Business Security Information

If you have not already heard, in mid-January Internet Explorer was under attack by the same attack method that was used by the Chinese to break into Google’s network.  Since then, a number of security researchers, security companies ,and even some governments have recommended that computer users switch to other web browsers such as Firefox, Chrome, Opera and Safari.  Currently, it appears the attack code is mainly geared towards IE (Internet Explorer) 6 and possible IE 7 so businesses that are still using IE 6 should change to another web browser or at least upgrade to IE 8.

Do you use an EAS (electronic article surveillance) system in your retail store?  I know that most of the major retailers use these type of systems.  Actually, I was at a department store the other day, and I noticed, like I have so many times in the past few years, how ineffective they can be.  Let me explain that statement.

Do you or your company use encrypted USB flash drives?  If so, are they one of the flash drives that this month was discovered could be hacked?  Encrypted flash drives from SanDisk, Verbatim and Kingston are vulnerable to this most recent form of attack.  Basically, the attack occurs on the software that comes with the drives and runs on a computer, not the USB flash drive.  The software allows the user to enter a password, and if the password is correct, the software sends a signal to the encrypted USB flash drive to unlock itself.  The problem is that other software can be written and has been written to change the USB software running on the computer so that it always sends a signal to the encrypted USB flash drive no matter what is entered as a password.

I was planning on writing about endpoint security near the end of last month, but with the holidays and numerous other business and personal activities occurring at the end of the year I had to take a little sabbatical from writing posts for our website.  It is good to be back into the swing of things again, and I hope everyone has a great and successful year with their business.  As always I will be here to help you with any security issues that you may have for your business so feel free to leave comments or contact me using my contact form on my About page.

Pod slurping is a generic term that refers to a technique where someone uses an MP3 player, such as an iPod, to steal sensitive information from a company.  In addition to MP3 players, thieves can also use other devices such as flash drives, digital cameras, mobile phones, PDA’s, or other plug-and-play devices that have storage capabilities.  Basically, any portable storage device can be used to steal or slurp sensitive information.   Special software on the thief’s device can automatically search the computer it is connected to for any sensitive information and then download or “slurp” the information to the device.  This type of software can easily be downloaded from the internet.  Back in 2004,  security expert Abe Usher developed a program called “slurp.exe” that he used on his iPod to demonstrate how information could easily be “slurped” from a computer.  In the demonstration, it took just over a minute to download all files from the computer.

Well, I really do learn something new almost every day.  I was reading an article in Forbes magazine  the other day about a robbery prevention technique that I had never heard of before.  I thought I would share it with you in this article.

Greeting a Bank Robber

Some banks are now using greeters, like Wal-Mart does, at the entrance to the bank as a robbery prevention tool.  The theory behind this technique is that most criminals do not want to be noticed.  Supposedly if a bank employee looks the criminal in the eye and says hello when they walk into the bank, the criminal no longer has that psychological edge of anonymity and confidence they need to commit the crime.

The use of smartphones has led to a whole new set of security issues. Since there is no standard definition of a smartphone, for the purpose of this article and for future reference, I will refer to them as a mobile phone which provides advanced capabilities similar to those found on a personal computer.  These capabilities can include internet access, e-mail, downloadable applications and even e-book reading capabilities.  As time goes by, as with all technology, the capabilities of smartphones will increase and change just as they do for computers.

It seems like almost every book or article I read defines computer security a little differently.  Often the terms computer security, information security, network security, information system security and information assurance are used interchangeably even though each of these terms covers a slightly different portion of security.  I feel that computer security is the overall general term used to indicate the protection of a company or organizations data, network and computer systems.  The other terms  (information security, network security, information system security, etc.) fall under the main heading of computer security.

It seems like there are numerous websites on the Internet covering the main aspects of computer security but very few on physical security for a typical business.  On this website I try to cover all types of security on this website, but today I want to focus on physical security.

Physical security is mainly related to the protection of people, buildings, equipment and other physical or tangible assets.  Physical security is often overlooked in this high-tech business world where protecting digital assets of a business is emphasized. Adequately protecting digital assets, though, depends on implementing physical security as well.

Well, we have had a good Thanksgiving meal, and most everyone has headed off to bed so it is now time for me to get down to writing this article.  Yesterday I received an e-mail from a friend stating she was out of the country visiting a friend that was ill.  Her friend was in need of surgery, and they were trying to recruit a surgeon from Israel and were in need of $2800 to pay for this necessary surgery.  First, I was suspicious that this was a fraudulent e-mail because I had just seen the person and knew that she had no plans of heading out of the country.  Secondly, the e-mail requested $2800 dollars which is a very small amount for a surgery, especially since the e-mail had an urgency about it leading the reader to believe that it may be a matter of life and death.  The return e-mail was also suspicious because the return address was a generic Yahoo e-mail address.