Did Santa bring you a new Kindle Fire, iPad Mini, or Microsoft Surface for Christmas? If so, probably one of the first things you wanted to do was connect to your home wireless network. To connect, you'll be asked for a "key", which is a code that lets you in (and keeps others out). The common dilemma is that users have set up a wireless network a LONG time ago, recorded the key, and stored it in a "safe place", only to be stumped when you look for it again. The problem is that after you program the key into your laptop or other portable devices, your system "remembers" it, so you end up forgetting.
Don't worry! They key is easy to retrieve. If you have a laptop connected to your wireless network, select the wireless icon in the lower right hand portion of the screen. "Left click" on your mouse to view the wireless networks. (Right-clicking allows you to "troubleshoot problems" and "Open Network and Sharing Center").
After you select the wireless networks icon, you'll see a list of all the wireless networks nearby, including the one you are connected to (in this case, the list is blanked out for privacy and only the first one is showing.) "Right Click" on your network and select "Properties" to view the properties of your network, including the wireless key.
In the "Properties" window, under the "Security" tab, you'll see the "Network Security Key" listed, with characters hidden. To see the actual key, check the box to "show characters", and you'll have your key!
So if the encryption key that you wrote down two years ago is in a "safe place" somewhere, rest-assured you'll also find it stored electronically here. No need to rummage through all your files!
February 7 is Safer Internet Day, which is organized by Insafe each year to help promote safer and more responsible use of the Internet and mobile phones, especially among young people. There are events all over the world today with this year's theme focused on "Connecting generations and educating each other". This is a great idea because we can all help each other - tech savvy young people can teach their grandparents about how to get around on-line, and grandparents have the wisdom to help their grandchildren stay safe.
To learn more and get informed with some helpful statistics, visit the saferinternetday.org web site. Did you know that 26% of children report having a public social networking profile and 36% of 9-16 year olds report that they definitely know more about the Internet than their parents? 48% of parents report that they get Internet safety information mostly from family and friends. In the spirit of the day, talk to your family about Internet safety and help spread the word! You can also help spread the word on Facebook and Twitter.
One of the best ways to protect yourself from the common "fake" anti-virus malware that's all over the place is to spend a few moments getting to know your "real" anti-virus software.
Each anti-virus vendor handles things a bit differently, but it's basically "theme and variations". The screen shot to the right is what the AVG system status looks like. When you click on the AVG icon in the system tray (lower right of your screen), you'll see this screen. What you're looking for is a recent scan date, your last update (should be with in a few hours time window), and your license expiration date. You're also looking for green check marks for all the protection levels: Anti-Virus, Anti-Spyware, LinkScanner, Anti-Rootkit, e-Mail Scanner, License, Online Shield, Resident Shield, and the Update Manager. The goal is to recognize your system status when things are going well, so when if you get the dreaded "fake anti-virus" malware, you'll know it's fake.
If you get hit with the fake antivirus malware, here's what will happen. A pop-up will appear on your screen saying somthing like a threat was found and do you want to do a scan. In scome cases the pop up will ask you to purchase an anti-virus license. Don't do it! A good strategy is to remember your Windows shortcuts and use "ALT+F4" to close the window. Sometimes the pop-up looks like a Windows screen, but its actually a web page, and the "x" that would normally close the window is actually a link to do more harm. Use "ALT+F4" instead.
Spend a few moments today to look at what your anti-virus system status screen looks like, and you'll be better prepared for future "fake" threats.
In last night's Republican debate, one of the questions posed to the candidates was "What threat might we face in the next few years that no one is talking about today?". The question was in the context of the 9/11 attacks shortly after George Bush became President, that defined his term in office. One of the answers that caught my attention was cyber-terrorism. Instead of a physical attack, our critical computer systems and networks could be attacked by hackers. When you stop and think about how pervasive computing is in our modern lives, covering everything from banking to delivery of our utilities, it's scary to think of how vulerable we are.
In the Kaspersky Labs Threat Post yesterday, Paul Roberts posed a very scary question: Was the three character password used to hack South Houston's Water Treatment Plant a Siemen Default? Apparently the hacker describe an "easy-to-crack three character password" that provided access to the Siemans Simatic HMI (human machine interface) software that controlled the water treatment plant. The description matches the default password that comes with the equipment, but the actual password hasn't been confirmed yet.
Although the hacker says he didn't take any action when he gained access to the system, he could have shut out other users, taken control of the water treatment plant, and cause a lot of damage. He used Internet scanning software to discover systems that were connected to the Internet, and then had a pretty easy time getting in. He describes himself as merely a hobbyist, not a "real" hacker.
If default passwords are being used to protect our critical infrastructure, we're at risk! This breach has gotten attention in the news, but who knows how many other similar systems are vulnerable like this. The department of Homeland Security is working with Siemans to investigate the breach, but this is just the starting point.
ALWAYS use STRONG passwords to protect any applications you access over the Internet. Strong passwords should contain uppercase and lowercase letters, numbers, and symbols. They should never be words in the dictionary, and ALWAYS change the default password!
Just about every day we read about a new computer security breach in the news. The big events draw a lot of attention and generate the headlines, but small business owners need to stay vigilant too!
It can be overwhelming to try to digest all the available information on computer security. We like to think about it in three easy steps.
Step 1: Secure your perimeter. Think of this as having a wall around your business, a fence, or locked windows and doors. Your firewall protects you from the Internet by creating a cyber barrier between you and the outside world. If you picked up an inexpensive router at Staples a few years ago, you should strongly consider upgrading to a business class router. We highly recommend Sonicwall products, but there are many great choices. We're also recommending gateway security software to manage the traffic in and out of the network, above and beyond basic firewall protection. Also, remember that your firewall needs regular firmware upgrades to stay up to date with respect to new threats.
Step 2: Protect allsystems on your network with Anti-Virus and Anti-Spyware software. The important point is that EVERY system needs active protection (up to date license, dynamic updates multiple times a day). Do you know that EVERY system is up to date? Do you have a policy about bringing in systems from home (BYOD - Bring Your Own Device)? What about guests? If guests on your network are a factor for you, we strongly recommend installing a separate "sub-net" so that these guests can get Internet access (using your same Internet connection with no extra cost), but they won't be on your main network. How do you know your guest has up-to-date virus protection?
Step 3: Keep your applications and operating systems up to date with security patches. Microsoft routinely releases free updates on "Patch Tuesday", the second Tuesday of the month. Many people are aware of these updates because they're in the news, and your Windows system will prompt you when updates are available. What people often overlook is that Macs need updates too, and other applications such as Adobe Acrobat, Adobe Flash and Java are also vulnerable to security loopholes and also need to be regularly updated. (And don't forget your smart phone, but this is a whole new topic).
There is no such thing as 100% security. Even if you do everything "right" there is still a chance that you could have a problem, such as a virus, but with focus on active protection, you greatly reduce your risk and potential for damage.
Remember that security is effectively a "cat and mouse" game. Vulnerabilities are detected, hackers try to exploit the vulnerabilities, and the security firms try to stay a step ahead. To protect your small business, remember your "123s": 1. Perimeter, 2. System, 3. Applications.
One of the questions we're hearing more and more from our small business clients is how to get control over out-of-control web usage in the office. So much business is conducted on-line that employees need to be connected to the Internet, but in some cases, things can get out of control when some employees spend too much work time on personal web usage such as shopping, Facebook, or going to sites they're not supposed to. If web usage can't be controlled through other management techniques, or if your business has compliance requirements, it's time to think about content filtering for your site.
In some cases the concern is illegal, inappropriate, or harmful web content, and in other cases it's a matter of employee performance, and limiting personal distractions. Another big problem is that if too many users are accessing music or video sites, your network can slow down to a crawl. If your business faces some or all of these problems, content filtering is the solution.
How does it work? With content filtering, web traffic can be managed by giving access to, or denying access to particular sites or categories of sites, with individual or group controls, and time of day control. We typically recommend SonicWall solutions, but the general way these solutions work is that a comprehensive database of millions of web sites is accessed to define usage policies. Examples of categories you can block include: pornography, drugs, criminal and illegal skills, gambling, hate sites, etc.. You can also block other specific sites that are productivity distractions. When users try to access web sites, their access will be determined by the rules set up in the router. This is a simple way to centrally manage web site usage in your business.
Typically some adjustments are required to make things run smoothly (we see a lot of cases where access to necessary sites are inadvertently blocked at first), but in general, implementing a technology solution makes things clear for employees, and centralized technology makes it easy to manage. We strongly recommend carefully thinking through your company policy ahead of time, so the technology fits your business environment.
Free public Wi-Fi networks are popping up everywhere - at the airport, Starbucks, your local music school... These networks are a big convenience, but you should be aware of your security settings so you don't put your computer and data at risk. When you connect to a network, there may be a firewall protecting you from the outside world and everyone else on the Internet, but when you connect to a local network, you're basically putting your trust in that network and everyone else on it - not a good idea in public! In addition to file sharing, many of these wireless hot spots are unencrypted to make it easy for people to connect, but this could leave you vulnerable to malicious users in the coffee shop who could monitor your keystrokes!
Windows 7 has a great feature that lets you select the type of network you're on (Home, Work, Public), and will impose the proper security settings for you. When first connect to a network, your system will ask you what type of network it is. If you're in a place where you don't recognize the other computers, you should specify "Public Network" for your network location. This will automatically set the appropriate security settings.
To see what your current settings are and to change them, go to Control Panel, Network & Sharing Center. For a Public Network, the icon is a Park Bench. To see the individual settings, click on "Change Advanced Sharing Settings".
1) Turn off Network Discovery - When Network Discovery is ON, your computer can see other computers and devices on the network and they can see you.
2) Turn off File and Printer Sharing - When File and Printer Sharing is ON, files and printers you have shared on this computer can be access by other people on the network.
3) Turn off Public Folder Sharing - When public Folder Sharing is ON, people on the network can access Public Folders.
4) Turn on Password Protected Sharing - if you are going to share files and folders, make sure Password Protected Sharing is ON so that only users with a user name and password for your system could access the files.
5) Additionally, Turn ON Windows Firewall. Go to Control Panel, Windows Firewall and check that its ON. The firewall helps prevent other systems on the network (all the people you don't know in the coffee shop) from potentially spreading malicious software or accessing your system.
When accessing web sites, look for SSL encryption to make sure your transmissions are protected. Look for "HTTPS" in the web address.
Unless you completely trust the owner of the network, and trust that they have secured their network equipment, keep in mind that entering personal information like banking accounts and credit card information can be compromised. WEP and WPA encryption can be hacked, so you're not completely safe.
Finally, if you don't need to use the Internet the whole time your their, just shut off your laptop wireless. Your system may have a physical switch, or you can simply hit the "Windows Key" + "X" to get a bunch of on/off switches.
Security is never 100%, but remembering to take proper precautions will greatly reduce your risk. Consider what information is most important to you, and safeguard it in public. I just asked my colleague if he would purchase something on-line with a credit card while on a Starbucks Wi-Fi, and his answer was "No Way!". Take basic, proper precautions, and then use your judgment.
Well over a year ago there was a major security breach at a site called RockYou.com. One of the interesting outcomes is that the breach offered the opportunity to analyze password behaviors since over 32 million passwords were revealed.
Here is the top 20 list and if you see any of your passwords on this list, its a good time to think about using stronger passwords!
Strong passwords should include uppercase and lowercase letters, numbers, and symbols. Your computer security starts with the strength of your passwords, so don't use something that's easy to guess or easy to automatically generate (like a keyboard string or word in the dictionary).
With so many business and personal activities on-line these days, it's impossible to remember all the passwords. We've all been trained to use "strong" passwords (6 characters or more, not a word in the dictionary, numbers & symbols), but remembering them is a big problem.
One of the productivity tools we like to recommend is RoboForm (www.roboform.com). The slogan on their home page sums things up - "Put your passwords on speed-dial". RoboForm automatically remembers your passwords, stores them securely, and then fills them in when needed, kind of like using a browser bookmark.
When trying to remember complicated passwords, employees are often tempted to write them down and keep them in a convenient location, but this isn't secure. In fact, the new Massachusetts Data Protection Law specifically addresses the storage of passwords by requiring: "control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect". Bottom line, no more passwords on post-its under your keyboard!
There's an entry-level free version of the program available, so this may be a great place to start and check it out. Here is a link to the product comparison chart: http://www.roboform.com/how-it-works/product-comparison.