Blog

June 7th, 2012

Business owners often have multiple accounts with many different websites and Web services. There’s one element that links them all together, no matter their purpose: the password. A password is an owner’s sacred key that’s trusted to very few people. You expect that when you share your password with a website, it’s secure. This isn’t always the case and some of LinkedIn’s users’ passwords have recently leaked.

LinkedIn is a popular social media site that caters to professionals and helps them to network and find jobs. In the past few days, news stories have emerged about how members’ passwords were leaked online.

How passwords work The password you enter to access a website like LinkedIn acts as a handshake to confirm that the user trying to access the account is who they say they are. Remember the last time you signed up for a new account, and had to enter the password you’re going to use? The owner of the website stores that password in a, normally encrypted, file and tells the Web page to reference this file when you log in. If the passwords match, you’re allowed in. If not, you get the password error page.

What happened? A hacker discovered a way to exploit the calendar feature in the LinkedIn mobile app. Basically, when the calendar in LinkedIn was updated, the information, including your password is encrypted and sent to LinkedIn’s servers, which then update your profile with the information. The hacker developed a way to grab the encrypted password data for around 6.4 million users.

The hacker then published the encrypted passwords online for other people to decrypt. LinkedIn has released an update to the mobile apps to plug this leak, but the passwords are still online.

What does this mean for me? The chances of your account’s password being among the ones leaked is pretty small. However, if your password was posted, someone with programming and encryption knowledge could decipher it, and gain access to your account. If this happens, this poses a security risk as they will be able to access any and all data you have stored on that account. Beyond that, if you use the password for other accounts, they could gain access to them also.

How do I know if my password was compromised? LinkedIn knows of the leak and has taken steps to minimize the damage.

  1. When you next try to log in to your LinkedIn account, you’ll get a message telling you the password no longer works.
  2. LinkedIn has emailed users whose passwords have been leaked informing them to change their password. This email has no links in it, so if you get an email supposedly from LinkedIn with links to change your password, DON’T click on the link. There have been reports of such emails (with links) being sent out. These emails are phishing schemes which aim to steal your password.
  3. LinkedIn will send you a follow-up email explaining more about what happened and why you were asked to change your password.
Alternatively, you can go to lastpass.com and test your password.

If you haven’t received an email, your password probably wasn’t leaked. We do suggest that, for security reasons, you change your LinkedIn password as soon as you can. You can do this by:

  1. Going to LinkedIn’s website and logging in.
  2. Hovering your mouse over your name in the top right corner of the window and selecting Settings from the drop down menu.
  3. Clicking on Account located in the pane underneath your profile picture. If you don’t see Account click on the grey shield icon.
  4. Selecting Change password and following the instructions.
If you feel that your accounts are unsecured, or would like to enhance your current security, please contact us. We may have a solution for you.
Published with permission from TechAdvisory.org. Source.

Topic Security
May 31st, 2012

The security of a network and the systems within it is top of mind for many IT professionals and business owners. As such, many small business owners are implementing security measures to ensure their system stays secure. There’s a new malware program that could threaten the security of your system, regardless of which OS you use.

The malware software is called LillyJade, and is available for download at underground websites. When a hacker downloads the program, they can modify it to meet their needs. They then release it as a browser plug-in (software that adds functions, e.g., the ability to automatically translate a website), to your browser. It transmits itself by sending messages to an infected user’s Facebook friends with a link encouraging them to download the plug-in.

At this time, the purpose of the malware appears to be to conduct “click fraud.” It shows fake ads on sites like Facebook, Yahoo and MSN. These ads are usually pay-per-click, which means that any time an infected user clicks on one of these fake ads, the hacker gets paid.

There are two interesting things about this program. The first is that it infects browsers, not systems. This makes it nearly undetectable to virus scanners, which scan for infected files on your computer’s hard drive. The second is that the program can be modified to run on nearly any browser regardless of the operating system.

Tips to avoid being infected Here are four tips on how to minimize the chance of being infected by malware like this.

  1. Keep your browser(s) up-to-date.
  2. Don’t click on suspicious links.
  3. If a friend messages you with a link, encouraging you to click on it, verify with them that they sent the link.
  4. Don’t install browser plug-ins, unless you’re sure they’re from a vetted source.
As with any malware threat, proper preventative measures will normally be enough to ensure that your system is safe. If you’re unsure if your system is secure, or would like to implement more robust security measures, please contact us. We have a solution for you.
Published with permission from TechAdvisory.org. Source.

Topic Security
May 31st, 2012

With the increasing amount of serious disasters striking around the globe, businesses are taking steps to ensure that they can keep operating during an emergency and that their data is protected. Striving to protect your data by backing it up is a good business practice, and can help ensure your company will remain open and operational during adverse times.

Here are the three main types of backup you can utilize in your company.

1. On-site backup. On-site storage is the practice of keeping a backup of your data in the same location that the original data is stored. If you have an external hard drive that you back your computer onto and it stays in the office, this is a form of on site storage. The main advantage to this is that if you need to restore a system, the data is right there and the backup can be started immediately. The main disadvantage is that if there’s a disaster, your backup data will most likely be gone.

2. Off-site backup. Off-site storage is similar to on-site storage, typically using the same form of hard drive to backup your data. The main difference is that drives are stored in a remote location, away from your business. The upside to this method is that if something happens at your physical location, your data is safe. The downside to this is that it takes time to travel to the storage location, retrieve the data, backup your system and take it back.

3. Online backup. Online backup utilizes the Internet to allow you to backup your data. The backups are kept on hosted servers (the cloud) and can be accessed through an application. The main pro of this method is that you can quickly and easily recover your data from any location, as long as you have access to the Internet. The downside is that if you have a lot of data, backups will use a lot of bandwidth, thus slowing your Internet speed down.

Regardless of the method, you should be backing up your business data at regular intervals. The best solution is to backup your data using all three methods. Use on-site for short term data storage (less than 1 week), off-site for monthly, and online as your main backup. That way, if one goes down, you have it covered. If you’d like to start backing up your data, or would like to know more about the different methods, please contact us.

Published with permission from TechAdvisory.org. Source.

May 24th, 2012
Topic Social Media
May 23rd, 2012

The figure of speech, “Jack of all trades, master of none” can be applied to many small business owners. While many view themselves as masters of all business functions, there’s normally a function that they could use help on. This help normally comes in the form of an employee, but many small businesses can’t afford to hire. Why not hire a virtual assistant?

A virtual assistant is much like any other assistant, just they don’t work in your office. They could be across town, or in another country, and work with you through the Internet. They could take care of your accounting, social media platforms or secretarial work, freeing you up to work on what you excel at. At its most basic form, it’s outsourcing.

Different types of virtual assistants There are three different categories of virtual assistants:

  1. Generalist: responsible for rote tasks like data entry and answering calls.
  2. Technical: responsible for all your IT related tasks like website design, SEO, updating and installing programs, etc.
  3. Specialist: responsible for specialized business functions like HR, accounting, legal, etc.
Virtual assistants can be hired at nearly any cost. Some general assistants can be hired for as little as USD 100 a month. Some more specialists could cost upwards of USD 100 an hour. As an added advantage, you won’t have to pay them local benefits like health insurance, tax and bonuses.

Ways you can leverage an assistant One of the best ways to leverage a virtual assistant is to have them take care of your technology related functions. Managed service providers (MSP) are a form of virtual assistant that’ll look after your network, technical security, backup and recovery. They’re particularly useful if you don’t have the technical expertise needed to maintain support for your business. The majority of MSPs are also a lot cheaper than employing an in-house IT staff.

Another way to leverage an assistant is for bookkeeping. It’s essential that your bookkeeping is done correctly, it’s also one of the few functions that follow strict regulations. While it’s important to have a licensed professional review your books, there’s no need to have them also do the work prior to the review process. A virtual assistant can help you get your books in order so time spent on the financials is minimized.

Having a virtual assistant can help you focus on the important tasks, running and growing your business. Properly leveraged, you could indirectly see higher profits. If you’d like more information on ways you can outsource some functions, please contact us.

Published with permission from TechAdvisory.org. Source.

May 23rd, 2012

The Internet has become one of the most important tools in our personal and professional lives. It’s hard to imagine what life would be like without it. There’s a chance that may happen for users who’ve been infected by the DNSChanger Trojan. This nasty Trojan has infected many computers around the world and has forced the FBI to take drastic action.

While the source of DNSChanger has been removed, essentially killing it. There are still infected users out there who may have their Internet cut off in July if they don’t deal with it by then.

What is DNSChanger? DNSChanger is a Trojan that hijacks a user's Internet, at the most basic level, the DNS. If a user enters a web address, DNSChanger will return a similar looking page, but with ads that are owned by hackers. Thus allowing them to manipulate online advertising to make money, around USD 14 million by the time they were shut down.

Aside from that, it also prevents users from visiting security websites, like mcafee.com, and downloading program and OS updates. As many as four million computers, including some Fortune 500 and government computers, have been infected worldwide.

What’s a DNS? A DNS - Domain Name System - is a cruical service that converts domain names like www.google.com into code that computers can understand. The DNS essentially makes it easier for computers to talk with one another. Without it, any program or action that uses the Internet wouldn’t work.

What did the FBI do? Because the malware affects the DNS, the FBI couldn’t just shut down the servers that the infected users’ computers talk to, as they wouldn’t be able to access any Web pages. So, they replaced the DNS servers that the hackers used with new ones. These servers will go offline in July, at which time, any user still connecting to the DNS servers, or who is still infected irregardless of their location, could be affected.

What should I do? If you’re infected by this malware, and don’t remove it by July 9, your Internet access could be shut down. To prevent this, it’s important to contact your IT service provider and work with them to ensure your systems are clean, and security’s up to date.

Update

Google plans to warn users they are infected by DNSChanger. When a user accesses one of Google's functions, like search, Google will show a message informing the users they may be infected and give some tips on how to get rid of it.

If you think your systems or network aren’t secure enough, please contact us, we are ready to help.

Published with permission from TechAdvisory.org. Source.

Topic Security
May 17th, 2012

As our devices and workflows become more and more technically advanced, the amount of data available to a company of any size has increased exponentially. For small businesses that have been using spreadsheets like Microsoft Excel, this data could quickly overwhelm your Business Intelligence (BI) efforts. To avoid this, many software vendors have introduced Software as a Solution (SaaS) apps specifically for small businesses.

Here is an overview of four Business Intelligence SaaS apps that you could use in your business:

KPI KPI (Key Performance Indicator) is a company that offers a cloud based dashboard that integrates with your CRM or ERP software. It provides a way for businesses to visualize, analyze and report real-time data from your business’s key metrics. All the results can be viewed on your computer or on your mobile device.

GoodData GoodData is an on demand BI provider that offers users a base service that they can add apps to as and when needed. The whole service and dashboards are stored and run in the cloud, and are considerably cheaper than traditional BI services.

Bimotics Bimotics offers an on demand BI service for businesses in almost every major sector. They offer one suite that has data connectors, an established BI engine and analytical tools that should meet most small businesses’ needs. The suite can also be accessed by almost any mobile device.

Tibco Silver Spotfire Silver Spotfire is a cloud based SaaS aimed at individuals and small businesses. It lets users create interactive dashboards and visual analytics without the need of costly infrastructure. This app also integrates with major social media services, allowing users to put live dashboards on their blogs.

These are just four useful apps that you can use in your business. If you’re interested in how you can integrate BI solutions into your business, please contact us.

Published with permission from TechAdvisory.org. Source.

May 16th, 2012

It’s common to see companies showing confidence in their security systems. Their networks are protected from external threats, which can often lead to a false sense of being secure. With this attitude, they may stop thinking about security and fail to establish internal measures within their networks, and this is a grave mistake.

In recent years the majority of security threats and compromises have come from within the company. A common threat to companies is the logic bomb - malware that targets IT systems and deletes data. As a logic bomb is introduced from within the network, the blame often lies with a disgruntled employee with full access to internal systems.

Insider threats Giving employees full access to the network when they don’t need it is a common mistake often made by companies. There’s little need for an employee who does graphic design to have access to weekly sales records. This practice could set your company up for a considerable security problem in the future.

Dawn Cappelli, an insider-threat expert at the Carnegie Mellon Software Engineering Institute stressed, "These types of insider attacks happen to businesses of all sizes, from small companies to very large corporations." This is an important issue businesses should be aware of if they want to remain secure.

Take Precautions Security threats can be a particularly harsh nightmare for small businesses, as many don’t have an IT department or staff with the technical expertise needed to maintain a secure network. If you’re one of these organizations, it’s a good idea to hire an outside consultant to help you with your network security. With consultants, it’s important that you maintain close contact with them to ensure any issues that crop up are dealt with expeditiously.

If you don’t work with an external company there are a few things you should do when you have an employee leave the company. First, their accounts should be deleted immediately and their access privileges should also be revoked. Second, if you have accounts with shared passwords, you should change them to ensure an ex-employee can’t gain access to the system.

If you’d like to learn more about internal security, and measures you can take to ensure you are safe, we are ready to help you. Please contact us.

Published with permission from TechAdvisory.org. Source.

Topic Security
May 16th, 2012

If the past 10 years has taught us anything, it’s that many managers are woefully underprepared for disasters of any kind. We’re resilient though, and will always find a way to survive. One of the keys to a business’s survival during times of hardship is the Business Continuity Plan (BCP). A vast majority of organizations have one and believe it to be effective, but is it?

Here are six key non-IT functions and processes that need to be in place to ensure your company is ready to effectively execute your BCP.

Easy to use plans Many continuity plans have been developed mainly for the IT department, as such, they can be a little complicated to understand and follow if employees don’t have a technical background. You should aim to have a plan that’s easy to follow and can be understood by all employees.

Communicate plans Remember that your plan encompasses all facets of your organization. It’s crucial that every employee knows their role and the relevant actions to take when the plan is executed. To do this, you need to ensure that all employees have access to a copy of the plan and any changes or updates are clearly communicated.

Test plans Beyond communication, it’s important to conduct regular tests, with every quarter being sufficient. The tests should be as real as possible and span all departments within the organization. This will ensure that employees are aware of how they, and the systems, will react under duress. It’ll be beneficial to your business if the first time the employees execute the plan isn’t during an emergency.

Short term and long term plans Your BCP should consist of both long term and short term elements that can be easily adapted to meet changing business environments and the emergence of new threats. You should aim for an even mix of short and long term solutions that cover as wide a variety of situations as possible.

Ensure buy-in from all levels If you’re in the process of instituting a BCP you should ensure that the whole organization is onboard with the plan. If an employee is unsure about the validity of a part of the plan, take the time to find out why and ask for suggestions. An uninformed or uncooperative employee could be the difference between survival and failure in a disaster situation.

Update and Review After every test, staff turnover and technological update, you should review the plans and make changes if necessary. Essentially, if anything in the company changes, review and update the plan. Remember: just because you have an effective plan this month, doesn’t mean it’ll be so in the future.

Continuity plans are only as strong as the weakest link. In an emergency, the last thing you want is an employee following the wrong process or be unsure of what they should be doing. If this happens, you could see an exponential growth in recovery time and costs. We’re ready to tell you more, so please contact us if you would like to talk continuity planning.

Published with permission from TechAdvisory.org. Source.

May 9th, 2012

There’s no doubt in the value of using social media to build your brand. But opinions differ in the use of social media by employees. It seems that companies are polarized in the issue, but are being slowly awakened to the fact that allowing employees to access social media at work has great benefits. Do you allow employees to access social media in your office?

There are four distinct advantages to allowing social media:

  • Increased productivity. There have been a number of studies that have found that judicious use of social media in the workplace will actually increase productivity. A study conducted by the University of Melbourne found that employees with access to social media are 9% more productive than those without.
  • Increased buy-in. Employees like to feel trusted and empowered. If they don’t you can expect to experience higher turnover and lower morale. A good way to gain trust is to allow employees to use social media in the workplace. If an employee feels like they are trusted, they’ll be more likely to stay with the company.
  • Recruiting. Small businesses have started to use social media for recruitment, but limit efforts to one account. If you have 10 employees in your organization, each with a social media account with 100 friends, you have the potential to reach 1,000 people. This is achievable if employees are allowed to access social media at work and are encouraged to share posts.
  • Identification of business opportunities. Through the use of social media, employees in charge of sales and business development can source new clients and build fruitful relationships.
There are many advantages to allowing access to social networks at the office. If you‘re hesitant to completely open the social media floodgates, try doing so in short periods, like the final three hours of the working day.

No matter what you decide, allowing access to social media is a good practice for your business. If you would like to learn more about social media and how you can leverage it in your business, we are happy to talk with you.

Published with permission from TechAdvisory.org. Source.

Topic Social Media