#1 Overconfidence

User overconfidence in security products is the top threat to your network. Failure to “practice safe software” results in nuisance attacks like porn storms (unstoppable rapid fire pornographic pop-ups) and more subtle keyloggers that steal passwords. Surveys promising free stuff, result in theft of information like your mother’s maiden name, high school, etc. used to answer common security questions leading to the theft of otherwise secure data. Think before you click!

#2 Social Networking Sites

Social networking sites like Facebook are exploding in popularity. Threats range from malware (eg. viruses, worms, spyware) to scammers trying to steal your identity, information and money. Many businesses and government agencies are using these sites to communicate with clients and constituents, so simply blocking access is no longer reasonable. Defending your company while allowing employee access requires social network education for your employees and the enforcement of strong acceptable use policies. We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network access.

#3 Attacks On Mobile Devices

Everyone is going mobile these days not just the “road warriors.” Once limited to laptop computers, mobile network devices now include PDAs, handheld computers and smart phones, with new appliances appearing in the stores every month. Mobile devices often contain sensitive data yet they are easily lost or stolen. Be sure to password protect and encrypt data on all mobile devices whenever possible. Include mobile devices in your acceptable use policy.

#4 Cloud Computing

“The Cloud,” in its most simple form, involves using the Internet to access and store your data. When you access email using a web browser, you are working in “the cloud.” Using the cloud for automated off site backup is rapidly gaining popularity and is just the beginning. Companies like Microsoft, IBM and Google envision the day when we will use inexpensive terminals instead of computers to run programs and access data located somewhere on the Internet. You need to be sure that any data you store and access across the Internet is secure not just where it is stored, but during the trip to and from the Internet.

Here is to a safe computing environment….

A Surprising Fact About Your Office Copier
Nearly every printer, copier and multi-function machine manufactured after 2002 contains a hard drive that stores the images of every document you’ve ever copied, faxed, or scanned. These document images stay on that machine’s hard drive forever and can quickly and easily be reproduced with a little know-how. Surprisingly, this little fact has not received any press – until now.

A CBS Undercover Investigation
In April of this year, a reporter went undercover to a New Jersey copier warehouse that had over 6,000 used copy machines in stock for resale. This investigation reveals a shocking fact – it’s incredibly easy for a person to retrieve and reproduce every single document ever scanned, copied, or faxed through the machines available for resale.
As part of the investigation, the CBS reporter pulled 4 random machines that were available for sale and purchased them for approximately $300 each. These machines were immediately loaded onto a truck and delivered within 2 hours to this reporter’s office. Using a free application available online, he was able to access the hard drive of each machine and reproduce the documents within 30 minutes. What he uncovered was unbelievable.

Disturbing Facts Revealed By The Investigation
They discovered that one of the machines was formerly owned by the City of Buffalo, New York, Sex Crimes Division. In no time at all they were able to access over 249,000 documents that passed through that machine, including lists of sex offenders and crime data. Another machine from the Buffalo PD Narcotics Division contained a list of drug raid targets. The third machine was from a construction company. It contained blueprints of buildings, over $40,000 in check copies, as well as pages of paystubs, names, and the social security numbers of employees.
But the fourth machine was the most disturbing. It was previously owned by a New York health insurance firm and contained over 300 pages of detailed medical records including drug prescriptions, blood tests, and even a cancer diagnosis – all which blatantly violate the new HIPAA laws.

Know What Your Responsibility Is
Before you trade in, resell or dispose of any office copier, scanner or multifunction machine you MUST make sure the hard drive is wiped clean of all information as you would any computer in your office. Failure to do so could result in damaging security breaches and identity theft for your company, staff, and customers. This goes DOUBLE if you use your office machines to scan, fax, or copy social security numbers, credit cards, or medical records of any kind.

As always, we are here to assist you with all things digital. If you are getting ready to dispose of or trade in a copier, scanner, fax, or multi-function machine, give us a call. We can make sure your data is forever erased and inaccessible to criminals looking for an easy hit.

When the PDF is opened In Adobe Reader with JavaScript enabled, a dialog box is displayed asking the user to “Specify a file to extract to”.

This could be somewhat confusing to users, and not really knowing what is happening, they may just click save (It appears as if they are just saving a PDF file after all). Adobe is considering a patch to change the behavior of the software. In the meantime, the company is suggesting that users configure its PDF Reader product to limit the damage from an attack.

Here are the instructions for mitigating a potential attack:

Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”

As a smart business owner you have locks on all of the entryways into your office, you have surveillance cameras or security alarms in place, and your network security is bulletproof (especially if you’re one of OUR clients). But another often overlooked security breach happens right on your own staff’s desks. If you get a lot of in-office traffic, this could be one of the largest risks in your security plan. Here are four things you should avoid to keep your confidential information out of prying eyes:

1. Writing passwords on sticky notes -This is probably one of the biggest offenses — passwords and key system information written on notes and stuck on computer monitors. Anyone in the office after hours can access confidential files, steal information, and use it to compromise an account. But if you just hate remembering all those passwords, then install the password management tool from roboform.com.
2. Storing credit card orders or contracts in paper folders – Not only does this expose you to having this information stolen, you could end up getting a lot of bad press if your customers’ credit cards get stolen thanks to a security breach in your office. The safest bet is to scan, encrypt and store such documents electronically, and then shred the originals. Companies like Iron Mountain will store them for you off-site, but scanning and storing them electronically is a much more cost-effective means for not only keeping them, but accessing them later on.
3. Leaving sensitive documents on the desk – Many times detailed client contracts with billing terms or other critical data are left out overnight. The information might be used for ill-gotten gains by cleaning staff or staff in the office. What an embarrassing situation this could cause! Make sure you lock your office at night or when you’re going to be away for any length of time.
4. Forgetting the printer – Most offices have printed documents sitting around all day and sometimes overnight before the owner picks them up. There are also sensitive documents that are forgotten and left to pile up. After your employees finish with printing jobs, they need to be mindful of any documents that were printed, even the ones that aren’t needed, and dispose of them appropriately.

Vist BSSI’s Computer Support website.