Business Security Information

Having worked with small and medium-sized businesses for the past 12 years and being in business myself, I am always looking for sources of security information that will help businesses protect themselves.  Since business owners are often overwhelmed with their day-to-day duties, security is often one of those things that is put on the back-burner until some crime or security incident occurs.  Why is that?  Due to time resources?  Because it is hard to get good information to make the right decision regarding the type of protection you need?  Probably in most instances, if we are honest with ourselves, it is a little of both.  Research is time-consuming but necessary.

A little over a week a go, Microsoft announced that Windows could be attacked using a shortcut vulnerability that would allow attackers to infect a Windows computer with the use of a drive-by download attack.  You can read details of it on the Microsoft’s Security Advisory webpage.

Basically, Windows contains a flaw in how it handles shortcut files.  If an attacker creates a malicious shortcut file, the attacker can automatically execute malware whenever a user views the contents of a folder that contains the malicious shortcut file.

Since Facebook privacy issues have been a hot topic in security, I thought it would be a good idea to take a look at some of the add-ons or plug-ins you can get for the Firefox web browser that will help  protect your privacy when on-line.  While a lot of businesses and users still use Internet Explorer, many people and businesses are switching to Firefox which has a ton of plug-ins available.  When I wrote this article, there were 221 add-ons or plug-ins available for Firefox that touched on some element of privacy.  If you search for security-related add-ons, the list gets even bigger.  While I cannot address all of them in this article, I want to highlight a few that can help protect your privacy.

If you are like most businesses, you have more on your plate than you have time to deal with.  Keeping up with all the security issues that face your business can be a daunting task.  One resource that can help you is the new Mozilla Plug-in Checker.  This tool lets you determine which of the computer plug-ins you are currently using are outdated.  While this may not have concerned you before, there is good reason to pay attention to your plug-ins.

GFI has two e-mail security services—MailEdge and MailProtection.  We were given a choice between the two when we registered for a free trial.  We chose GFI MailProtection.  Once we had logged into our account and configured a domain, we were then given, under the Domain Management tab in the Services settings, an option to change from Full (MailProtection) or Edge (MailEdge) protection.  Depending on which one was chosen, additional options were available to configure prior to saving the setting.  The only real difference we noted between GFI MailProtection and GFI MailEdge is that GFI MailProtection also provided virus protection where GFI MailEdge did not.  Both products are marketed to small and medium sized-businesses.

If your business uses security cameras, recording is essential.  The recorded security camera feed can be used for a variety of purposes, especially after a business has been burglarized or robbed.  Currently, most businesses use a DVR (digital video recorder) to record their security cameras, but some still use time-lapsed VCR.  No matter which method you use to record your security cameras, what will prevent the criminal from taking the video tape or the DVR’s hard drive when they burglarize or rob your business?  If there is nothing to stop the criminal from taking the recorded security camera video, you should consider the use of lock boxes.

I have written numerous articles covering the different elements and aspects of security, but one issue I have never touched on is the importance of having quality information to make good security decisions for your business.  Quality or complete information is key to any business decision including security issues, but most businesses fail to track security incidents or issues at their company.  I have worked with a lot of small and medium-sized businesses over the years, and I have not run into one yet who does.

This past month I have been working with a business regarding some physical security improvements, and one of those items was a security or intrusion alarm system.  It got me thinking about businesses that I deal with who usually ask me about why a certain element of security they have implemented, such as security systems, is not working.  Most of the time when I look at their particular situation, one or more elements of the security system does not fit their needs.  Usually this is not discovered until the system has been installed and paid for, leaving the business with a system that does not fulfill their needs and sometimes results in the system not being used after a period of time.  This results in wasted time and money for the business owner as well as poor or nonexistent security.

Lock Bumping, or “bumping” as it is sometimes called, has been around for the past fifty years and is a form of lock picking where a specially cut key is used to move the pins in the lock so the lock can be opened.  The key is made by cutting all cuts in the key to their maximum depth and is sometimes called a 999 key because the cuts are made to the maximum depth of 9.  The cuts can be made by using a hand file, but using a key-cutting machine speeds up the process of making a bump key.

What are Insiders?

I have read a number of articles related to the security issue of insider threats over the past month or two and thought it would be a good idea to cover that issue in one of my posts.  First, what is an insider–just an employee or more than that?  Insiders are more than just employees or staff and can include consultants, vendors, contractors, service providers and other that you deal with on a regular basis.  Insiders are dangerous because in your dealings with them, you have  probably given them access to your company’s network and/or business facilities.  This opens you up to all kinds of threats.