Business Security Information

Keyloggers monitor computer activity by capturing the keystrokes of the computer user.  The captured information is then sent to some individual(s) who should not have access to this information.  This should be a concern to all computer users who log into and access email accounts, online accounts, bank accounts, and other such information that should not be shared with others.  With a keylogger, someone else can capture this information and use it to gain access to any account or system that has been logged into.  Also, depending on the keylogger capabilities, all the information the user views can  be captured and sent to these individuals.  Keyloggers allow others to bypass security measures you have in place, and that is never a good thing.

Should you be concerned about using Facebook or other social networking sites?  While I do not use Facebook personally or for business, I have a lot of friends and relatives who do.  Unfortuately, in the past few months, Facebook has gotten a lot of attention due to a variety of scams and privacy issues experienced by those who use Facebook.

As part of your business, do you use any of the typical social networking sites such as Facebook, Twitter, and LinkedIn? If you do use these or other social networking sites, should you be concerned?Maybe!

Recently a security researcher, Thomas Ryan, set up accounts on these three main social networking sites using a fake person’s profile and purposely set out to “friend” the security, intelligence, government and military communities to see if they would fall for the scheme and to show the risks of social networking sites. Mr. Ryan made parts of the profile obviously fictitious. For example, he gave the fake 25 year-old female ten years work experience and other obvious clues. In the end, he still had over 200 friends on each one of the sites in a period of a month.

Since about 2002, most office copying machines have been equipped with hard drives. This is the digital revolution. The problem is that the office copier’s hard drives also store a copy of all documents that you copy. Also, since some office copiers also function as scanners, faxes and printers, copies of those documents are also kept by the copier. If a criminal steals the hard drive or copies a copier’s contents, a wealth of information related to your business, employees, and clients are at their finger tips, especially since most of the information is unencrypted.

Since Facebook privacy issues have been a hot topic in security, I thought it would be a good idea to take a look at some of the add-ons or plug-ins you can get for the Firefox web browser that will help  protect your privacy when on-line.  While a lot of businesses and users still use Internet Explorer, many people and businesses are switching to Firefox which has a ton of plug-ins available.  When I wrote this article, there were 221 add-ons or plug-ins available for Firefox that touched on some element of privacy.  If you search for security-related add-ons, the list gets even bigger.  While I cannot address all of them in this article, I want to highlight a few that can help protect your privacy.

New internet attack methods or new variations of old ones seem to be developing on a regular basis.  This makes it hard to keep up with all the ways your business’ computer system can be attacked as well as adequately protecting your most vital business asset–information.

If you are like most businesses, you have more on your plate than you have time to deal with.  Keeping up with all the security issues that face your business can be a daunting task.  One resource that can help you is the new Mozilla Plug-in Checker.  This tool lets you determine which of the computer plug-ins you are currently using are outdated.  While this may not have concerned you before, there is good reason to pay attention to your plug-ins.

You hear about customer and employee personal information being lost or stolen from businesses quite frequently.  This information is accessed using a variety of attack methods including SQL injection, buffer overflows, use of default accounts, and even the loss of unencrypted backup tapes.  No amount or type of security will guarantee absolute database security for your business, but until you implement some basic database security measures, you are wasting your time and money on more elaborate security measures.

Despite its complicated pronunciation, the word obfuscate merely means is to change, alter, modify, or obscure.  In business, you probably use this more than you think.  On the web, businesses often use URL shortening services which take a long URL (website address) and make it a short one.  These shorter URL’s are then used in an e-mail or instant message, on a blog, or on social media sites such as Facebook.  Twitter is probably one of the most popular places URL shortening (obfuscated URL’s) services are used since you are limited on the number of characters you can put in each tweet.  I have also seen it used in e-books and other informational products that are downloaded off the web.  URL shortening services hide the original and often long URL.

**Before reading this article, please refer to my previous article on identifying phishing attacks.  A number of the typical identifiers used to identify a phishing are no longer as important.  Some recent changes made by these scam or social engineering artists makes it hard to easily identify such e-mails as phishing attacks.