Hi All,

Read this article FIRST, then continue with my blog to understand the importance of making some fundlemental changes to your on-line security.

http://www.cnn.com/2012/08/06/tech/mobile/icloud-security-hack/index.html

Wow!  So how do you protect yourself?  One suggestion I have is do NOT give real answers to those security questions.  That way only you know the answers.  You can use a generic, cryptic answer for each.  Think about it– it is easy to find your high school, birthday, high school mascot, sibling’s names, etc.  But if you don’t use the real answer, noone can guess it.

Our course, you should change your password frequently.   Suggestion:  Use a password that is simple to remember but very difficult to crack.  Use two unrelated words separated by a special character.   (Anyone remember AOL’s old password scheme?)  Example:  dog$chair.  Now, to make the password even STRONGER,  substitute the letter o with the number zero.  Change the letter i to the number one.  Make the letter c a CAPITAL letter.  You now have a difficult password that has a pattern which is easy to remember.  If you have a site that makes you change the password every thirty days, you can just simply increment the number one to two, then three and so on.  You can start over after eight since most systems only remember the first 6-9 historic passwords.

Sounds like an opportunity for someone to come up with a more secure way to protect our personal data in the cloud.

Follow me on twitter for other useful tips regarding business and technology. @davidawolf

Thinking of adopting a "bring your own device", or BYOD, policy at work? Learn more about what it is, why it's becoming popular – and what you need to consider before rolling it out.

You may have noticed more and more of your employees or colleagues bringing their own computing devices to work—be it their mobile phone, tablet, or laptop. Or perhaps in your company or in other companies you may have seen, they have let people decide which device they prefer because they are used to it at home. You may not realize it, but this is all part of a large trend called the "consumerization" of IT, in which the influence of consumer technology is being increasingly felt in the workplace. With the wide availability of cheap but powerful mobile devices and online services, a growing number of people are being exposed to the latest technology at home first—adopting them at a rate faster than most businesses are able to manage. This flips on its head the old paradigm in which traditionally new technologies would be rolled out to businesses first, before they would find their way to consumers.

This trend, plus the increasing sophistication of young workers today and their frustration with the tools available to them at the office, is pushing some companies to adopt a "bring your own device" or BYOD policy at work. They are not alone. According to research by technology analyst group Gartner, end users, not the IT department, will soon be responsible for 50 percent of business IT procurement decisions—ultimately bringing and running their own systems on company networks. Meanwhile, according to management consultants Accenture, around one-third of today's younger generation of workers (a group called "millenials") not only wants to use the computer of their choice at work, but also wants control of the applications they use too.

The benefits companies cite to adopting a BYOD policy are many, among them:

• Savings on capital expenses and training costs in using company equipment—compensating employees instead via other means such as flexible work hours, subsidized purchases, insurance, and other benefits.
• Less management headache—effectively letting employees decide what to use releases the company from some overhead and management responsibilities.
• Improved employee satisfaction—by giving employees the freedom to use devices and applications that they prefer.

However, before you consider letting employees bring their own personal technology to the work place, be aware that there are also disadvantages, and sometimes very real dangers in doing so. These include:

• Non-standardization of hardware, operating systems, and applications. If your business operations require that some equipment is integrated with others, then BYOD can in the long run actually increase IT management costs and decrease efficiency.
• Exposing your network to malware or security vulnerabilities and breaches. When your employees bring their own devices to work, you lose important control over their security. Consumer devices often don't employ comparable bullet-proof security technologies mandated by businesses.
• Leakage of confidential or proprietary information. Employees will naturally do what they want with the data on their devices, even if it doesn't belong to them, or it's against company policies. Employees can also lose precious company data when they misplace or damage their personal devices.
• Lower economies of scale in procurement. Essentially because everyone is buying devices on their own, you miss out on the chance to consolidate purchases and lower purchase costs for everybody.

Have you adopted a BYOD policy at work? Thinking about it? Worried about this trend? If you need to understand BYOD better so you can define a policy for your staff, contact us and see how we can help.

For smaller companies and businesses who are constantly on the lookout for great free finds on the web: here are a few nifty and free online tools that might potentially help you, both in saving costs and boosting your productivity and efficiency.

It is a constant challenge for small businesses to meet ever-changing and ever-evolving IT requirements while balancing a budget and keeping costs reasonable. And with software applications being one of the major factors that contribute to IT maintenance costs, it is always welcome news to come across free tools that work well and efficiently despite the lack of a price tag.

ThinkFree Online Office One of these applications is ThinkFree Online Office, which is a cloud application that enables you to create and edit documents in common formats. It also comes with free 1GB of storage and allows you to work from anywhere, since the documents are stored online. And with its own app for Android users, ThinkFree is particularly advantageous to people who need to work on the go.

ReqMan Another free cloud-based application that can prove useful is ReqMan, an online project management tool. You can use this to manage and track your different projects using various templates the service provides. And since it's in the cloud, mobile personnel and staff who are given access to your ReqMan account can work even when they're out of the office.

Gliffy Gliffy is a free tool that you can use to create all sorts of technical illustrations – diagrams, floor plans, flowcharts, and more. The basic plan is free, but you also have the option to subscribe to their more fully featured plans for a minimal fee.

ScheduleOnce For managing schedules, calendars, and the like, ScheduleOnce allows you to keep better track of all your appointments, meetings, and deadlines through a single tool. It integrates with your calendar on Google, and then allows other people to see your open times when they can schedule a meeting with you. Think of it as a one-stop-shop for your scheduling needs.

If you want to know more about these tools and how you can best utilize them, please feel free to contact us. We’ll be happy to guide you and help you make the most out of these types of applications to improve your efficiency and bottom line.

A worldwide shortage of hard drives is expected in the near future as many of the Thai-based factories continue to struggle with flooding.

In the same way the massive earthquake and tsunami damaged Japan’s electronics industry, the flood crisis in Thailand is causing concern for companies that require hard drives for production.

The majority of the world's hard drives are produced in factories located in Thailand, where the flood crisis has put a damper on many industries, hard drive producers included.

According to reports, the shortage is already driving hard drive costs up and may just be the beginning of that trend. As companies like Hewlett Packard respond to the situation, the outlook remains unclear. PC sales could be affected well into 2012 and beyond. With flooding still an issue for some producers the shortage could expand.

As of now, there is still no concrete solution in sight for the problem with the supply of hard drives in the world, and while reconstruction efforts in Thailand are ongoing, getting the hard drive industry on its feet will take a while. As for the effects on the computing world as a whole, PC prices will likely rise as pre-flood inventories are sold out and replacement stock is delayed.

The use of social networks has changed the way many people communicate with each other online. In the same vein, internal social networks can also enhance communications within a given organization, but only if the right policies to govern its use are developed and implemented by the company it belongs to.

With the waves created by social networking in how companies do business nowadays, many have also utilized the same principle to develop internal social networks to enhance their in-house communications as well. However, the use of this new medium of communication also requires that companies develop new policies to cover its use.

One concern that may leave you apprehensive about creating an internal social network might be the fear that it could be abused by employees. However, reports have shown that introducing an in-house social network has produced generally positive results.

As long as company policies regarding the use of internal social networks are developed and implemented properly, employees will view such a network as an extension of the workplace, and will try to put their best foot forward. Such policies must specifically tackle the use of the internal social network, and many experts recommend revising existing company rules that govern the use of email, IT resources, and even external social networks. To be on the safe side, it's a good idea to consult with a lawyer to avoid any legal problems with the policy in the future.

Who's going to be in charge? Your managers, of course. Since the social network will be for company use, it follows that department heads should be given administrative duties and permissions which they will use for moderating communications and discussions in and pertaining do their respective sections.

While an internal social network can do wonders for your in-house communications, good policies and rules pertaining to its use will be what keep it working like a well-oiled machine.

It doesn't matter how solid your security system is –any hacker or online thief can figure out a weak password in a couple of hours through trial and error. Don't risk being a victim of a security breach and data theft. Avoid these passwords that are especially easy to crack.

If you think using 'password' as your password is no big deal, then it's time to rethink.

Security experts have recently compiled a list of the worst passwords users can choose, and 'password' is at the very top of the list. Weak passwords make your information more vulnerable simply because hackers can guess them. It may be easier to pick a password that you don't have to think about, but it's a choice that you may come to regret.

To help you avoid common password choice mistakes that users make, management application provider SplashData has compiled a list of the 25 worst passwords to use:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Make a smart password choice Experts advise using a combination of letters and numbers when creating your passwords, and to avoid things that anyone might be able to guess, such as birthdays and anniversary dates. Passwords with eight characters or more are safer and it's best to use different passwords for different accounts and websites. Use a password manager to help you keep track of all of your passwords if you're finding it difficult to remember them all..

No matter how sophisticated your security system is, a weak password gives hackers and online thieves an advantage. Helping all the users in your organization understand the importance of password strength will help you secure the IT systems in your organization.

If you're interested in learning more, please contact us so we can develop a comprehensive and custom security blueprint that meets your specific needs.

Reference: Worst Internet Passwords

In an unprecedented move against online fraudsters and hackers, the United States Federal Bureau of Investigation (FBI) and authorities in Estonia, aided by information from security firm Trend Micro, recently conducted a raid that brought down an enormous bot network made up of at least 4 million bots.

Four million is a big number – which makes four million bots, in security terms, a staggering and frightening number as well.

It is a good thing, then, that four million is also the number of bots taken down in a recent bust by the United States Federal Bureau of Investigation, the Estonian Police, and security firm Trend Micro. Data centers in New York City, Chicago, and Estonia were raided by authorities, shutting down hundreds of servers used to create a network of bots that spanned some 100 countries.

The said bust, dubbed “Operation Ghost Click”, is one of – if not THE – largest cybercriminal bust in history, putting to sleep a sophisticated scamming operation that victimized 4 to 5 million users and was said to have generated at least $14 million in illegal revenue.

The scam mainly involved hijacking Domain Name Server (DNS) settings in infected computers, which can be used not only to introduce more malware into an IT system, but also to hijack search results and replace advertisements loaded on websites visited through an infected computer.

While this bust does bode well for all IT users everywhere in the world, it also illustrates the scope of influence and level of organization behind security threats. Since this is probably not the only scam / fraud / botnet operation in the world, it is always best to have a comprehensive security policy for your IT infrastructure to minimize the risk of compromising your company’s data and information.

For more details on the bust, check out Trend Micro’s blog post here.

Employees using their own mobile devices for work may seem like a good idea at first – it's less expense for you, the employer, and they can also make employees more productive. However, it also means that you are allowing potentially unsecure devices to access your company's data. The solution? An effective IT security policy that balances personal freedom to use these devices and your need to secure important business information.

As technology continues to become more affordable and accessible to consumers, it's an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company's IT system.

This can be a dangerous thing. Since these devices aren't company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It's important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data's security. Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don't forget that while Android seems to have a bigger problem with malicious software, Apple isn't exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data. If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don't hesitate to give us a call so we can sit down with you and discuss a custom security blueprint that's just right for you.

Fact: all it takes is one security breach to destroy a company. But few - especially small businesses - seem to realize it, according to a recent survey released by StaySafeOnline.org. Results show that few small businesses see themselves as a target of online thieves or hackers, resulting in many having only token security policies in place.

StaySafeOnline.org, a website of the National Cyber Security Alliance, has recently released a study that chronicles the cyber security practices and attitudes of small businesses. Conducted in partnership with Visa, the study shows some interesting, if not disturbing, results.

It turns out that many small businesses (about 65% of the respondents) are highly dependent on their computer / IT / data systems, where they store important information, from sensitive company financial records to personal client information such as credit card info, addresses and phone numbers, and more. However, as many as 85% believe that they will not be targeted by hackers and online thieves, and less than half have data security systems in which they are confident. In general, small businesses have, at best, a mediocre security system.

Few realize, though, that it only takes one breach to compromise a company's finances and relationships with clients. And if you have less than stellar security, stealing from you is easier. You might not have as many online assets as big businesses, but hackers can make a hefty profit by victimizing several easy marks as opposed to bigger and riskier efforts with more secure systems of larger firms.

Don't take a risk with important data, and don't compromise the relationships and reputation you've built with your clients over the years. Good security is always worth it. If you're interested in knowing more about beefing up your security through company policies, software, and user education, please don't hesitate to contact us. We'd be happy to sit down with you and discuss a security blueprint that's cost effective and custom built to meet your specific needs.

Reference: National Small Business Study

A word of caution for Facebook users: Hackers and scam artists are now using promotions and all other sorts of come-ons to victimize users into falling for phishing traps or giving up personal information. It is important to know what to do to avoid becoming a victim as well as securing your system to prevent any unwanted data breaches.

As more and more people continue to use Facebook – both for personal and business purposes – it seems to follow that all sorts of unscrupulous individuals and groups will find ways to exploit this popularity for their own illicit benefit.

In the same way people are phished through email, hackers and scammers use similar techniques to fool Facebook users into falling for their tricks. The combination of curiosity and trust is what hackers rely on to make users fill in contact details for non-existent promotions, visit suspicious websites, or download fake software, all through Facebook. While Facebook has instituted some additional security measures to counter this threat, the consensus is that it is a generally lukewarm, or even cursory response to the issue.

What makes it worse is that you aren't usually the first victim – those links and whatnot appear on your News Feed courtesy of a contact who has fallen into the same trap. So always be wary of events or promos your contacts invite you to join.

The most important thing is to have both the right knowledge and software to prevent getting scammed not only on Facebook, but anywhere else on the Web. Facebook is just a new medium for scammers and hackers to steal information and data – and they'll do the same thing once the next big thing on the Web comes along.

If you want to know more about Facebook scams and how you can better protect yourself – both through training and the right software solutions – please feel free to give us a call so we can help you set up a more secure system for your business that's custom-built to meet your specific needs.