Wired Nation

How Businesses Can Protect Themselves From Hackers

WiredBlogAdmin — Wed, 02 May 2012 22:12:21 +0000

Caroline Dennis, President of Wired Nation, wrote this recent article that appeared on the FinanceNewMexico.org website. Read below, or click here to read the reprinted article.

How Businesses Can Protect Themselves From Hackers

Given the numerous products and promises of the information technology (IT) security industry and the frequent news stories about data breaches, it’s not surprising that business owners don’t know where to start when it comes to protecting themselves from information-highway robbers. Some wonder why they should spend money on sophisticated security systems when hackers can get around them.

Even if a business doesn’t hire someone to watch over its systems, it can implement some basic IT security measures to significantly reduce its vulnerability.

Know the Enemy

Small businesses often deceive themselves into thinking hackers won’t hurt them because hackers are after big money from big businesses. But small organizations are perfect targets because hackers know that small businesses typically have minimal security. Hackers likewise prey on business travelers — especially executives — who use unprotected mobile phones, Blackberrys, iPads and Kindles to conduct business.

Hackers get into computer systems in several common ways. They can extract information about a business by gaining the confidence of an unsuspecting employee, which is why staff members need regular training about basic IT security practices. Hackers know that companies have lots of software running on their computers, and most of these computers are not patched and updated regularly, making them vulnerable to the malware or keystroke logging programs hackers use to steal account information. And weak passwords are easy for cyberthieves to crack.

How to be More Secure

A business owner should first identify what data or intellectual property is most important to protect based on the potential impact of its loss or corruption. To begin protecting it, he should:

Strengthen passwords: People often use the same simple password on multiple sites because it’s hard to keep track of dozens of them. The free program Password Safe (http://passwordsafe.sourceforge.net/) offers a way to store, generate and manage passwords. (A password can still be stolen by keystroke logging malware, but this is a risk for any password-protected asset.)

Use encryption programs: Businesses that use services like Dropbox or search engines like Google should know that any information launched into cyberspace is out there for public consumption. SpiderOak (https://spideroak.com/) is a free online backup, synch and sharing program that encrypts, or scrambles, the data on a computer before it’s uploaded to the Internet. It works with Windows, Mac and Linux operating systems.

Monitor computer logs: A company’s firewall, server or router generates logs that require regular monitoring, as they usually give the first warning of intrusions or suspicious activity. If the business doesn’t have time to monitor these systems, it can hire a managed service provider to keep watch and perform regular patching. Log management software packages are another way to catch a problem before it becomes severe and costly.

Encrypt files sent by email: Sensitive documents sent via email can expose a business to hacking. AxCrypt (http://www.axantum.com/axcrypt/) is a free, open source product that works with Windows to allow an individual or business to send email attachments in an encrypted format. The person receiving the email needs to know the passphrase to open the file, and this should never be sent by email.

Attend the IT Security Summit New Mexico: On May 3, Santa Fe Community College hosts a one-day security summit where anyone from IT and information assurance professionals to business professionals and entrepreneurs can learn about the latest computer security trends, network with peers and share remediation strategies. Industry experts in research, business, academia, law enforcement and government will address cyberthreats, and a panel discussion called “Virtualization Strategies: A Security Perspective” features chief information officers and IT security professionals from the University of New Mexico, private industry and Los Alamos National Laboratory discussing the security implications of server consolidation projects. The conference is sponsored by the New Mexico Technology Council (NMTC) and the New Mexicochapters of Information Systems Audit and Control Association (ISACA) and the Information Systems Security Association (ISSA). Because space is limited, people are urged to register at www.fbcinc.com/itssnm.

Josh Dennis, CIO of Wired Nation, honored as “Titan of IT”

WiredBlogAdmin — Wed, 02 May 2012 16:54:48 +0000

Congratulations to Josh Dennis, CIO of Wired Nation, for being named one of New Mexico’s “Titans of IT”. Mr. Dennis was nominated to the “Consultant” category.

Read the full article here.

IT Security Summit New Mexico (ITSSNM) – “The Perfect Storm” featured in the Santa Fe New Mexican

WiredBlogAdmin — Wed, 02 May 2012 16:49:48 +0000

Read this recent article on the IT Security Summit, taking place tomorrow at the Santa Fe Community College.

Santa Fe New Mexican article

IT Security Summit New Mexico

WiredBlogAdmin — Wed, 02 May 2012 16:44:17 +0000

Money, skills, and patience.

Cybercriminals have an abundance of all of these factors. There is little debate that your organization, large or small, private industry or federal government, has and will continue to be targeted by cybercriminal activity.

As opportunities to reduce costs and improve productivity with virtualization and a variety of mobile devices present new challenges, the information technology and security community prepares for the Perfect Storm.

Whether your organization has recently consolidated your infrastructure using virtualization or you want to better understand the current security threats, you won’t want to miss the ITSSNM in Santa Fe.

The ITSSNM will be a dynamic forum where government, academia and private industry Information Technology and Information Assurance professionals will have the opportunity to network, exchange information and engage in discussions on IT Security best practices, trends, and emerging technologies.

The IT Security Summit NM will look at the gathering storm as well as ways to be prepared in this changing environment.

Preparing for the Perfect Storm will look at:

Global Security Trends
What threats are most likely to impact your organization?

‘Cloud’ Computing
The Cloud computing model has emerged as a miracle pill that will drive down IT infrastructure costs and increase productivity, but at what cost?

Advanced Persistent Threats (APT)
APTs have a growing number of sophisticated targeted attacks in our networks every year. How can organizations effectively detect and respond to this with tighter budgets?

Virtualization
When does this make sense and how are organizations of all sizes approaching the process and what has been successful?

Web Application Security
As we become more dependent on web- based tools and increase our use of mobile devices in the workplace, what kinds of vulnerabilities are we creating?

Who Should Attend ITSSNM:

CEOs
CIOs
Government
Law Enforcement
Information System Security Managers
Information System Security Officers
Privacy Officers
Information Technology Administrators
Information Technology Directors
Information Management Officers
Network Administrators
Security Engineers
Security Education
Training Specialists
Industry and Academia Professionals with Cyber Security Specialties

You may obtain further information about IT Security Summit New Mexico (ITSSNM) by contacting:

Federal Business Council, Inc.
8975 Henkels Lane Suite 700
Annapolis Junction, MD 20701

1 (800) 878-2940
(301) 206-2950 (fax)

Email dennis@fbcinc.com

Hackers Shift Attacks to Small Firms

WiredBlogAdmin — Tue, 16 Aug 2011 17:02:59 +0000

Why hack me?

When we are doing post-breach cleanup for new clients, many of them ask us the question, “Our business is not that interesting, so why would anyone hack me?” They may be a restaurant chain who thinks the only items of value they have are recipes that aren’t very hard to reproduce, or they could be a nonprofit who “just does performances”.

The fact is, they all have juicy bits of data that can mean a lot to an attacker. Most of them collect credit cards from customers, they do online banking, and they have payroll information that can be used to build a fake identity that enables an attacker to do more crimes. Even if the hacker is not after your money, your computer’s processing power is valuable when attached to several thousand other compromised machines. Ten thousand computers can crack a password a hell of a lot faster than one…

The Wall Street Journal has some startling statistics in their article, here.

Awards & Accolades

Wired Nation — Sun, 14 Aug 2011 20:33:45 +0000

Wired Nation is recognized as the 2010 Small Business Heavyweight by New Mexico Business Weekly

In business for over 15 years, Wired Nation receives accolades for our staying power in business and uniqueness of our service offering. Read all about it…

What is IPv6 and Why Should You Care?

Wired Nation — Sat, 13 Aug 2011 11:17:49 +0000

You mean we are running out of IP addresses on the Internet??? Yes, it’s true, sort of. IP addresses are used by computers to find each other on the Internet.

Each device has its own IP address (roughly, because some devices hide behind other devices such as a firewall, which uses its IP address for those devices).

We have been using IP version 4 (IPv4) addresses since 1981, and way back then they thought that we would never exceed 4.3 billion devices, so that is how many addresses they created. The problem is, many people have 1 or 2 smartphones, a laptop, a desktop, and soon will have networkable refrigerators and toilets; their companies have web servers, email servers, etc. The last IPv4 address blocks were handed out by IANA, the top-level provider of IP addresses, in February this year to regional registries, who pass them to Internet Service Providers, such as TimeWarner, who then gives them to businesses and individuals. They are expected to run out later this year.

IPv6 supports 340 undecillion devices, which should last until long after we are dead; by then our great, great, grandchildren will have moved on to a better form of addressing. Meantime, do you have your IPV6 migration plans in place? We can help you make the most of your IPv4 addresses and help you navigate your way to IPV6.

Don’t Click that Link!

Wired Nation — Sat, 13 Aug 2011 02:11:39 +0000

Don’t ever click links in email. Don’t ever click links in email.

Did I say that twice? Good, maybe now it will sink in. This article from the New York Times is about spearphishing, which are emails that are targeted directly at you or your organization and usually contain a link to a website that does bad things to your computer. These emails are much more convincing than those from the king in Africa who wants to give you his money, which now that I think about it, he never did, the rat.

Wanna Know Who Gets Hacked?

Wired Nation — Wed, 10 Aug 2011 20:58:56 +0000

This website has a searchable chronology of all reported data breaches 2005 to the present.

You can search by the organizational types that were breached (government, educational, financial, nonprofit) and the type of breach (unintended disclure, hacking or malware, payment card freud), the month and year it occured and in some cases it will even tell you what the damage was. For those of you who still ask why anyone would care about hacking your business, this site is worth checking out.
Privacy Rights Clearinghouse

Your BlackBerry and Electronic Surveillance

Wired Nation — Fri, 15 Jul 2011 18:04:17 +0000

Who cares about intercepting your BlackBerry?

This Christian Science Monitor article reveals some startling information about how different nations use electronic surveillance for gathering commercial intel. This quote from the article says it all:

“America’s real crown jewels are not our government secrets but our intellectual property,” writes former White House cyber security adviser Richard Clarke in a 2010 book “Cyber War”.