How to Avoid One of the Biggest Email Hacking Threats

by Dedicated Business Designs on February 15th, 2012

How to Avoid One of the Biggest Email Hacking Threats

BY Riva Richmond |

How to Avoid One of the Biggest Email Hacking ThreatsYou might have heard of something called "spear phishing." It's an attempt to hack your computer or your accounts, or to con you out of money, by using an email message that's tailored to you or your company. A phisher piques your interest with a conference invite, resume or invoice. But it's a ruse to get you to provide sensitive information such as passwords, click on an infectious attachment or website link, or participate in a shady deal.

These personalized, deceitful messages can be crafty and believable enough to slip by spam filters and other security protections and to trick you -- the last line of defense.

About one in every 300 emails in 2011 was a phish, according to security software maker RSA, a unit of EMC Corp. Entrepreneurs should be concerned because these emails are increasingly surfacing at the office. In a separate 2011 RSA Workplace Security survey, 45 percent of respondents said they had received a phish in their work email. Often, they are personalized "spear" messages to specific employees, sometimes including details mined from LinkedIn and other social networks to make them more plausible.

Spear phishing emails can be alarmingly effective. RSA, Google and a slew of large companies had valuable intellectual property stolen over the last two years in attacks that began with a spear phish of an employee. "They're aiming for fewer targets, but they're aiming for a higher yield," says Jason Hong, an associate computer science professor at Pittsburgh's Carnegie Mellon University and founder of Wombat Security Technologies, maker of a phishing filter and educational tools for companies.

Small companies have been targets of spear phish attacks, too. Last spring, an employee in receivables at a Wichita, Kan., ServiceMaster franchise opened an email tailored to her and unleashed a virus that scrambled her computer and sent spam to her contacts. The franchise's mail server was also upended and shut down for most of the following two days while a technology consultant cleaned up, the company says.
Advertisement




Some spear phish attacks can cause more financial damage. Take PrintedArt, a Franklin Lakes, N.J., company that sells artwork. It has received several emails in recent months from supposed customers requesting unusual shipping arrangements requiring the firm to wire thousands of dollars to international shipping agents. But Klaus Sonnenleiter, the company's president, became suspicious that the agents were impostors and refused the orders.

Here's how you, too, can avoid getting reeled in by a phisher.

Use technology as the first line of defense.
Security technologies can block many phishing attempts before they reach anyone. Do the basics: use up-to-date antivirus software and spam filtering, and keep the software on your computers current with the latest updates -- especially Adobe products and Java, whose bugs have been heavily exploited by malware writers.

Specialized anti-phishing technologies can also help. Major web browsers use built-in blacklists that provide a safeguard against known phishing websites. Google's blacklist is used in the Firefox, Safari and Chrome browsers, while Microsoft's blacklist is used in Internet Explorer.


And there are filters that use "heuristics," a set of rules used to detect phishing that can block some attacks but can also generate false alarms. Microsoft includes this technology in SmartScreen, a feature in Exchange, Hotmail and Internet Explorer, and many security-software makers include heuristics in their product suites.

Teach employees how to spot these phishing emails.
Unfortunately, spear phish are especially adept at beating security technologies because they often look like legitimate messages. When they contain malware, it's often tweaked to get past major antivirus products. And when emails direct victims to dangerous websites, the sites are often new and unknown to blacklists.

You must prepare employees to identify these types of emails. Experts say educating workers and instilling a healthy level of suspicion are effective in foiling phishers, who often use emotional triggers to create a sense of fear or urgency.

About 50 percent of people will fall for a reasonably good phish, say both Wombat and PhishMe, which provide anti-phishing training services. But they say employee education can whittle that number down to 10 percent or less.

Related: A Seven-Step Guide to Protecting Customer Privacy

Training programs usually start with sending employees fake phishing messages. If they fall for the ruse, they are given immediate online training about how to recognize scams and protect themselves by, for example, scrutinizing email addresses and website URLs.

If in doubt about the safety of an attachment, you can tell employees to forward the message to a Gmail account and view it safely in Google Docs, rather than download it to their computer, suggests PhishMe co-founder Aaron Higbee.

You also can encourage employees to use instant messaging and work together on documents using collaboration software, he says, making your company less reliant on unsecure email.
Get 5 Computers for the Price of 2

by Dedicated Business Designs on January 31st, 2012




Think big - go thin


What is a thin client?
Thin clients are computing devices that function as an access device on a network. These solid-state devices connect over a network to a server where the bulk of the processing takes place. Thin clients have no hard drive, allowing for more secure storage of data and applications on the server. In fact, keystrokes, mouse events and screen images are all that is sent between the client and server. This makes the device much more secure than a standard desktop or notebook computer.

With no hard drive, fan or other moving parts, thin clients have a much longer lifespan than standard computers and use significantly less power. Lower maintenance costs are another benefit as software application updates, virus scanning and patches can be executed on the server. Deployment costs are also reduced as thin clients can be remotely configured and do not need to be set up individually. Break-fix simply requires replacing the thin client.

Why should I consider a thin client solution?
You need to learn more about the HP thin client solution if your business is faced with issues such as:

Desktop replacement costs
Network security
Data access to mobile or remote workers
Supporting application software on diverse hardware, or
Ensuring your data remains accessible and secure

Thin clients are ideal solution for today's healthcare, industrial, retail, financial and education industries offering a number of benefits to your business.

Enhanced security

Unlike a traditional desktop or notebook computer, no applications or data are stored locally on the thin client. This makes them easy to replace if lost, stolen or damaged. Thin clients are an ideal choice for businesses that are facing increased regulatory compliance laws such as HIPAA or Sarbanes-Oxley.

Easier manageability

Thin clients are managed at the server, located within the data center. The client hardware has fewer points of failure and lacks a hard drive for storage providing protection from viruses and malware. Thin clients connect to servers via web browsers or remote desktop software. Depending on the functionality the user needs, client desktops can be very simple single-application kiosks or a flexible and familiar Windows environment.

Thin clients can be set up out of the box in less than 10 minutes allowing easy deployment to new users or remote locations. HP thin clients can be remotely configured and managed via management software included at no extra charge.

High reliability

With thin client access devices, business continuity is a given in the event of a natural disaster, as the data and applications are not resident on the client device. Because of their solid state design, thin clients have an extended product life of up to 5 years and can be cost effectively replaced if needed.

Thin clients are ideal for environments unsuited for traditional desktop computers like dusty, remote or space-constrained environments. They can be mounted invisibly behind a flat panel monitor, under the desk or just about anywhere with the optional VESA (Video Electronics Standards Association)-compatible HP Quick Release.

Increased energy efficiency

Thin clients offer significant savings in power usage over traditional desktops. This is realized not only in energy costs but reduced air-conditioning costs in some cases. With their long lifecycle thin clients allow companies to achieve energy savings targets and reduce the need for replacement equipment.

Lower total cost of ownership

The increased security, reliability and ease of management contribute to a lower total cost of ownership for your client computing devices. With a longer useful lifespan, thin clients contribute to cost savings. According to a study by Gartner (TCO Comparison of PCs with Server-Based Computing, June 2006) thin client TCO annual savings have been measured as high as:

79% less downtime cost per user
16% capital cost savings
34% less in maintenance
19% less to operate
48% overall lower total cost

HP's Client Virtualization Solutions
HP offers a complete solution of thin client devices for essential, mainstream, flexible or specialized computing. HP can also provide all the related products and services for remote client computing or desktop virtualization including blade PCs, storage, networking and servers.
A SOPA About-Face for Members of Congress

by Dedicated Business Designs on January 20th, 2012

The tech community spoke. Lawmakers listened.

In the wake of several dramatic online and in-person protests, the authors of two anti-piracy bills announced today that any further action has been postponed. First, Senate Majority Leader Harry Reid (D-NV) said he decided to postpone today's vote on the Senate's PROTECT IP Act (PIPA) "in light of recent events." Shortly after, House Judiciary Committee Chairman Rep. Lamar Smith (D-TX) issued his own statement indicating that the committee is postponing consideration of the Stop Online Piracy Act (SOPA) legislation.

The collective outcry from the tech community and others swayed members of Congress. Earlier this week, 80 members of Congress supported the PIPA and SOPA bills while 31 opposed them. As of Thursday, 122 members oppose the bills.

Related: NY Tech Entrepreneurs: Stop the SOPA and PIPA Anti-Piracy Bills

"I have heard from the critics and I take seriously their concerns regarding proposed legislation to address the problem of online piracy," Smith, who authored the SOPA bill, said in the statement. "It is clear that we need to revisit the approach on how best to address the problem of foreign thieves that steal and sell American inventions and products."

The moves follow several online protests this week from companies including Google, Wikipedia and Reddit, as well as in-person demonstrations around the country, including NY Tech Meetup's rally Wednesday in Manhattan.

Read More
Entreprenuer.com
Why You Should Consider Outsourcing Computer Security

by Dedicated Business Designs on January 18th, 2012



BY RIVA RICHMOND | Yesterday| 1


Cybercriminals are relentlessly hacking websites to attack unsuspecting visitors, breaking into databases to steal customer information and trade secrets, and infiltrating executives' PCs to filch financial-account information.

Typically, only the largest of companies can afford an in-house security team with the tools and expertise to defend them in this kind of cyber war. Other firms, experts say, are now largely outgunned.

That's why a growing number of smaller companies are outsourcing the job to so-called managed security services providers. They offer state-of-the-art technologies and seasoned security pros at affordable prices because they spread the costs across many clients. Indeed, small- and medium-sized companies are expected to drive a near doubling in spending on managed-security services to $14.9 billion in 2015 from $8 billion in 2011, according to Stamford, Conn.-based research firm Gartner Inc.

Read More
What You Need to Know About Google Apps for Business

by Dedicated Business Designs on January 16th, 2012

What You Need to Know About Google Apps for Business

BY JONATHAN BLUM | 8 hours ago| 0

Google is serious about small business apps. Last year, the company renamed its Google Apps Premier office product suite Google Apps for Business. The Mountain View, Calif.-based search and software giant also launched a series of tweaks intended to create an all-in-one office software product businesses would actually pay for.

Google is betting that companies will want to switch from its free service by offering features such as increased control and security over email, more storage space for company content and live customer support. The new paid version has significant features that can be ideal for businesses that pay careful attention to security, compliance and data storage.

We've tested Google Apps for Business and came up with the following guide for migrating to this new paid service.

The differences between Google Apps and Google Apps for Business.
Google Apps for Business includes many of the same features as the basic Google Apps, including heavily-used tools such as email, calendar and documents.

The big difference is administrative. Google Apps is free, but capped at 10 users and limited to 7 GB of email storage per person. It does not include service level guarantees or active customer support.


Related: One Way to Navigate the Business App Marketplace

Google Apps for Business has two pay plans: $5 per user per month with no contract, or $50 per user per year with a one-year commitment. Businesses can add unlimited users and get 25 GB of email storage, live customer support and the ability to sync with a business' BlackBerry Enterprise Server or Microsoft Outlook.

Read More


◀ Older Posts