Business Security Information

Keyloggers monitor computer activity by capturing the keystrokes of the computer user.  The captured information is then sent to some individual(s) who should not have access to this information.  This should be a concern to all computer users who log into and access email accounts, online accounts, bank accounts, and other such information that should not be shared with others.  With a keylogger, someone else can capture this information and use it to gain access to any account or system that has been logged into.  Also, depending on the keylogger capabilities, all the information the user views can  be captured and sent to these individuals.  Keyloggers allow others to bypass security measures you have in place, and that is never a good thing.

Since about 2002, most office copying machines have been equipped with hard drives. This is the digital revolution. The problem is that the office copier’s hard drives also store a copy of all documents that you copy. Also, since some office copiers also function as scanners, faxes and printers, copies of those documents are also kept by the copier. If a criminal steals the hard drive or copies a copier’s contents, a wealth of information related to your business, employees, and clients are at their finger tips, especially since most of the information is unencrypted.

When most companies think about disaster planning, a variety of thoughts come to mind.  Some businesses I have dealt with think about preparing for a natural disaster or a fire while others think about nothing but planning for an IT or network outage.  For the purpose of this article, I am referring to the planning for and recovery from a disaster.  This definition encompasses more than just the planning and recovery of IT services, infrastructure, data (information) and other technology resources of a company.  Disaster planning must include preparing for and recovering from the loss of human resources, such as key employees of a business, and other essential resources that allow a business to function.

Since Facebook privacy issues have been a hot topic in security, I thought it would be a good idea to take a look at some of the add-ons or plug-ins you can get for the Firefox web browser that will help  protect your privacy when on-line.  While a lot of businesses and users still use Internet Explorer, many people and businesses are switching to Firefox which has a ton of plug-ins available.  When I wrote this article, there were 221 add-ons or plug-ins available for Firefox that touched on some element of privacy.  If you search for security-related add-ons, the list gets even bigger.  While I cannot address all of them in this article, I want to highlight a few that can help protect your privacy.

You hear about customer and employee personal information being lost or stolen from businesses quite frequently.  This information is accessed using a variety of attack methods including SQL injection, buffer overflows, use of default accounts, and even the loss of unencrypted backup tapes.  No amount or type of security will guarantee absolute database security for your business, but until you implement some basic database security measures, you are wasting your time and money on more elaborate security measures.

I have written numerous articles covering the different elements and aspects of security, but one issue I have never touched on is the importance of having quality information to make good security decisions for your business.  Quality or complete information is key to any business decision including security issues, but most businesses fail to track security incidents or issues at their company.  I have worked with a lot of small and medium-sized businesses over the years, and I have not run into one yet who does.

Do you or your company use encrypted USB flash drives?  If so, are they one of the flash drives that this month was discovered could be hacked?  Encrypted flash drives from SanDisk, Verbatim and Kingston are vulnerable to this most recent form of attack.  Basically, the attack occurs on the software that comes with the drives and runs on a computer, not the USB flash drive.  The software allows the user to enter a password, and if the password is correct, the software sends a signal to the encrypted USB flash drive to unlock itself.  The problem is that other software can be written and has been written to change the USB software running on the computer so that it always sends a signal to the encrypted USB flash drive no matter what is entered as a password.

I was planning on writing about endpoint security near the end of last month, but with the holidays and numerous other business and personal activities occurring at the end of the year I had to take a little sabbatical from writing posts for our website.  It is good to be back into the swing of things again, and I hope everyone has a great and successful year with their business.  As always I will be here to help you with any security issues that you may have for your business so feel free to leave comments or contact me using my contact form on my About page.

Pod slurping is a generic term that refers to a technique where someone uses an MP3 player, such as an iPod, to steal sensitive information from a company.  In addition to MP3 players, thieves can also use other devices such as flash drives, digital cameras, mobile phones, PDA’s, or other plug-and-play devices that have storage capabilities.  Basically, any portable storage device can be used to steal or slurp sensitive information.   Special software on the thief’s device can automatically search the computer it is connected to for any sensitive information and then download or “slurp” the information to the device.  This type of software can easily be downloaded from the internet.  Back in 2004,  security expert Abe Usher developed a program called “slurp.exe” that he used on his iPod to demonstrate how information could easily be “slurped” from a computer.  In the demonstration, it took just over a minute to download all files from the computer.

The use of smartphones has led to a whole new set of security issues. Since there is no standard definition of a smartphone, for the purpose of this article and for future reference, I will refer to them as a mobile phone which provides advanced capabilities similar to those found on a personal computer.  These capabilities can include internet access, e-mail, downloadable applications and even e-book reading capabilities.  As time goes by, as with all technology, the capabilities of smartphones will increase and change just as they do for computers.