Enjoy a festive short as you enjoy your winter festivities.
Wishing you a fun and safe holiday.
- Richard Keene
IT Computer Support of New York
Design and Optimization Department
Archive for December, 2009
The holiday season is a popular time for cybercriminals to host attacks again business computer systems. With employees distracted with more important things and holiday media circulated freely cybercriminals are often given free reign to cause disruption and damage. Patching system vulnerabilities is a low cost solution that can save a business thousands of dollars in damages in the long term.
The number of reported vulnerabilities has been on the rise for the last few years and reached over 3000 reported cases in 2008. With the high dependence of business computer servers the increase in vulnerability should not be a surprise. What is a surprise is that most businesses do not take the steps to protect their system infrastructure.
Patches are typically released shortly after a system vulnerability is found but often go unnoticed by the majority of users. The problem is that the patch process is often considered too complex, time consuming or not important enough to system administrators. Additionally, many feel reluctant to apply server patches because of the chance that they will respond poorly with a systems current hardware configuration. For these reasons it is ideal to have a system in place for periodical system backup and patching.
The importance of patching is made most apparent by the amount of damage that can be caused by the failure to do so. An exposed vulnerability to a single computer system can reveal information about all aspects of your business and cost hundreds of thousands of dollars in lost information. If an intrusion attempt is made to your server then this loss or damage is multiplied by the number of connected systems and the costs grows geometrically. Suddenly, the minimal cost of a patching solution doesn’t seem as great.
The capabilities of system intruders are increasingly sophisticated and at the same time easier to obtain. In most cases an attack will be made to target a single vulnerability. For this reason system intruders monitor security breach announcements diligently and once one is revealed, attempt to replicate it. This is why ITCSNY recommends the installation of Critical Updates (Patches) shortly after their release to assure optimum security, uptime and performance.
- Richard Keene
IT Computer Support of New York
Design and Optimization Department
Data Leaks have become one of the greatest threats to confront today’s businesses. With an increased demand for offsite work and the growth of digital media businesses are forced to combat outside attack attempts as well as negligence. In order to secure your companies private information consider these five steps.
1. Monitor Mobile Content. Businesses that store and enable access to private information over a virtual network need to keep track of what information is used and who has access to it. Information that is stored through FTP sites should receive scrutiny since this information can be accessed from anywhere. Peer-to-peer file sharing systems and instant messenger communications should also be used with care because of their general lack of security features.
2. Keep Track of Database Information. A business database exists as the collective brain of a company. With all client and personal information stored in one place it is also at the most risk for information theft or damage. Access to databases should be monitored and reviewed regularly. Periodical internal audits can help with this. A disgruntled employee wishing to inflict harm or even negligent one could cause thousands of dollars of irreversible damage simply because there are no checks in place to catch a problem. Encryption of all sensitive data should be a priority.
3. Regulate Employee Privileges. Many businesses practice the blanket approach to employee system access which is rarely needed. Private systems and data should be limited to only those who really need it. Unauthorized access to high-risk data should be identified immediately with steps taken to secure it. if possible check for early warning signs such as employees suddenly accessing far more documents than they would on a typical day.
4. Keep Track of Portable Devices. As more and more people start to work off site and or take their work home with them the proliferation of portable storage devices will continue. The majority of data loss and breaches that are reported today are the result of stolen or lost company hardware. Laptops and USB hard drives are both small enough to be easily stolen or lost. Beyond physical theft laptops in the field often operate under lax security which leaves them vulnerable to public network data breech.
5. Backup Everything. While reasons for data loss are diverse the most prevalent cause is onsite disasters. Onsite disasters are accidents caused by employee error, theft, or deliberate sabotage. In either case a lack of data backup storage or even a poor backup solution could result in the loss of company time and money, valued far higher than the cost of the hardware itself. Companies need to backup their data at least once a day to minimize potential downtime. It is especially important that backups are stored off site. More than half of SMB backup files are stored in the same location as the originals. In the event of a fire or other disaster this would leave the company vulnerable to permanent data loss. If information is accidently or intentionally destroyed these backup sources will be your only method of a quick recovery.
- Richard Keene
IT Computer Support of New York
Design and Optimization Department
