A new study from Symantec finds that while small and midsize businesses are acutely aware of today’s security risks, a large number have yet to take even the basic steps needed to protect themselves. Further, the study shows that simple protection measures could have prevented many of the security breaches reported by these companies.

Click for link to published study

According to the study, based on surveys of 1,425 SMBs worldwide (defined as companies with 10 to 500 employees) in the first quarter of 2009, the lack of a dedicated IT staff and tight budgets were the main reasons for the lack of action. Respondents also cited a lack of employee skills as a top barrier to security.

The study finds that SMBs have no illusions about today’s risks. Asked how concerned they were about a wide range of security issues, from spam to data breaches to insider attacks, respondents consistently described themselves as “extremely” or “somewhat” concerned.

So what does it mean to say that SMBs have yet to take the basic steps to protect themselves? According to the study:

59% of respondents said they have no endpoint protection (i.e., software that combines antivirus with advanced threat protection technologies such as desktop firewall and intrusion prevention for laptops, desktops, and servers).
47% do not back up their desktop PCs, leaving their important information at risk.
33% lack even basic antivirus protection.

What were the leading causes of the security breaches that these SMBs experienced? The reasons most frequently cited were:

system failure
a lost or stolen laptop, smartphone, or PDA
human error
the loss or theft of backup tapes or devices containing sensitive data
the use of improper or out-of-date security solutions.

Looking ahead, half of the respondents said they plan to increase their IT security and storage spending in the next 12 months even in these tough economic times, while 41% said their budgets would remain the same.

What we find with a good number of our clients is the unwillingness to do anything different. They have the same level of network security they had 10 years ago because they haven’t made any changes in the way they think about network security.

They don’t want to remember a password other than the one they have used for 10 years. Sometimes, they don’t want to type in a password at all. I am often asked “Can you just make it so that I don’t have a password?”

They don’t want to force everyone to store their data on the server. They don’t want to limit access to social media websites. They don’t want to stop music and picture downloads. They don’t have a problem with ipods being downloaded to desktops, etc.

I have never seen employees with so many liberties with their employers computer systems and network.

The other half of the equation is always budget. Unfortunately it costs a little to be safe and secure. Actually, it cost each month to be safe and secure. Network security is not a one time purchase, because the enemy is constantly evolving, and improving their tactics.

We invest in locks, safety deposit boxes, alarm systems, and surveillance systems, but we have trouble investing in network security. We send our employees to safety training classes to keep them safe, but we will not invest in keeping our employees and customers data safe.

So why the aversion to network security? It is actually very cheap (compared to a security recovery attempt)

Network security is not as expensive as it may sound. Sure, there are high end military grade security measures, but you don’t have the budget for that. We understand, as an SMB ourselves, we don’t have the budget for that either.

Our goal is to get our clients on a plan to be more secure, each yearly budget at a time. We don’t expect a network security budget of $500 a month, just a modest $150 or so to acquire a few new tools and new technology to help keep the network safe.

What can you possibly do for $150 a month?

Glad you asked. For $150 a month you can get a gateway security appliance that scans for viruses, spyware, spam, intrusions, and other nasties. This level of protection is now a necessity for any business network. It is no longer sufficient to protect each computer individually. We need entire network protection as well.

The gateway security appliance sits right between your modem and your router. It scans all incoming and outgoing traffic and blocks the bad stuff. (Not to get too technical). It also has reports about web traffic for each users or workstation on the network. We can see who is working, and who is playing on Facebook. We can see who downloads the most music, and see who wastes time on non work websites. We can even do fancy things like give each user a splash page reminding them of the companies network policy each day or each week. We can even force them to “agree” before they can get online.

Check here for a complete list of features

Want your companies network to be safe? Then you have to invest in the tools to be safe. The investment in network security is much less than the cost of disaster recovery.

We still pick up new clients without a basic firewall/router from time to time. Sometimes nobody ever told them how exposed they were, but most time they know how exposed they are and think ” It wont happen to me”

Data protection the original way

kcook7 — Thu, 15 Mar 2012 02:53:12 +0000

The goal of a identity thief is to get whatever information about you that they can. This includes finding old paperwork in the trash, web searches for your name, and social media research.

Your trash could be a gold mine for identity thieves. Your trash can easily contain;

Bills with account numbers
Credit card statements with account numbers
Water bills with account numbers
School forms with student ID’s
Mortgage information
Banking information
Investment information
DMV information
Charity information

One way to eliminate the treasure trove in your trash is to shred anything with any personal information on it. A good old fashioned shredder will do the trick just fine.

There are two main types of shredders. Strip cut and cross cut. Make sure you get the cross cut type. I don’t know why they even sell the strip cut type anymore.

You could easily reconstruct things shredded with a strip cut shredder. It takes a little time and patience, but isn’t very hard to for anyone who enjoying puzzles. A cross cut shredder cuts things down into confetti style clipping. Infinitely harder to piece back together.

What should you shred? Anything with your name on it. Unfortunately this is just about every piece of mail you get. It does seem over the top to shred every piece of mail, so use your best judgement. At a minimum shred all bills, and account statements from anyone.

You can get a decent cross cut shredder for less than $100.

Get it, use it, be safe!

New phishing scams

kcook7 — Thu, 15 Mar 2012 02:46:23 +0000

Anyone not know what a phishing email is?

“Phishing” (also known as “carding” or “spoofing”) refers to email that attempts to fraudulently acquire personal information from you, such as your account password or credit card information. On the surface, the email may appear to be from a legitimate company or individual, but it’s not.

As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email.

That being said, the phishing emails are getting better at looking legit.

People usually ask me where the term “Phishing” comes from. It comes from “Fishing”. Setting out your bait, and waiting to see what bites. In today’s word, the bait is financial gain or information, and they are hoping “you” bite.

For tips on how to avoid being the victim of a phishing scam, take a look at these tips from Microsoft.

I received a great looking phishing email last week, It looked very legit, until the very bottom. Then I noticed some non English characters. That was my second clue. My first clue was that I don’t have an iTunes account and they don’t have my credit card.

The phishing email claimed that iTunes had just charged me $600. If this was an error, I should click this link to dispute the charges (or something to that effect). The link is where the trouble would begin. On close inspection I noticed the link didn’t go to itunes or apple, but instead to a domain registered in russia.

I sent a copy to apple so they could investigate and deleted it. Here is a look at what the email looked like.

Two days later a customer came in the store who had clicked on the link. His PC was infected and he now needed a repair. He received the same exact email as I did.

Be careful. A single click can cause a world of pain. Be vigilant, and don’t click on anything you don’t need to.

Ray Voegele

kcook7 — Sun, 26 Feb 2012 03:33:37 +0000

I took my old pc tower to the Custom-PC shop on Beechmont Avenue to have them diagnose a problem. Tom B. quickly assessed the situation and corrected it. Other problems came later and Tom saved valuable data for me. Tom and David, who also works with Tom at that location are excellent computer repair specialists. I will always take my business to that shop because of them.

Robert A. Murdock

kcook7 — Sun, 26 Feb 2012 03:31:55 +0000

David Mercado on Beechmont was a tremendous help to me in recovering files and a laptop that had crashed due to several virus issues. He never gave up and also suggested AVG, plus an external hard drive for backup.

As my laptop is my life these days, David went above and beyond as quickly as he could to get the job done.

David was great and I’d recommend him to anyone who asked where to get help.

Thanks!

Thomas E Bell. MD

kcook7 — Sun, 26 Feb 2012 03:31:00 +0000

I cannot adequately express my gratitude and appreciation to David Mercado, and John Powers. They are geniuses,great teachers and in correcting my problems,they taught me very much and very well, Thanks to them both,they deserve a raise,bonus or something!

Chad Barth

kcook7 — Sun, 26 Feb 2012 03:28:56 +0000

Great service from David Mercado. He made the whole process very simple. Explained to me everything he did to repair my laptop and even found a way to fix my hard drive so I didn’t need a replacement, saving me money. Very pleased with the repair and I would defiantly recommend custom pc to a fried.

Judy Pavlik

kcook7 — Sun, 26 Feb 2012 03:27:37 +0000

Hi, I tried to take the survey but I was told that I already took it.

I have never been on your website before.

I was very happy with the servicing of my computer by David M

Jean B. Fuller

kcook7 — Sun, 26 Feb 2012 03:25:14 +0000

David was very helpful and efficient which made it a good experience.

I would return for excellent service.

Eric Rohman

kcook7 — Fri, 24 Feb 2012 16:27:23 +0000

Kamal,

Thank you for sending out your Mac specialist. He was very helpful and the first person who was able to explain to me what the problem was and some step to go about fixing it. I should have these Ipads figured out by the end of the day. Once again thank you and I look forward to working with you in the future. I have talked to the owner and next time we have any computer problem we will look to call you first.

Thanks again,

Eric Rohman
Landscape and Lighting Sales/Design