Business Security Information

Keyloggers monitor computer activity by capturing the keystrokes of the computer user.  The captured information is then sent to some individual(s) who should not have access to this information.  This should be a concern to all computer users who log into and access email accounts, online accounts, bank accounts, and other such information that should not be shared with others.  With a keylogger, someone else can capture this information and use it to gain access to any account or system that has been logged into.  Also, depending on the keylogger capabilities, all the information the user views can  be captured and sent to these individuals.  Keyloggers allow others to bypass security measures you have in place, and that is never a good thing.

While putting gas in our vehicle today, I saw a simple security issue that probably occurs at a lot of businesses as well as gas stations.  This gas station was the typical type you find outside a supermarket or department store–gas pumps with a small structure in the middle for the cashier to handle customer who don’t pay at the pump.  The small cashier structure was bullet-resistant with a portal for customers to pass cash and credit cards safely to the cashier.  The one door to the structure was metal with a regular lock as well as a deadbolt.  I am presuming it was set up this way to prevent thefts and robberies.  In my opinion, the physical security was adequate for the location.

Watch this short (less than a minute) video on how simple it is to gain access to a building through a garage door. While there are other methods of breaking into a home or business, this is one that is often overlooked or forgotten even by seasoned security professionals. It is also one that is low-tech and very easy to do.

Garage Door – I Am In!

If you are one of many types of businesses that sell or service vehicles, you should look at how you are storing keys for the vehicles you are servicing or selling.  Over the years, I have seen numerous dealerships and service centers that store keys like the company noted in the pictures.  As you can see from the pictures, the keys are just stored on a board-type key holder.  While I do not usually recommend the use of such a board because keys are easily accessible to anyone in the area, I want to focus on the more pressing security issue of the proximity of the keys to the entrance to the business.

When trying to protect or secure a lot or other area, most businesses fence in the area and secure any opening to the lot with some type of gate. The fencing is usually of the chain link type which does not provide good perimeter security; however, that is not the focus of this article. Right now, I want to focus on how the gate is secured during business hours. Since open gates are necessary for the smooth functioning of the business, I am referring to padlocks used to secure the gate during non-business hours being left open during business hours. If you look at the pictures included in this article, you will see examples of what I mean. In each picture, regardless of whether it is a chain link gate or a swing arm gate, an open padlock is hanging on the gate.

You hear about customer and employee personal information being lost or stolen from businesses quite frequently.  This information is accessed using a variety of attack methods including SQL injection, buffer overflows, use of default accounts, and even the loss of unencrypted backup tapes.  No amount or type of security will guarantee absolute database security for your business, but until you implement some basic database security measures, you are wasting your time and money on more elaborate security measures.

As I travel around and see a variety of businesses I always find security solutions that businesses have developed and implemented themselves.  The pictures in this article show one security solution a business implemented after someone broke into their warehouse.  The pictures show the interior view of one of the doors in the warehouse.  If you look closely, you will see that the business basically took some strips of steel and a cabinet handle and made an interior bar-type lock that they engage during non-business hours.  The steel bars are bolted to the door, and when the handle is turned, the steel bars move into openings that someone cut into the door frame.  This secures the door to the door frame.

Late last year it was announced by a couple of security researchers that cPanel was vulnerable to cross-site request forgery attacks (CSRF).  If you manage your business’ website, you know that cPanel is an administration interface that allows you to perform many tasks related to running a website.  This includes accessing website stats, email accounts, and log files, submitting tickets to the support desk, and a variety of other tasks.  Cross-site request forgery attacks allow attackers to exploit web-based services after the user has already logged into the web-based service.  In a cPanel attack, once you are logged in, you must be lured by the attacker to visit a malicious website that the attacker runs or has compromised.  Once you go to the malicious website, the attacker can execute unauthorized commands since you are already logged into cPanel, and no password would be necessary.

Just last month I wrote an article on “Choosing a Secure Web Browser” after a recent attack using vulnerabilities in the Internet Explorer 6 (IE) web browser.   In that article, I stated that security researchers and some governments were recommending that people change to a different web browser or at least upgrade to IE8 (you can read the full article using the above link).  Just this weekend, a couple of other security researchers announced another vulnerability involving IE web browsers including IE8.  This vulnerability was confirmed on Monday by Microsoft.  The question now is whether to wait for a patch from Microsoft or to change web browsers?  Let’s look at the highlights of the vulnerability to determine the right answer for you and your business.

When you look at the desktops, laptops and other devices in your business, do you realize the number and variety of software applications running on these devices?  Applications include Adobe Reader, Adobe Flash, Microsoft Office, off-the-shelf accounting software, and other similar types of applications.  Beyond these normal applications found on most computers, custom applications may also be used in your business such as credit card processing, accounting or other business-oriented software applications.  Most business owners and managers do not realize the number and variety of applications running on the computers they use.  Studies have shown that businesses spend most of their security efforts updating and securing the computer’s operating systems and not the software applications.