5 Tips To Better IT Security for SMB

If you haven’t followed the technology news lately, chances are good you missed the recent security breach news of Target and Blue Cross: Customers won a $10 million settlement against Target relating to the retailer’s Dec. 2013 data breach; in the meantime, nearly eleven million customers suffered exposure of their personal data with Premera Blue Cross.

Whether you’re a small firm or big blue chip company, data security threats have been on the rise. But why? Actually, the problem is often related to people rather than anti-virus software and gateways. Granted, new protocols to keep your network locked down are offered by some of the major security firms throughout the U.S. However, if your technicians are not updating your software, you may suffer invasion.

Plan Scheduled Updates

One of the most critical components of protecting your network can be done by simply scheduling your software updates at least twice per month or more. Again, it’s the people factor that causes companies to operate everyday while also exposing their systems to hackers. Your IT technicians should set a day at least twice per month to evaluate your current software and inquire about updates.

Amazingly, more and more companies are getting attacked through gateway breaches which should have thwarted malicious threats.

Code Script Trojans

Too often your network, website and private data was developed by outdated coding languages. Information leaks often occur in the following scenarios:

• Multiple cross-site scripting is an area where hackers look to invade. For example, the .Net coding language is prone to vulnerabilities.
• Another area to consider is if you run outdated versions of ColdFusion. Once considered the premier database management software, ColdFusion has since suffered SQL invasions as more companies invest in big data systems.

Unauthorized VPN Access

Another part of your network to review is your VPN permissions. Face it. Every company has vendors and customers who sometimes have administrative credentials to access parts of their networks. The problem for some are these types of exposures can become a threat.

Many companies leave the task of updating their access credentials to lower-level IT techs. Bad idea. Remember, your network is only protected if your doing regularly scheduled audits of your authorized users.

Management of Users

Do you know how many users can access your data? Chances are likely you don’t. The problem many companies face is the challenge of monitoring network access by un-authorized users. Remember, people are always going to attempt to infiltrate your data. How you monitor and react to intrusions is your best defense. We recommend you develop a master list of authorized users (employees, vendors and customers) and the permissions of their credentials.

It’s not enough to wonder who’s accessing what parts of your systems. Instead, smart IT security managers employ vigilant evaluations of all users.

Poor Password Strength

If there’s one area you need to assess, it’s your user passwords. Too many are often chosen for memorability rather than security strength. Although it’s simple to remember ‘1234’ or variations of memorable characters, your users need to embrace alpha-numeric complexities.

Your best defense is to meet with your network security administrators to develop a core set of robust password parameters every user should adhere to using. For example, a highly-complex password like ‘C^d!4dj~vyQa’ is far stronger despite the effort it takes to input.

If your company uses roaming profiles for your employees to use multiple work stations, we advise you to consider mandatory password updates at least once per month to protect your networks.


LinkedIn Password Breach

Six and a half million users of the ubiquitous business networking site LinkedIn have apparently had their passwords stolen.

Online security experts say site members should change their passwords right away.

As of this morning, PC World reported, only a minority of the passwords appeared to have actually been exposed. A file containing the 6.5 million security codes showed up on a Russian online forum, but the codes were “hashed”—meaning they’d been encrypted. However, according to PC World, the algorithm used allows hackers to decipher simple passwords fairly easily because it does not include “salting,” or the addition of random characters.

The uploaded file did not include usernames, but experts say that doesn’t mean that whoever stole the passwords does not have those as well.

LinkedIn has said it’s looking into the reports. At 11:18 this morning, the company tweeted “Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here.” However, many users are reporting that they’ve been able to find their own hashed passwords in the leaked file.

LinkedIn has a total of 150 million users worldwide, so ZDNet writer Zack Whittaker points out the breach appears so far to affect a small portion of the user base. However, Whittaker also notes that the breach could be a major blow to the site’s reputation.

The incident comes on the heels of a report that a LinkedIn calendar app on iOS operating systems sends information back to the company without explicit permission. LinkedIn responded that this is done only if users opt in and that the information sent is kept secure.