Posts Tagged ‘security’

Microsoft Security Essentials Fails

Posted on: December 7th, 2012 by billp | No Comments

Colden Company used to recommend Microsoft Security Essentials (MSE) to our smaller customers. It was a good product, was free for smaller business use, and was effective in protecting Windows PCs from viruses and other malware. Unfortunately, this former favorite doesn’t seem to be as effective as it once was.

According to AV-TEST GmbH, a German security firm that specializes in evaluating endpoint security software, MSE is no longer effective and has lost AV-TEST’s seal of approval. As reported by Redmondmag.com, “Security Essentials was only able to spot 64 percent of zero-day malware attacks during September and October. This is down from the previous testing period in which Microsoft’s antivirus was able to spot 69 percent of zero-day threats. Still, this is well below the industry average detection  rate of 89 percent. As for vulnerabilities that have been out in the open for a few months, Security Essentials did a bit better — it was able to halt 90 percent of known attacks. Still, this is below the industry-average 97 percent.” Read the full report for more information.

Why risk your business data and security to sub-par software? Colden Company offers Remote Monitoring and Management (RMM) with Managed Anti-Virus (MAV) for Windows PCs. Not only will your business be protected by award-winning security technology, your business PCs will be monitored for any of a number of hardware and software problems, will be automatically maintained, and your business be backed by Colden’s team of customer service-minded engineers who are ready to deal with any problems before they can cause damage or risk. Contact us for more information today, and start protecting your business today.







BYOD Invading Like a Mobile Monster!

Posted on: December 7th, 2012 by billp | No Comments

You’ve probably heard about businesses adopting “Bring Your Own Device” (BYOD) policies that allow employees to bring their own mobile devices (smartphones, tablets, etc.) to the workplace for use with business systems. Businesses benefit by saving money on purchasing devices and employees benefit by not being required to carry multiple devices. Of course, there are always risks. We even wrote about the importance of developing a mobile security policy earlier this year.

Rapid7 has created an infographic that shows how businesses need to learn to contol the “monster” that is BYOD. Here are just some of the risks:

  • 71% of businesses surveyed said mobile devices caused an increase in security incidents
  • 71% of devices contain high severity operating system and application vulnerabilities
  • 51% of organizations experienced data loss from employee use of unsecured mobile devices
  • 26% of authenticated devices inactive for >30 days, possibly lost or stolen

You need to control the mobile monster in your business! Mobile device management (MDM) is a very real and complex problem for businesses of all sizes. In 2013, Colden Company will offer MDM to customers of our Remote Monitoring and Management (RMM) solution. Why wait? RMM provides many benefits today, and MDM will just add to its top-tier feature set. Contact us for more information today.







Should Your Business Have Cybersecurity Insurance?

Posted on: October 31st, 2012 by billp | No Comments

You run best-of-breed security software in your business. Your firewall is from a top-tier vendor and hardened. You run regular penetration tests on your network to make sure your exposure is in check. You even encrypt your data and enforce strong password policies on your network.

These are all excellent security practices, but they are hardly foolproof measures. They may slow down a cyber attacker, but a determined attacker with your business in their sights may still be able to find away to your data. The sad truth is that the cybercriminals are advancing just as fast as the technology designed to thwart them. The cybercriminals are also focusing more on less-risky, less-prepared targets such as small and medium businesses.

For a business owner or executive in charge of technology or risk, the problem is two-fold. All of the technology measures just described are excellent approaches to addressing cyber risk. But what about the risk associated with financial losses or liability that could result if the technology-based protective measures fail? Specifically, will your insurance policy cover losses, damage, and liability?

You may think that your small business general liability or property insurance policy covers data-related losses, but don’t assume anything without checking with your provider. Many policies include an “intangible property exclusion,” which would exclude data because you can’t touch it or feel it. That makes it difficult to calculate the value or replacement cost for insurance companies, so their normal policies simply don’t cover it. However, with businesses increasingly relying on electronic assets as a vital part of their business operations, insurance companies are starting to either add on cybersecurity protections to traditional policies or add entirely new cybersecurity insurance policies as options.

Cybersecurity policies can insure against data loss, liability associated with data loss, the cost of downtime to your business, and the cost of restoring lost or corrupt data. This kind of coverage is commonly referred to as “first-party coverage.” If your business deals in sensitive customer personal information (credit card numbers, health information, etc.), policies can also cover the exposure and expense associated with the loss of such information (credit-monitoring services, notifying customers, etc.). This kind of coverage is commonly referred to as “third-party coverage” (i.e. losses associated with third parties).

Cybersecurity coverage goes hand-in-hand with proper technological preventative measures. Your auto insurance provider likely offers discounts for added safety features on your car, a safe driving record, etc. Similarly, cybersecurity insurance providers will want to see due diligence in the form of preventative measures to protect your business data. If your coverage level is high enough, providers may want to see advanced security measures such as mandatory complex passwords, high-strength data encryption, protection against removal of data on portable devices, etc.

The best place to start is by contacting your insurance provider to find out the limits of your current policy. If cybersecurity coverage is offered, consider how important your data is to your business and how severely impacted your business would be in the event of a loss. If your business deals in sensitive customer data, you have even more to consider in the form of third-party losses.

Is your business data and network well-secured? Contact us at (888) 600-4560, email us at info@coldencompany.com or contact us on Facebook or Twitter (@coldenco) if you want to check your current security measures or investigate ways to improve your security.







Mobile Safety and Security

Posted on: September 27th, 2012 by billp | No Comments

Think back ten years ago and try to remember what kind of mobile device you were carrying. Calling it a “device” may even be a stretch because, more than likely, your device was a phone that made calls and did little more. You may have had a WAP web browser and texted using your phone keypad, but your phone was primarily for making and receiving calls. Now we carry devices/phones that are dramatically more powerful and capable, sometimes even taking the place of PCs for working on the road. Along with this increased capacity comes safety and security risks – both personal and professional – that need to be considered.

Whether you carry an aging smartphone or a brand-new Apple iPhone 5, Samsung Galaxy S III, Nokia Lumia 900, or similar, you can be exposing yourself or your business data to theft if you’re not careful. The New York Police Department recently revealed that thefts involving Apple products have increased 40% over the same period last year, resulting in a 4% increase in overall crime. But there are things you can do to protect your personal property and the business and personal data you carry on your smart devices.

Here are some suggestions to improve your mobile safety and security, and possibly even your personal safety.

  1. Be aware of your surroundings and use common sense. Don’t use your mobile device to check the time when a stranger asks at night. Don’t use your mobile device near a subway, bus, etc. exit. Treat your mobile device as you would your wallet.
  2. Use security software that can help locate your mobile device if it is stolen. Apple provides Find My iPhone as a free service to all iCloud users, and this can also be used for iPads and iPod Touch devices. A well-respected solution for Android users is Lookout Mobile Security.
  3. Protect your mobile device with a access code of some kind – password, passcode, or PIN. This simple measure can protect your personal and business data in the event of theft. We recommend the use of longer passwords or passcodes over a simple PIN for increased security. Taking it a step further, most mobile operating systems allow you to wipe your device if an access code is incorrectly entered a certain number of times.
  4. Use encryption on your mobile device, if possible. Be aware that encryption can have a slight impact on battery life due to the process of encrypting/decrypting your data. iOS, Android, and the upcoming Windows Phone 8 (but, sadly, not Windows Phone 7) all support device encyption.
  5. In a business, enforce mobile device policies. All of the major mobile operating systems provide tools for centralized device management and security policy enforcement, and many third-party value-add tools exist as well. Such tools allow businesses to enforce device access code usage and complexity, remotely and securely wipe lost or stolen devices, and enforce device encryption, among many other settings.

From the standpoint of personal safety, texting while driving is getting a lot of attention. Many States have enacted laws prohibiting texting while driving. Distractions while driving – texting or otherwise – are a danger. The government site distraction.gov reports that ‘In 2010, 3,092 people were killed in crashes involving a distracted driver and an estimated additional 416,000 were injured in motor vehicle crashes involving a distracted driver.” The mobile carriers are starting campaigns or using technology against texting while driving; AT&T started the “It Can Wait” campaign, Sprint has “Focus on Driving,” and Verizon is conducting a “Don’t Text and Drive Pledge” in Ohio high schools. Sixth-grader Victoria Walker was recently awarded $20,000.00 by AT&T to bring to market a mobile app she designed called “Rode Dog,” designed to bark at your to warn you against texting while driving.

The bottom line is that your personal safety is far more important that your mobile device usage. Don’t text while driving. Be smart about when, where, and how you use your device. Protect yourself and your information.

Do you have questions about how to secure your mobile device? Do you want to use tools to enforce security policies across your business mobile devices? Contact us at (888) 600-4560, email us at info@coldencompany.com or see us on Facebook or Twitter (@coldenco) if you want to use your devices safely and securely.







Back to School and Back to Work

Posted on: August 31st, 2012 by jiml | No Comments

As summer vacations come to an end, focus returns to work and school. For some parents, it is sending a child off to college, while for others with younger children, it may be starting their youngster in school for the first time. Others still may be starting high school with their new laptop.  As a parent, the Internet is a scary place to leave your child unattended.  It is imperative to protect your kids from online predators as well as keeping them off of web sites that are not suitable for kids.  There are many software options that can help do that.  Unfortunately, kids are often the technical gurus in the house and can easily thwart whatever attempts the parents put in place.  Colden Company can recommend some very nice solutions that can be installed, hidden from view, and provide nice email reports to the parent about exactly what web sites your child has been to, who they are chatting with, and more.  This is nice information to have as a parent.

In the workplace, the Internet is also a scary place to leave employees. There have been countless studies on how much productivity is lost to sites like Faceook and Pinterest.  Web content filtering is a recommended solution for today’s work environment.  We have written postings in the past about the importance of developing your company policies before enacting technology.  Let your employees know what is acceptable and what is not, otherwise your business will be on shaky ground during a human resources dispute.

Web content filtering products range in price and complexity. For some businesses, a basic solution will do the job and for others, a more advanced solution may be required.  In determining which solution is appropriate, consider the estimated cost to your business of unnecessary web surfing versus the cost of implementing and maintaining a solution. What problem are you trying to solve?  Do you have one or two rogue employees you want to watch over or are you interested in a company-wide solution?  Is it important to have quality reporting on who is attempting to violate your content policy? It is important to put some thought into exactly what you are looking to accomplish before researching products.

Colden Company has experience in web content filtering solutions for home and business. Contact us at (888) 600-4560, email us at info@coldencompany.com or see us on Facebook or Twitter (@coldenco) – if your company policy allows it, of course!







Stepping up Security

Posted on: April 30th, 2012 by jiml | No Comments

In today’s digital age, securing your critical information – whether it be personal information or business information – is increasingly difficult. Threats are increasing both in number and in complexity and sophistication. Threats can come from individuals, groups, companies, or even governments.  In January, a Venezuelan diplomat launched a cyber attack here in the United States, aimed at disrupting our nuclear industry.   

U.S. authorities probing alleged cyberattack plot by Venezuela, Iran

Many customers have asked us about the real risk to their network.  “Why would a hacker target my business?” they ask.  Our answer is that hackers probably are not specifically targeting your business, but hackers will scan IP address ranges for weaknesses; when they find one, they attempt to exploit it to see what information they can get.  Prior to the scan, they may have no idea it is your business they are targeting, but nonetheless, hackers are an opportunistic bunch. If your business happens to have open ports on its firewall , unpatched servers or workstations, or even workstations with weak passwords, it is a matter of time before those weaknesses are exploited. According to the Department of Homeland Security, an unprotected computer connected to the Internet will become infected in a matter of minutes – not hours or days or weeks. You don’t have to be surfing the Internet to become infected; you just have to have a weakness through which your computer can become infected.

As you can see, security is paramount.  Last month we spoke about the need to protect your smartphones. A layered approach to security is required to protect your business.  Firewalls are a must, preferably hardware firewalls that do not rely on users’ input (allow or disallow access) for configuration like many software firewalls.  Additional layers of protection are necessary since most firewalls will have open ports (which need to be properly secured) for typical business traffic.  Hackers understand this as well, so it is important to have additional layers of protection such as anti-spam and anti-virus protection and software firewalls.  Strong password policies are also critical for protection. Don’t allow your business users to have local administrator privileges; is it is not necessary. Have policies in place to prevent infections or breaches and also with how to deal with those breaches of security.

Colden Company Inc. offers our customers services where we can help detect hacking attempts, perform penetration testing to ensure your network is locked down from the Internet, be notified immediately of virus infections (even for laptops out in the field), and be notified of patching deficiencies for Microsoft and third-party software. We can backup your critical data to a secure off-site location to protect you from losses. We can provide you with best-of-breed anti-spam solutions and email continuity solutions. These services are becoming a necessity as the digital age will continue to become more dangerous.  Ask us how we can help your business protect itself from the ever-increasing threats. Please contact us at (888) 600-4560, email us at info@coldencompany.com or see us on Facebook or Twitter.







Flashback trojan shows Macs do get viruses

Posted on: April 13th, 2012 by billp | No Comments

Apple’s Mac OS X platform has long been promoted as a safe alternative to Windows. Many Mac users have even been convinced that they are invulnerable to viruses and other forms of malware. But as the Mac’s market share has grown, it has become a bigger target.

Earlier this month, Russian antivirus company Dr. Web reported that an estimated 600,000 Macs were infected with the Flashback Trojan, malware designed to steal personal information by disguising itself as a legitimate browser plug-in.

Flashback trojan shows Macs do get viruses (The Washington Post; April 9, 2012)

Respected security software developer F-Secure created a free tool that automates the detection and removal of Flashback. You can download the tool using the link below.

Flashback Removal Tool

If you’re not sure if your Mac is infected or you need help cleaning a Flashback infection from your Mac, contact us for help at (888) 600-4560, info@coldencompany.com, on Facebook, or on Twitter @coldenco.

U.S. Outgunned in Hacker War – Make Sure Your Business is Secure!

Posted on: March 30th, 2012 by billp | No Comments

No matter if your business is big or small (or even one person), you need to take your computer and network security very seriously. Colden Company can help you by installing a simple but secure firewall or a more robust Unified Threat Management (UTM) system. Discuss your needs with us and we’ll help you secure your critical business assets.

U.S. Outgunned in Hacker War (The Wall Street Journal; March 28, 2012)

How to protect personal data on devices you plan to sell

Posted on: March 30th, 2012 by billp | No Comments

A recent study shows that it’s almost impossible to get rid of personal information from some devices, even if you follow the manufacturer’s directions for wiping the device clean. BlackBerry, iOS, and Windows 7 devices are reported safe as long as you follow the manufacturer’s directions for securely wiping them, but Android and Windows XP are another question. If you’re not sure if you’re safe, contact us for help.

How to protect personal data on devices you plan to sell (Los Angeles Times; March 29, 2012)

Importance of Developing a Mobile Security Policy

Posted on: March 30th, 2012 by jiml | No Comments

The ubiquitous nature of mobile devices like iPhones, iPads, and Android devices among consumers has led to an interesting dilemma for IT security professionals. BYOD (Bring Your Own Device) to work has become the norm in many organizations today. Gartner has stated that, by 2014, 90 percent of organizations will support corporate applications on consumer devices and 80 percent of professionals will use at least two personal devices to access corporate data. The general capital outlay is decreasing, but is it at the terrible expense of security, privacy and control? Those devices are downloading company email, connecting to company resources, and potentially storing sensitive company information. What happens to that information when an employee leaves the company? That question is causing security professionals to investigate mobile device security.

MDM (Mobile Device Management) solutions are now becoming an important component to companies’ IT security plans. Software can play a part in security, but without a comprehensive mobile security policy, the software will not accomplish your goals. Colden Company Inc. recommends that businesses review their company or HR handbooks and develop clear and enforceable policies centered around mobile devices. For example, do you allow your employees to download company email to their personal phone? Is that acceptable? Should their device have a passcode or password on it? What do you do if the employee leaves the company? Is it clear that employees should not download company data onto their personal mobile devices? What are the penalties for non-compliance? It is important that the policy be developed with the input of business leaders, not just left at the doorstep of the IT department.

Once the policy is written and reviewed, there are a variety of tools available for remotely wiping phones, implementing password policies, and enforcing other security policies. It is tempting to put the cart before the horse and purchase the tools before the policy is developed, but we caution against that.

What is clear is that mobile devices are going to continue to play a larger and more important role in business computing. Businesses that want to stay ahead of the curve are understanding this trend and proactively addressing it. If your business would like to discuss how it can stay ahead , please contact us at (888) 600-4560, email us at info@coldencompany.com or see us on Facebook or Twitter.