Top 10 Security Tips For Your Small Business Part 3 »

4. Scan for Adware at least once per month

Using a program that specifically scans for adware can be a great tool to have for any business. Programs such as Ad-Aware and Spybot-Search and Destroy can search for any registry changes that may be caused by adware or spyware. These programs may be able to find additional adware and spyware that do not show up in your Anti-Virus program. The best part is, both of these programs are absolutely free.

3. Watch for “Click Here for $$$” advertisements on web pages.

If you see an ad that tells you it’s going to give you a ton of money, stay far, far away! About the only prize you can receive from one of these ads is a slow PC full of adware. Not cool!

2. Don’t leave company email open on a public internet kiosk

This may seem like a simple idea, but just the fact that we are a species of habit could make this a major security risk for your business. If you are travelling and need to check your email at a public PC, please make sure to close out of your email when you are finished. Some kiosks will automatically log you off after a certain amount of time, but within that time limit, all of your email is fair game for anyone close by.

1. Don’t make your password “password”

Last, but certainly not least is the rule that you should NEVER make your password “password” or something similar to a default password. I definitely agree that passwords can be the most annoying things in the world to have to remember, but they are very important to keeping your data safe. Taping them to the front of your monitor or hiding them under the keyboard may help you to remember what they are, but isn’t much of a data theft deterrent. Here is a nice write-up that Anthony did about passwords. Check it out.

So with a little common sense and a few pieces of software, you can keep your business and your data more secure!

Click here to see part 1 and here to see part 2.

Hackers Infiltrate Power Grid »

Well, at least they were white-hat hackers. BetaNews reported that an anonymous power company hired Internet Security hacker Ira Winkler to attempt to hack into and take over a power grid. The results were somewhat disturbing.

Ira and his team hacked the power grid in a matter of hours by using browser exploits and old-fashioned social engineering.

In order to get the power company employees to reveal sensitive access details, the hackers sent employees a fictitious email explaining that the power company was planning to cut their benefits. The email contained a link to an exploited website where employees could get “more information” – which they naturally did. After clicking the link, they were hacked.

Thereafter, the hackers had all necessary access to do whatever they wanted, including the self-destruction of power generators. According to Winkler, many of these software exploits were successful because the companies had not applied software upgrades and patches because doing so would result in system downtime.

So, should companies schedule downtime on their own schedule or wait until they are hacked and let the bad guys schedule the downtime for them? Hmm… According to Winkler, he stopped the hack within a few hours because it was painfully obvious that it was completely successful.

In June of 1998, Wired published an article called Hacking the Power Grid and here is an excerpt:

With deregulation, there is an increasing interest in energy futures trades at the commodities exchange on Wall Street. [IBM senior consultant Nick] Simicich said hackers might use social engineering techniques to obtain passwords to computers with access to the networks containing sensitive information from these sources.

It looks like little has changed… Social Engineering works because there is no patch for human stupidity.

Disable Internet Explorer Autocomplete »

Internet Explorer 6 and 7 both have a function built-in called Autocomplete. By default IE will scan what you are typing and pop up a list of similar entries you have entered recently. It stores entries you have made into websites such as usernames and passwords, form information (name, address, phone number, etc.), as well as websites recently visited. While this can help speed up your web surfing, it can also potentially compromise your privacy if multiple people use your log-in account on your PC. This can be a very scary prospect for some, but it can easily be disabled. Here’s how:

1. Double click the Internet Explorer icon on your desktop

2. Click Tools -> Click Internet Options

3. Click the Content tab

4. In the Autocomplete section -> Click Settings

5. You will see a box similar to this:

6. Uncheck any box that you see fit.

7. Almost Done! Even though you have disabled autocomplete, the information is still stored on your PC. Whether in IE6 or IE7 follow the instructions at the bottom of the autocomplete box to delete the information.

8. All Done! You can feel a little safer now!

Microsoft Windows Patch Tuesday »

Yesterday was “Patch Tuesday”, Microsoft’s monthly patch program for Windows Operating System. This month, they released 2 patches, one of which is rated “critical”.

Critical by definition means that a bad-guy could access an unpatched computer and basically take it over for his own use – send out spam, steal passwords and other personal information.

This means that Microsoft has acknowledged the exploit and has published the fix to prevent hackers from using it. Most users will either patch their computer manually or already have their computer setup with Automatic Updates, so they will not be at risk. However, this exploit is now public knowledge and hackers will be on the lookout for computers that have not been protected against it. So, make sure that your Windows computer is patched.

Check Microsoft’s web site for the details:

• http://www.microsoft.com/malwareremove
• http://www.microsoft.com/security

Popular Blog Topics »

Most of our blog traffic comes from Google and other Search Engines but, oddly enough, the “Search” function on our blog gets quite a workout. So, I decided to post some of the most popular searches and maybe you will see something that grabs your attention.

For example, topics related to good passwords are always popular. Autocad is another hot topic for the blog. We also get tons of traffic from readers looking to secure a wireless network. Also, the series of posts I did on the TJ Maxx database hack and resulting loss of their customers credit card information has been wildly popular (my wife, who had her information stolen as a result of this event, still has not heard from TJ Maxx).

Identity theft and what to do if you think you may be a victim is another popular topic. I compiled a 4 part series of posts that tackled that issue.

One last example, a post we did on professional web design received a lot of traffic and even resulted in a few new web design clients .

Thanks to all our readers and “happy searching” .