Business Security Information

You hear about customer and employee personal information being lost or stolen from businesses quite frequently.  This information is accessed using a variety of attack methods including SQL injection, buffer overflows, use of default accounts, and even the loss of unencrypted backup tapes.  No amount or type of security will guarantee absolute database security for your business, but until you implement some basic database security measures, you are wasting your time and money on more elaborate security measures.

The use of smartphones has led to a whole new set of security issues. Since there is no standard definition of a smartphone, for the purpose of this article and for future reference, I will refer to them as a mobile phone which provides advanced capabilities similar to those found on a personal computer.  These capabilities can include internet access, e-mail, downloadable applications and even e-book reading capabilities.  As time goes by, as with all technology, the capabilities of smartphones will increase and change just as they do for computers.

Just when you thought it was safe to use wireless, along comes a new attack on wireless encryption.  WEP (Wired Equivalent Privacy), the oldest form of wireless encryption,  has not been safe to use for quite some time, and I would recommend you use one of the other wireless encryption methods mentioned in this article if you are still using WEP.  The information or data that you send or receive on your wireless connection can easily be captured and read by others if you don’t encrypt that traffic.  This article will help you make necessary changes to your wireless network.

What are Insiders?

I have read a number of articles related to the security issue of insider threats over the past month or two and thought it would be a good idea to cover that issue in one of my posts.  First, what is an insider–just an employee or more than that?  Insiders are more than just employees or staff and can include consultants, vendors, contractors, service providers and other that you deal with on a regular basis.  Insiders are dangerous because in your dealings with them, you have  probably given them access to your company’s network and/or business facilities.  This opens you up to all kinds of threats.

Secure Socket Layer (SSL) is used on the internet to encrypt connections to such sites as e-commerce and banking sites.  Most everyone has used and seen these sites.  They have the “https” at the beginning of the website URL along with a little padlock symbol that is usually found on the lower right hand side of your web browser.  If you click on the padlock icon, it will open up and give you information regarding the encryption method and the encryption certificate.  The purpose of SSL is to keep your information confidential while it is being transmitted over the internet from your browser to the website.

I was thinking about how busy life and business seem some-days–today being one of those days.  It got me pondering how complicated security can be for a business, especially computer security issues.  Fortunately there are some simple things that can be done to protect PC’s in your business without you  having to spend enormous amounts of time or money–things that you can do right now!

What is VOIP

As I discussed in my recent “VOIP Phishing Scam” article, VOIP stands for voice over IP or internet protocol.  Basically, all this means is that the you send the phone call over an internal or external network.  An internal network would be your own businesses LAN (local area network) or WAN (wide area network).  To call someone outside your own company using an external network, you would be using the internet.  An example of VOIP that most people would know is Skype or Vonage.    So why do people use VOIP?  Mainly because it is cheaper than the standard telephone network, and you can use your existing high-speed internet connection you are already paying for.  Just like anything in life, though, there are downsides to VOIP, the biggest being security.  That is what I want to spend the rest of this article talking about.

In recent articles, I have spoken about PCI compliance and about security tools that can help you identify sensitive information on your computers .  While talking about PCI with a company recently and as I write these articles, I realized that there is enormous amounts of open-source software that can assist businesses in complying with some of the elements of PCI.  I have included a list of possible open source software that you might find useful when working on the different elements of PCI.  I use open-source software for a variety of elements in my business and personal life and find it comparable or superior in many ways.  Of course, there is usually a learning curve when working with any new software whether open-source or purchased.