Categories
Business Technology

Information technology security and business

This article is written in partnership with Dell. To find out more about promotional content please visit our Privacy Policy.

Technology has had an undeniably colossal affect on how we do business. We can now communicate with people around the world in real time, pay for goods with the swipe of a card or click of a mouse and download files from the cloud with the push of a button.

Like with most things in life though, technology does have its downsides. Historically, technological problems have centred around speed and reliability. Thanks to advances in programming, processing power and cabling, technology is now faster and more reliable than it has ever been. This is also in part thanks to more people becoming ‘tech savvy’. People expect more of technology, and more people are working to improve it. As such, the age old issues of speed and reliability which have plagued almost all forms of technology, are no longer under the spotlight. I would argue that security is now a bigger issue.

A padlock on an ethernet cableThe growth of the global tech savvy population means that more people understand how technology works, which is great in some respects, but from a security perspective, it can be concerning. If your employees know how to access confidential files you store on your server, or your customers are able to apply 99% discounts to products in your online shop then you have a problem.

In 2014 eBay was one of the most high profile victims. Vulnerabilities in Javascript and Flash code on some listing pages enabled hackers to steal users information, post fake listings and redirect visitors to fake payment pages. In 2013 Sony was fined a quarter of a million pounds by the ICO in the UK for compromising customer details in a 2011 data breach.

In it’s recently released business security e-book, Dell state that they believe many of the security problems we face today are because businesses use fragmented systems and they use a different security solution to protect each one. Whilst your payment system might be completely watertight, if it’s linked to your website, which happens to contain some vulnerable Java technology, then hackers may be able to crawl into your systems. To quote Dell’s Director of Product Marketing, Bill Evans “Patchwork solutions that combine products from multiple vendors inevitably lead to the blame game“. He goes on to say that when using fragmented systems, each vendor “is responsible for only part of the problem” making it very difficult to properly secure your systems.

There are many different solutions for companies out there. As a business you could ground yourself firmly in the first half of the 20th century and refuse to adopt technology of any kind. After all, if all the details on your client, Mrs Jones, are kept in a file in filing cabinet 35B on the sixth floor of the of your customer information storage centre, a hacker cannot squirrel their way into your network and then publish Mrs Jones’ details on the Internet. That does however mean that when Mrs Jones pops in to see you, you have to keep her waiting for 20 minutes whilst you go to find her file – as opposed to typing her name in and pulling up her details on your tablet.

There are often benefits of using software and technologies from different vendors, and it would be foolish to dismiss a good business system just because it has a few minor potential security floors. The challenge then is to find a security system than can protect your new technologies.

A security key on a keyboardUsing a single, comprehensive security system, such as Dell Endpoint Security to protect all your information technologies would help top alleviate many of the problems that arise when using a patchwork network of security systems. Using one system would instantly eliminate conflicts between security software. It can also be much easier to manage one unified system than trying to juggle several separate schemes.

Naturally each individual security system may have some specific advantages that one universal security system may not, but the fact that a universal system is just that, universal to all your businesses technology, is a huge advantage.

Dell believes that all good universal security systems should: protect the entire business both internally and externally; comply with all internal policies and indeed national laws; and enable employees to adopt technologies with confidence and ease, promoting efficiency and innovation.

What are your views on business technology security? Let us know in the comments below.

Categories
Computers Technology

What are the risks of getting infected by malicious software?

Have you ever thought of what is going to happen when you are infected by a computer malware? About a decade ago, computer virus aims were to replicate themselves and destroying key operating system functions. If you got a computer malware infection at that time, most probably your operating system will be corrupted by the malware and you will need to format your hard disk to solve your problem.

Today, malicious software behaves a little different. We have more than 10 types of computer security threats such as virus, trojan, worms, spyware and many more. Each type of malware has their own speciality and here are top 3 risks of getting infected by a computer malware.

1. Having your login credentials stolen

It is very popular today that a keylogger/keystroke logging is used to log a victim’s login credentials. Once the keylogger has a set of your username and password, they can login into the account and do almost everything unless your account is protected by a two factor authentication.

2. Losing hard disk space

Hard disk space today can be very cheap but we should not waste it on storing malicious software. Malware such as worms will replicate in your operating system and take up your hard disk space. You will not feel the burden at the beginning but as the process gets longer, you will start to feel the pain of having insufficient disk space.

3. Spending money on unnecessary stuff

There is also a type of malware where they scare you off by telling you that your computer has hundreds of infections which you actually don’t have. Upon scaring you, they urge you to purchase a bogus antivirus which claims that can clean all the mentioned infections. All in all, you end up actually paying for nothing.

4. Being part of a minion for DDoS attack

Have you ever thought of how DDoS can bring thousands to millions of traffic to a server? It is actually all the computers which are infected with some sort of trojan that explains how the attacker can have such massive amount of traffic. By getting a malware infection, you are at risk of becoming part of this big project which you do not want to be.

5. Losing your privacy

Another form of malware which is known as spyware is built to spy your daily activities. By knowing your daily activities, the attacker will be able to understand you better before attacking you. For instance, if you regularly surf to adult sites, the attacker will probably start off with some fake adult material to lure you into their trap.

Looking at someones internet usageBack to you now, are you able to take all the risks mentioned? If you are not, be sure you have a good habit when it comes to internet and computer security and always remember that having an antivirus and firewall is not sufficient for a good security.

Categories
Computers How To Guides

Steps to Take Before Throwing Away Your Old PC

In 2010, the FTC recorded over 250,000 complaints of identity theft in the United States. While many identity thieves still get their information from your paper mail, a stolen purse or wallet, or hacked files online, more and more are starting to glean sensitive information from the hard drives of old computers. If you’re getting ready to toss out your desktop or laptop in favor of a newer model, take these steps to protect yourself from identity theft.

What information might be stored?

Not sure it’s worth all that work to wipe your hard drive? After all, you don’t keep a ton of important information on your computer, so what could a hacker possibly find anyway; and if you’re just donating your computer or selling it for cheap, what are the odds that an identity thief is going to get his hands on it?

The problem with this line of thinking is that often times, your computer has stored information that you don’t even know it has stored.

Common information stored on computers includes account numbers, credit card numbers, passwords, registration keys for software programs that you use, medical information, addresses, and even tax returns – which contain pretty much all the personal information necessary for a someone to apply for a credit card or bank loan in your name!

Keep in mind that many identity thieves will actually buy a used computer – or even steal a donated one – in the hope of gleaning such personal information. This information can be worth thousands of dollars to them and can create a huge headache – and financial problems – for you.

How to get rid of the data

So, before you sell your computer or donate it to your local school system, take these steps to get rid of the data for good:

1. Don’t count of just deleting the files. While you’ll want to delete the files from your computer, this is just the first step to take. Identity thieves are often experts at getting deleted information from hard drives by using specialized software.

2. Save any files you want to keep. Before you wipe your hard drive, you will, of course, want to save any files you want to keep. You can transfer your data to a new computer, burn it to a CD, put it on a USB drive, or put it on an external hard drive – a particularly good option if you need to store a ton of files or information.

3. Use a utility program specifically meant to wipe your hard drive. Local tech stores will sell utility programs meant for this purpose that match up with your specific operating system. The best idea is to get a program that will overwrite or wipe the hard drive several times instead of just once, and you’ll definitely want a program that wipes the entire drive.

If you know your computer has particularly sensitive information on it and you don’t trust a utility program to get rid of the information, you can always destroy the hard drive physically.

Businesses in particular, often use hard drive shredding services, as their computers tend to have lots of personal information on both employees and customers of the business.

A hard disk shredder
A hard drive being shredded

Once you shred the hard drive, you can simply sell or donate the rest of the computer without it, and the new owner can then completely replace the hard drive.

Watching for identity theft

Even if you are careful to destroy information on your computer before you sell or donate it, it’s a good idea to be wary of potential identity theft.

Check your credit reports regularly to ensure that everything is accurate. Credit reports are normally the first place you’ll see evidence of identity theft when new accounts pop up that you didn’t open. If you do think you’ve been a victim of identity theft, get identity theft assistance as soon as possible.

Report the problem to the credit reporting bureaus, who will place a fraud alert on your account. Then close the new, fraudulent accounts. Finally, report the fraud to the Federal Trade Commission and your local police department.

If you’ve taken steps to protect your personal information from being stolen, you may never have to deal with the problem of identity theft, but it’s always a good idea to be aware of what you should do if your identity should be stolen.

Categories
Competitions News

IT Security Column Competition

Alan Tay is one of Technology Bloggers writers, and to date has published 6 articles, and loads of comments. Alan runs his own blog on IT Security, and has recently launched a great competition, (to celebrate the 1 year anniversary of his blog) that he has asked me to write about.

Alan is hoping to get some sponsors to provide him with some great prizes, but has also offered $100 of his own cash to the winner. Alan stresses in his article about the competition, that it is not a free giveaway, but a competition, whereby the author who is able to write the best article for his site will be rewarded.

IT Security Column's Logo
Alan's blogs logo

To enter Alan’s competition, you need to write an article for his site – which is based around IT Security. After his approval, your article will go live on his site.

The winner of the competition will be the person who’s article drives the most traffic to Alan’s blog. Alan says that the article he will choose as the winner is the one which his readers love the most, the one which gets shared the most via the social web, the one Google ranks highest and the one the content sponsors like the most.

The competition officially opens on the 6th of March, and the last entry date is the 15th of March. The winner of the competition will be announced on the 22nd of April 2012.

I hope to hold a competition to celebrate Technology Bloggers 1st birthday soon, so stay tuned for that competition too 🙂

Will you be entering Alan’s contents to try to win his $100 and any other prizes he may get from sponsors? I will be 🙂

UPDATE: I came second in Alan’s competition, winning $30 and a copy of Auslogic Disk Defrag Pro! My thanks go to Alan, as well as to everyone who read my article, commented and voted 🙂

Categories
Computers Technology

Does Security Have to be Technical?

I had been a software engineer for at least 3 years specializing in digital security. A month ago, I attended a small workshop which talked about IT Security for corporate and the speaker said this somewhere in the middle of the workshop:

“Security is a process. It does not have to be really technical and the most important part is the process.”

I stunned for a while and suddenly my mind wondered away from the workshop deeply thinking, what is the speaker trying to deliver? I started this serious thinking simply because it is not said by some non-technical or sales person. Instead, the person speaking in front of me is a Certified Ethical Hacker.

A padlock key on a keyboardAt the end of the workshop, I begin to understand what he is trying to deliver. After 3 years of writing programs for the benefit of security, I turned out saying that security is a process. Why would I say that? Look around us. All the tech that you need to protect yourself from cyber crime is there. Anti-virus, firewall, anti keylogger, parental control, password manager and many more are all available in the software market. There is no reason for us to say in terms of technology, we are not good enough in security.

What makes so many of us a victim of computer or internet threat is the lack of proper process in computer and internet security. Security is not a short process where you only apply if you need it. For instance, you don’t only apply security when you had just downloaded a file from an unknown site which required a security scan.

Security is an end to end process. This means that the moment your computer boots up, security should be applied until the time your computer shuts down. People usually failed to stay secure simply because they don’t apply security from the very start. Agree?

So what’s your view? Do you still think that security has to be something technical?

Categories
Computers Internet Technology

Are Antivirus and Firewall Sufficient for Good Security?

Whenever people talk about computer and internet security, they talk about malware which consists of virus, trojan, worms, spyware and many more. When they come to talk about the solution for those threats, the solution is to get an antivirus and firewall to do the work.

The question now is, are they sufficient for a good computer and internet security? I would say ‘No’. It is very irresponsible to put the blame into that awesome software when you become a victim of malware infection. I believe that software like antivirus and firewall are there to help you in achieving good security, but not creating some sort of plasma shield to you.

The reasons why you have a poor security

As I said, you can’t blame the software for being too poor as the reason that you to get infected. Part of the reason why you are infected can be several below.

You are too careless when handling incoming links from email

Incoming links from emails especially from an unknown sender are usually malicious. They don’t lead to valuable site but either phishing site or malicious site. If you happen to land on a malicious site, your computer will most probably infected with virus, trojan, or worm the next minute.

If you don’t update and patch your operating system, the wounded area is the target for hackers

Sad to say, there is no such thing such as perfect software. Software is always 95% complete where 5% is the section for bugs and vulnerabilities to exist. It is the matter of time whether those vulnerabilities are found.

If the creator happened to find those vulnerabilities before the bad guys, they will still able to patch the wounded area. So if you don’t update and apply the patch, you will the one targeted by hackers to exploit your vulnerabilities.

You are the owner of your computer, not the administrator

Many of us think that being the owner of the computer means being the administrator as well. But do you know that Microsoft did not design it this way for us? There is an option to create a Standard User and there is User Account Control (UAC) so that we will use our computer in the way that we don’t have full privileges to do everything, same goes to the hacker.

A set of keysBy having a strict UAC, you will realize that every single time you run an application that might affect your System files, you will be asked for permission. The benefit here is, if a hacker tries to run an application to harm your system files, I bet you will know it as well when your UAC pops up.

My verdict to poor security

Having a bad security does not mean your antivirus is not efficient enough or your firewall is not solid enough. At times, it is the user who lacks of experience in handling computer threats. As a result, it is important to always stay alert whenever you are browsing the internet.

If you want to learn more about security, you can grab my copy of eBook for free on how to Build Your Own Security.

Categories
Gadgets Technology

5 Most Popular Two-Factor Authentication Security Devices

As we had discussed before, one-factor authentication is not sufficient in order to have good security. Especially when we talk about sensitive transaction such as banking transactions, it is not secure anymore today if it were done only using username and static password.

Two-factor has to come into the IT security field to ensure that the correct person is authenticated. The items below are the five most popular methods used for any two-factor authentication.

1. Mobile OTP

Mobile One-Time Password
Mobile One-Time Password (OTP)

A very popular and cost saving method is to use a SMS gateway and send OTP (one-time password) to a mobile phone user. This method is used widely simply because everyone has a mobile phone today which means everyone can use two-factor authentication as long as the host of the application willing to invest and provide this service.

2. OTP Token

One-Time Password Token
One-Time Password (OTP) Token

OTP token works more or less the same as the Mobile OTP. The difference is that this is a separate device and the OTP can be generated immediately instead of waiting for the SMS gateway to send. As a result, it is more reliable than the Mobile OTP but additional cost needed to have this device.

3. PKI USB Token

Public Key Infrastructure Token
Public Key Infrastructure (PKI) Token

PKI USB Token offers the second best security in the market by beating off man in the middle attack such as phishing attack. However, PKI implementation needs an infrastructure where it is going to be costly. Due to the cost matter, PKI is not well known in certain countries as people will go for OTP to have the balance of security and investment cost.

4. EMV Cap OTP with Signature

Europay, MasterCard and VISA Cap One-Time Password with Signature
Europay, MasterCard and VISA (EMV) Cap One-Time Password (OTP) with Signature

EMV Cap OTP offers the best security around as it not only beats off the man in the middle attack, but also the man in the browser attack. This is simply because the user needs to sign the transaction using the EMV card reader instead of the web browser. As a result, the Trojan of the man in the browser will no longer work. The drawback is that, signing with transaction device can be a tedious thing to do. The user needs to enter correctly the recipient’s account number and the amount in order to perform the transaction successfully.

5. Out of Band Transaction Detail Verification

Out of Band
Out of Band

This method provides the best security similar to the above and solves as well the weakness of the EMV Cap OTP. What this method does is to send the user the details of the transaction such as the recipient’s account number, amount and the OTP code via non-internet channel such as voice call or SMS. The user will verify those details given and confirm the transaction by submitting the OTP code into the web browser. This gives great security but not anything more after that. Unlike PKI, that piece of digital certificate can do not only authentication signing, but also document signing, PDF signing or even data encryption.

Nothing is perfect in this world where everything has its good and bad. You have to clearly define what you want and I’m sure you can find the device that is suitable to you.

Categories
Internet

Is One-Factor Authentication Really Sufficient?

In the analogue world, we identify ourselves by our national identity card which consists of basic information such as name, address, date of birth, and a unique ID number.

However this cannot be done in the digital world. Whenever you go online, even your name is not commonly used for identification. What commonly used is the username and password and these two are the basic criteria of a one-factor authentication.

The one-factor authentication is also known as ‘something you know’. Today we have more than one factor when it comes to authentication and it is applied by using a software or hardware device as part of your authentication. This make up the second factor and it is known as ‘something you have’. There is also third factor which is still not popularly used is the third factor or also known as ‘something you are’.
A set of keysThe reason of having so many factors in authentication is that the one-factor authentication is not sufficient for a sensitive transaction’s security. It is vulnerable to the traditional ‘Brute-Force’ attack that it is still useful today simply because computers today are extremely fast and it can even be done not only using CPU but also GPU.

The other weakness of one-factor authentication is that it is extremely vulnerable to ‘Password Reuse’ attack. There are not many users who change their password frequently or use different password for different online account. As a result, any username and passwords that are hacked can be possibly used from time to time on different website.

So now, do you perform your online banking transaction with just username and password? Think twice before you put your online banking account at risk.

Even for certain two factor devices, they are vulnerable to phishing attack. With the increasing cybercrime rate, we should focus more in our IT security. Especially for online banking account users, do think of your safety if you are still with one-factor authentication on that.

Categories
Internet Technology

5 Reason Why Phishing Is Still A Popular Trick

Phishing had been widely used at least half a decade ago but it still remains as one of the popular method to scam internet users. Just recently, thousands of Tumblr bloggers were affected by a phishing attack which caused their credentials such as username, passwords, and email addresses to be stolen. Many of us might still be wondering why there are so many victims out there even though we had been taught from time to time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons.

#1 – It tricks the victim with fear.

One of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server. Users who have a large amount of cash in their banking account will be scared to see this mail and some of them will follow the mail to avoid their account being compromised.

#2 – It tricks the victim with special interest.

Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. Just recently, Tumblr bloggers were asked to re-verify their accounts by entering the username and password in order to continue and view the adult content. At times, it is not always money related issue can relate to phishing scam, but also special interest as mentioned can relate to a phishing scam.

Free Money - Scam
A typical scam: a persuader is put out, but just as you grip hold of it, the trap snaps shut on you

#3 – It is not a rocket science technology.

Phishing attack involves creating a forged website and it might be difficult to certain people. However if it is to compare to hacking a banking server, creating a forged website is not that complicated. Therefore many novice or intermediate scammers will choose to use the phishing method over any other method in their hacking project. In short, phishing is not mainly about technical skills but it is also about how good the hacker in luring his victim into a trap.

#4 – It can be launched via many types of communication channel.

Phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to the victims to lure them to the forged website. Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques.

#5 – Compromising one account is not the end.

After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook, Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.

In conclusion, phishing can be an old technology but it is not an out-dated technology. There are still countless internet users who fell for this old technology. To have a better IT security, we should always stay focus and caution when using the internet and pay extra attention when something unusual occurred.