The United States Computer Emergency Readiness Team (US-CERT) issued a recent advisory warning that cybercriminals will very likely attempt to use the Philippines Typhoon disaster as part of email scams and phishing campaigns.

Phishing attacks attempt to use high-profile events, including natural disasters in their subject line, to get victims to open an email and click on links contained in the message. The goal is to send victims to a web page designed to collect as much information as possible on victims, but increasingly phishing attacks attempt to get people to give up sensitive account credentials. They also can be directed to attack websites containing malware.

As the holiday shopping season begins, security firms say they typically monitor an increase in phishing activity. Here are 10 ways the US-CERT and solution providers said users can spot suspicious phishing messages.

Be wary of unsolicited messages, according to the US-CERT. Rather than clicking on links from banks, retailers and other online merchants, recipients should type in the web address directly into their browser, say security experts. Some messages are designed to appear to come from legitimate senders, but instead contain links to a phony web page masquerading as a legitimate website.

In April, a phishing campaign used the Boston Marathon bombing to lure people into viewing videos, photos and other content related to the incident, according to Symantec. The campaign used an automated toolkit to set up the attack, sending victims to a malicious web-page-hosting, data-stealing malware.

Phishing attacks targeting holiday shoppers will craft messages using trendy electronics and other popular must-have items. Phishing messages are spotted year round and increase significantly when new products are unveiled by Apple, Google, Microsoft, Samsung and other top technology vendors.

But phishing scams peak during the holiday gift-shopping period from Nov. 29 through Dec. 25. The US-CERT said to avoid offers that seem too good to be true. Don’t follow links in unsolicited messages. Visit the retailer site directly to verify the legitimacy of an offer, said McAfee.

Mobile threats have increased significantly in recent years due to rising smartphone adoption and an increase in transactions being conducted on the devices. Security vendor McAfee said this month that Black Friday shoppers that use Android devices could face text message phishing attacks. Phishers can create phony mobile apps posing as holiday bargain-hunter tools, the firm said.

Mobile malware FakeInstaller, which has been a long-standing Android problem, can trick users into thinking it is a legitimate mobile application. Ultimately, FakeInstaller can gain unrestricted access to smartphones and makes attackers money by sending text messages to premium rate numbers.

The easiest way to prevent the SMS scam is to avoid sideloading applications. Stick to official mobile apps from the Google Play store, McAfee said. Mobile antivirus apps also can spot and block FakeInstaller from running.

PayPal is a top spoofed site during the holidays, according to industry studies. The Anti-Phishing Working Group, a coalition of technology companies, law enforcement and government officials, found that online payment and money-transfer provider PayPal was the most targeted institution for phishing attacks. Eighteen percent of all phishing campaigns tracked by the group were directed against PayPal users in the first half of 2013.

PayPal offers its users an email identification tool from Iconix to verify the validity of email messages it sends to users. The company also sells a credit-card size security key that can be used to generate a random security code as an additional authentication measure when making PayPal transactions. This helps reduce the threat of an account hijacking as the result of giving up account credentials in a phishing attack.

Kaspersky Lab researcher Stefan Tanase urges users to make sure they are browsing through a secure connection when visiting a bank website, online retailer or social network. Another way to boost your security and avoid giving up information to cybercriminals is to check the SSL certificate of the website you log into, Tanase said.

Modern browsers, such as Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, also will verify the legitimacy of a website and display a lock and green color in the website address bar to provide validation that the site is using SSL and is legitimate. Clicking on the lock icon will provide additional information, including cookies and certificate information that show how it verified encryption and certificate validation.

Antivirus software that has the latest updates often will provide phishing protection by blocking known phishing sites. Solution providers told CRN that, often, small business owners and individuals fail to keep their antivirus updated regularly, missing critical updates to ongoing attack campaigns that spread quickly. A web security gateway, a next-generation firewall or unified threat management appliance also provide blocking capabilities by detecting and blocking connections to locations that have been identified as malicious.

A common phishing scam that targets user account credentials typically tricks users into giving up their login and password details by luring them into implementing a new “security feature.” The scam uses a major bank brand or merchant name. It is effective because out of the millions of spam messages sent out, a small percentage will be fooled into thinking they’re implementing a new security feature.

Security firm Sophos detected this kind of scam targeting the customers of an Italian prepaid debit card service. Recipients tricked into opening an HTML attachment were prompted for their password. It is then saved and a phishing web page is opened.The presence of the password prompt may actually strengthen the social engineering of the phish, Sophos said.

Another good practice according to Kaspersky Lab’s Tanase is to check the email headers to confirm the source of the email message. This isn’t always foolproof because addresses and source information can be easily spoofed.

Email headers can give the details of a sender. Google and other services provide email header analysis tools that can determine the legitimacy of a sender’s IP address. In addition to the IP address, the header will show the Mail Server used and the details of the sender’s service provider. Phishers can spoof the email headers, but usually telltale signs can provide clues as to whether a message is legitimate. When in doubt, throw it out.

Phishing can be combined with other scams, and the US-CERT recommends that learning to identify fake antivirus could help stop an ongoing attack. Rogue antivirus is difficult to terminate. It causes realistic security warnings that ultimately request credit-card and personal information claiming that it will identify threats and remove them from the system. One recent scam involved a follow-up phone call from an attacker call center requesting access to the infected machine.

The threat of being infected can be reduced significantly by actively maintaining and keeping your antivirus up to date, say security experts. The US-CERT recommends that users visit a vendor website directly when purchasing or renewing software subscriptions.

Messages using the USA Patriot Act have been a common scam in recent years, according to the US-CERT. The email messages have been seen in greater numbers, possibly as the result of the revelations over the National Security Agency surveillance activity. Emails frequently reported to law enforcement use a message purporting to be from the Federal Deposit Insurance Corporation (FDIC). The phony message says the victim’s bank account is no longer insured because of “suspected violations” of the Patriot Act. The phishing email then attempts to steal the victim’s identity by requesting verification through an online form.

Ransomware is a similar scam. Malware locks the user from accessing any other functions of the infected computer. The attack requests payment in the form of a fine to unlock the system. The latest Cryptolocker attacks are a good example of the problem.

CryptoLocker.  Sounds like an online puzzle or a psychological profiling test, but The CryptoLocker virus is a serious bit of malware.  It locks the files on an infected computer and holds them for ransom. Literally.  And while, it doesn’t cause your computer to self destruct, it will delete all the files it has locked up if you don’t pay the ransom.  This may be the most destructive piece of malware of the year, and you should be worried.  The best defense against CryptoLocker is to educate yourself and your employees on how to minimize malware infections.

Here are five tips you can share with your employees about how to keep systems free from malware.

1. Don’t turn off or stop your anti-virus scanner
Anti-virus scanners are installed by companies and IT departments (and home users) the world over in an effort to keep systems free from viruses and malware. Because there are always new pieces of malware being developed and released, the companies that run the antivirus scanners are consistently updating the database that the scanner refers to when scanning a computer.

These databases come to the end user in form of updates and are downloaded and installed by the anti-virus scanner.  But if the scanner has been disabled or turned off completely, the updates are not received by the scanner and it will be unable to detect the newest viruses and malware.  So, keeping your virus-scanner on, but also up-to-date, is essential to keeping your system safe.

If the reason you’ve turned off your scanner is that it runs during business hours and that slows down your system, you can change the time it scans to during lunch, or after business hours, or before work.

2. Be ware of what you download

One of the more common ways malicious software makes it onto computers is through downloaded files. For instance, that toolbar that everyone’s raving about on your favorite social media site?  Or the file that must be downloaded in order to watch a movie online?  They may actually be teeming with viruses and by downloading the toolbar or the movie file, you may have also downloaded a virus.

So, only download files from websites that you know are secure and offer legitimate files. And, before you download anything ask yourself, “Do I really need this, and will I really use it?” If you are unsure, check with a colleague, or reach out to your IT partner.

3. Study email and attachments closely
Another common way malicious software and viruses are spread is through email attachments. Even if the email looks legitimate, you should take a moment and consider whether or not the attachment is something you should download.  Sometimes an email account has been compromised and a hacker is sending emails to users with the virus attached, or the host system has been infected and the virus is essentially sending itself.

Before you open ANY attachment, take a moment and think carefully about the email and the attachment.  Read the email itself carefully and ask yourself a few questions.  Do you know the sender?  Does it makes sense that there’s an attachment?  Did I ask the sender for information?  Look at the name of the attached file.  If it ends in .exe or .dmg, or .zip this is a program and likely a virus, and should not be opened.  If you’re unsure, start a new email to the sender and ask them to verify that they’ve sent the message.  Or better yet, call the sender!

4. Avoid using unknown thumb drives 
Thumb drives are be incredibly useful but, viruses can actually be spread by them.  If you do use these drives, many virus scanners can check them. So, when you plug in a drive, before you open any files or the drive itself, right click on it and you should see an option to scan the drive with your virus scanner. If not, you can likely do this from the virus scanner itself. This could take time, but it will help keep your systems secure.

5. Ask yourself whether you really need to have an administrator account for Windows
On many systems, when you set up a new user, you can set an account to be the administrator of that system. Administrators automatically have the ability to install programs, change settings and even create new accounts. If you don’t need to change your computer’s settings, or install programs then you likely don’t need to have an administrator account.

This could be a great way to minimize virus infections simply because these viruses need to first be installed. If you can’t install programs or even download them, then your chances of being infected are lower.

Want to learn more about how you can protect your computers? Contact us today as we may have the perfect solution that will not only keep your systems secure, but also free from any malicious software.

Contact our support team by email at support@virtualdensity.com or on our website or call us 203.987.4566!

Cybercriminals pushing rogue antivirus software now have a better chance of infecting systems with malware, following detection of their use of stolen digital certificates.

ThreatTrack Security researchers found that the Winwebsec malware family, which pushes rogue antivirus sofware, has been using stolen digital certificates, said Dodi Glenn, director of security intelligence at Clearwater, Fla.-based ThreatTrack Security.

ThreatTrack released its findings Wednesday, reporting that the certificates were stolen from Source Medical Solutions, a maker of medical management, billing and clinical software for specialty hospitals; Ohanae, a cloud management software maker; and FirsTech, a payment processing provider in Illinois.

Stolen certificates enable attackers to make malware look legitimate on a victim’s PC and can dupe antivirus detection engines. They also can increase the threat level of malware because they give the malicious code root authority, making it appear as legitimate software on a system. Two of the certificates have been revoked, but Glenn said two other recently detected certificates remain active and have been submitted to VeriSign for revocation.

“The interesting thing is that people don’t treat these like golden keys to the kingdom, and they should,” Glenn told CRN. “They should be walled off and locked down from anyone on the outside.”

It’s very likely that the certificates were swept up in a broad attack carried out by cybercriminals attempting to steal FTP credentials and other data, Glenn said. Once stolen, the certificates are sold in hacking forums, sometimes to the highest bidder.

Stolen software code signing certificates increasingly are being used by attackers. In its latest threat report, McAfee said signed malware, which poses as approved legitimate software, continues to set records, increasing by 50 percent in the second quarter of 2013.

Stolen certificates were used by the cybercriminals responsible for the Bit9 data breach in February. The attackers used the stolen certificates to target several other Bit9 customers before the breach was detected and the certificates were revoked. Last year, Microsoft revoked code signing certificates used in the Flame attacks, a targeted nation-state surveillance campaign.

As a best practice, software publishers should be using strong security controls to protect the keys used for code signing certificates that verify the validity of their applications, Glenn said. Access to the private keys should be minimized and storage of the keys protected with encryption, he said.

According to Microsoft’s latest Security Intelligence Report, Winwebsec malware family infections were the most-encountered malware infections in the beginning of 2013. Detection of the malware has decreased since 2012, Microsoft said.

Winwebsec uses prevalent antivirus brand names to make it appear to the user that it is legitimate software. Names seen by Microsoft include Antivirus Security Pro, AVASoft Professional Antivirus, Smart Fortress 2012 and Win 8 Security System. The attackers behind the rogue antivirus software also are believed to be responsible for the Mac Defender rogue security software program detected on Apple Mac OS X systems in 2011, Microsoft said.

“These different distributions of the Trojan use various installation methods, with file names and system modifications that can differ from one variant to the next,” Microsoft said in its report.

By Robert Westervelt & CRN – Published Oct. 30, 2013

Here’s another example of an spam email designed to take advantage of us busy people!  We use a VoIP phone system here and when someone leaves a voicemail, or sends a fax, we get an email alert with the message attached.  So, it’s not unusual to get an email like this one. But, there are a few items that mark *this* email as bogus.  There’s a screen shot of the email at the end of this post.

1) One or more of the email addresses is wrong.  And, why would it be sent to more than one email address anyway?
2) The attachment is a .zip file.  Zip files should ALWAYS make you think!  Always verify with the sender before you open a zip file!

Remember – you are your own best defense against viruses and malware.  It’s important to take a moment and really look at attachments and links before clicking.  An extra few seconds of careful study can save you untold hours of heartache and stress!  If you’re unsure about an email, ask us!  support@virtualdensity.com

While email certainly has become one of the most essential communication tools for every business, it still isn’t perfect. One of the more common shortfalls is that it isn’t the most secure of systems. In order to make it more secure, companies need to employ scanners and filters that search for malicious content, spam, etc. The problem is, these can be expensive. One solution might be managed email security.

What are managed email security services?
Think of this type of service as outsourcing. There is little doubt that companies need to secure their email, but many small to medium businesses lack the staff and expertise to actually do this. One way to secure your email is to simply outsource it to your IT partner.

An IT partner can work with you to establish and secure your email, by intercepting all email destined for your email addresses or domain. Many IT specialists employ advanced scanning software that looks for malicious software, images, or even content that contains keywords deemed unsafe. The software then filters out these emails and sends the safe ones to your email servers or inbox.

These services typically allow you to establish and manage filters and black or white lists. A blacklist is a list of words or email addresses you don’t want to receive emails from. Because the companies that run these services are usually security oriented, they can work with you to ensure that emails coming in, and going out of your organization are secure and free from malicious content.

Four reasons companies use them:

1. They operate in an industry with strict email regulations - Many industries, like healthcare, legal and financial sectors, have strict regulations regarding security of communication. Companies have little to no choice, and must meet security regulations or face heavy fines. A managed email security provider can help companies understand and meet these requirements.
2. They lack an in-house IT department - The vast majority of small to medium businesses have thinly stretched IT staff, if any at all, who don’t have the time to constantly monitor email security. By working with an IT partner, you can free up existing resources and allow your IT staff to focus on other areas of your business.
3. They can’t afford regular solutions - Small businesses run on razor-thin margins. Implementing a generic solution takes time and money, and that may not be in the budget. Because this is a managed service, you’ll likely pay a flat rate which is far more affordable than other solutions.
4. They need a reliable system - In order to operate at maximum efficiency, companies need to be sure that their email system is not only working but will not suffer from downtime related to malicious software or other content. Because these emails are filtered before they get delivered, companies will often see nearly 100% uptime of their email systems when they utilize an IT partner for email security.

Six signs of a good managed email security provider:

1. They offer both spam and malware or virus scanning.
2. They have a Service Level Agreement (SLA) with a guarantee stating how secure their systems are.
3. They offer scanning and security of both incoming and outgoing email.
4. The security system is tailored to meet your specific needs.
5. The system should be scalable to meet the growth of your company.
6. They should have experience with your industry to ensure your systems are secure and meet regulatory standards.

If you’re looking for a better email security system, contact us by email sales@virtualdensity.com, or call 203.987.4566. We may have a solution that will work for you.

Security is always a hot button issue. It seems like almost weekly there’s some announcement of a business being hacked or an organization’s information being leaked. Truth is this will probably always happen.  But, you can take steps to help prevent it happening to your company’s data.  Here are four tips on how you can keep data stored in the cloud safe.

1. Cloud encryption is key
You know the cloud isn’t, in fact, a vapor mass over the earth.  So, when you store files in the cloud, they are actually stored on a server somewhere. It’s a good idea to check with your provider what encryption they use on their servers. Encryption is the conversion of data and messages into a form that can’t be easily read by unintended parties. With most digital systems, encryption will make files unreadable without the proper key to essentially decode the information and turn it into something we can read.

Checking with the different services you use can go a long way in helping you decide what to store and where. For example Google doesn’t doesn’t currently encrypt files stored on Drive. The same goes for Evernote and the free version of Dropbox. There is rumor that these companies especially Google are working on establishing encryption for all files but this may not happen for a while. Most providers use some level of encryption but it may not be enough. Some providers offer 128-bit AES encryption.  Virtual Density’s DriveSync CloudDrive  uses 256-bit AES encrpytion (higher is better!)

2. Secure files before they go online
To add another level of security, you could encrypt or secure your files before they are uploaded to the cloud. Did you know that popular programs like Office and Adobe Acrobat allow users to encrypt documents with a password?

3. Ensure files are secure when being moved
One of the weakest links happens when information is being uploaded or synced from your computer to the cloud. Some solutions will send information unencrypted which means hackers could capture the information as it leaves or enters your network.  Make sure that the solutions you use encrypt data while it is being uploaded. Most services do but it would be worth it to check again.

4. Lock down your accounts
This can be a bit of a hassle but it will help keep your account and all of the important information/files stored on the cloud service secure. What do we mean by ‘lock down’? For the most part it means follow standard security protocol: Use a different password for every site and service, change passwords on a regular basis, don’t give passwords away and enable dual authentication if possible.

Services like Google Drive offer two-factor (dual) authentication. If you enable it, you will need to do another step before gaining access to your files. This usually means entering a code sent in a text message to your phone or answering a security question.

Of course, nothing is 100% secure but the more steps you take will definitely increase the security of your information. And if you’re looking for a cloud storage solution that offers the highest level of security, email us sales@virtualdensity.com or call us 203.987.4566 to see how we can help.

This week at Virtual Density we launched our Lunch and Learn series.  Today and Tuesday, the topic was ‘Self Defense for Small Business’ and one of the topics we talked about was scam emails.  No sooner did we finish up this afternoon and I returned to my desk to find this email in my spam filter.
~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~
If I were a Chase banking customer it might have caught me off guard, but since I’m not I wasn’t fooled.  But, what if I was?  How would I know it’s not from Chase?  When you get an email with a link embedded in it, place your mouse over the link and then look in the lower left hand corner of your screen.  Check to see what the URL (or web address) is.  If it doesn’t look right – it probably isn’t.

Not sure what I’m talking about?  Try it with this link here 

You should see http://www.virtualdensity.com/category/spam-alert/ in the lower left hand corner of your screen.  If you click on the “Click Here” (instead of just hovering) it will take you to that page.

Your best bet is to never follow a link that you’re not sure about,   If your bank did send you a message it’s accessible to you from their website, too.  Open a new browser window or tab and go to the bank’s website by typing in the web address.

Remember, you are your own best defense against viruses and malware!

Questions?  Comments?  Concerns?  Email me at jenn@virtualdensity.com or call me 203.987.4566 ext 102

Pause and think for a moment: When you finish work at the end of the day, do you turn your computer off or leave it on? What about at home? Ask 10 people what you should do and you can be sure you’ll get 10 different answers. Whether to leave a computer on all night is a common question we get too, and the answer is not as straightforward as one might think.

So, let’s take a look into whether you should shut your computer down at night or not. First, let’s  should do look at three myths that surround this topic.

Myth 1 – My computer is safe from power surges if I turn it off
If you live in an area that has an unstable power grid, or is prone to random blackouts, you may be worried about power surges. In truth, if one reaches your computer when it’s off, it will do almost exactly the same amount of damage as if it was on. Therefore, you should ensure that your computer is plugged into a surge protector, even if it’s switched off.

Myth 2 – Leaving a computer on will cause it to overheat
Both laptops and desktops have fans and heat sinks that are designed to cool a computer efficiently. If your computer has a working fan, leaving it on overnight will not cause it to overheat. On the other hand, if the fan isn’t working properly there is a high chance it could overheat.

Myth 3 – Turning a computer on and off, or leaving it on will cause parts to wear out quicker
In theory, this is actually true. When a computer runs, it gets hot – high end video cards can run as hot as 180 F – and when it is shut down, the parts cool quickly. Anyone with a basic understanding of science knows that many substances contract when cooled and expand when hot. Therefore turning your computer off and on will cause wear from expansion and contraction. .
Well, in truth, it really makes little difference. Think about other similar electronic devices like your monitor, TV or even phone. You no doubt turn these off and on all the time with no problem. Most computer components are designed for this too. In fact, many are designed to outlast the expected time you will use the computer. This means that the vast majority of people won’t notice a difference.

The truth behind these myths shows that there will be little outright harm to your computer if you turn it off, or leave it on. But the question about which is best to do still remains.

Reasons you should turn your computer off at night
There are four main reasons as to why you should turn your computer off at night:

1. Important security updates will be installed. Most operating systems can be configured to download security updates while the computer is on, but usually require a system restart to fully install or update. So, if you download updates, turn your system off at the end of the day and when you turn it on in the morning they’ll be installed.
2. It minimizes the chances of security breaches. When you turn your system off at night, it will be disconnected from the Internet. That means if there are any worms infecting other systems during the overnight, your computer won’t be infected (as long as it remains switched off). Viruses or trojans trying to send information and data out of the network from your computer will also not be able to do so.
3. It serves to refresh your computer. You may notice that if you leave your computer on for an extended period, it will start to get slower and slower, and more programs will crash. Restarting your computer serves to refresh it, making your programs run noticeably faster and with fewer errors. Turning your computer off at night is the same thing as a reboot.
4. You can save money. Did you know that the average electricity bill to run a computer 24/7 for a year can be from $100 to $300? Multiply this by the number of computers in your company, and that can add up to a fair chunk of change. If the computers were to be turned off for the night, you could see your electricity bills drop drastically.

Reasons you should leave your system on at night
There are three main reasons as to why you would want to leave your system on at night:

1. The computer can perform scheduled maintenance. Many programs like Antivirus, Windows updates and Defrag can be scheduled to run/scan when you aren’t using your system – which should be scheduled at night while you’re not working .
2. You work with network administrators. If you work with network administrators or an IT Partner who uses the time when you aren’t in the office to install updates, run scans and perform maintenance, you will likely be asked to leave your computers on at night.
3. Your computer acts as a server. If your computer is a server- say file host or Web server – it needs to be left on.  Or, if you use software to access your computer from home you will also need to leave your computer running, but not necessarily logged in.

So, which is better?
In truth, it really comes down to preference and how you work. Call us to see how we can help keep your systems running and secure.

Nowadays you can purchase just about everything online from groceries to books to office supplies to clothing.  And, of course, there are issues with security that pop up from time-to-time so we’ve put together five things to consider when shopping online.

1. Watch what you share
Many sites will ask for more information than they need to complete the order. When you make an online purchase you will be asked to provide some personal information other than just the necessary shipping and billing information.  You may be asked for information like your birthday or your household income or your ethnicity.

The reason some companies ask for additional information is often so they can get to know you better, and provide more relatable and targeted product recommendations. But some less reputable sites may ask you for this information and later sell it to a third party. When purchasing online, you should be aware of what information that is required – usually indicated by an asterisk – and what isn’t and consider sharing only the information that is absolutely necessary.

Beyond that, if you are planning to link a digital wallet to your mobile phone, you should be careful with whom who you share or lend your phone. These services are set to take off in a big way, and there have been instances of people with digital wallets being duped by strangers asking to borrow their phones in order to find their wallet. It’s a good idea to restrict wallet access and not store any valuable information on your phone’s hard drive. Instead, store it on a password protected cloud storage site.

2. Watch how you connect
People are using their phones, tablets and laptops for online shopping in an ever increasing number. This is largely because the devices are convenient and portable so you can shop from wherever you are.  Sure, it’s cool to be able to buy your groceries on Amazon from the coffee shop at lunch, but if you connect via public Wi-Fi, your information is likely wide open – and anyone with the right tools can access it.

Be careful when you shop. Don’t enter any valuable or important information like passwords and credit card numbers while connected to public Wi-Fi. If your mobile device has a data plan, switch to that instead. Or, wait until you are connected to a secure network.

3. Verify all sites
If you’re shopping online, verify that the site is legitimate. The easiest way to do this is to take a look at your browser’s URL bar, and more specifically the website’s address. You are looking for it to start with, https://. What this indicates is that the website has been authenticated as being legitimate. Most websites like Amazon, Google, Apple, Facebook, etc. all have https protocols.

If you’re not sure, try entering https:// before the Web address and hitting Enter. You should also take note of this when you are checking-out, because if it isn’t there the site may be sending unsecure information and if that information is your credit card number …well, that’s just bad.

If you are shopping from a new website, you should take time to look through the extra information like the About Us and Contact pages. Take note of the address and company names, then search for the company on say Wikipedia or Google, taking care to see if the address is the same. Another trick is to search the various social media services like Facebook and Twitter for accounts related to the website.

4. Don’t pay with your bank account 
Most bank issued debit cards now have a MasterCard or VISA logo on them making it even easier to use everywhere from the grocery store to the gas pumps and online, too.  But, beware of using your bank issued debit card online.  The problem is that these cards are directly linked to your bank account and if the debit card number has been compromised your bank account could be cleared out!  It can be incredibly tough to get your money back if that happens.

Many people who shop online use a credit card. The main reason for this is because most banks and card issuers offer online shopping protection, which makes it easier to get money back should anything untoward happen. The best solution could be to sign up for a credit card that is only used for online purchases, and even linked to a separate bank account. This could minimize your losses should something happen. A debit card for an account that has a limited amount of funds in it at any one time can also be a way to protect your main money pot.

5. Don’t link accounts
For convenience, many online retailers like Amazon, Apple, etc. offer to store your credit card number. We recommended that you don’t.  If you get hacked, and the hacker finds that you have an Amazon account with the same username and password, they may go on a shopping spree, which could cost you time and money and little of your sanity.

Take precautions while shopping online; it could lessen the risk of having your identity or money stolen.  If you are looking for more information on how to be safe online, or how to ensure that your company’s online store is secure, please contact us today.

Security is important to everyone both at home and at work.  But you may not know how or think it’s too expensive for you or your organization to do effectively.  The reality is that security can be as costly or as affordable as you make it out to be. There are lots of security related steps you can implement that won’t cost a fortune.

Here are five low-cost things you can do to secure your business.

1. Communication is key
Many companies already take adequate steps to ensure that their computers and networks are adequately protected from outside attacks; but many security breaches come from within the company. If your employees keep passwords written on pieces of paper that they leave lying around their desks or taped to their monitors, this is a security issue.

If you implement security changes or new systems e.g., new virus scanning software, it is important that you talk to your staff to ensure they know how the system works and how they can use it. You may be surprised at how effective communication can help to minimize security issues, and best of all? It’s free!

2. Educate your staff
One of the more common security issues comes from spam and malware found in emails. It is a good idea to educate your staff on how to spot these different types of emails and other malicious websites, as well as how to avoid them.  Jennifer Morandi regularly posts about spam and malware and complete with examples pulled from her own inbox.

Ensure that your employees know their roles when it comes to physical security, too.  If you have a staff member who’s responsible for ensuring the office is locked at the end of the night, talk to her to be sure that she understands her responsibilities. The same goes for computers your staff use.  If antivirus scans aren’t scheduled to run automatically, speak to staff members and set a schedule so everyone is manually running scans.  Review the results of the scans regularly.

3. Keep track of your keys
To ensure the security of your IT systems and your physical office, you must control the keys.  Not just the physical keys but those associated with your software, too.  Software keys are the codes you enter to verify software and unlock full versions and many are single use only. If you invest in software and an employees steals the key, you may have to purchase the software again.  So keep the software keys in a secured, locked location and don’t make them public if they’re in an email.

Keep track of who has a key to the office and if possible number the keys. The goal here is to know where your keys are at any given time, and if a staff member changes employers make sure you ask for them back.  If you have an alarm system, keep a log of employees’ pass codes and regularly review who engages and disengages the alarm at your office or building.  You may discover that an employee is coming in before or after regular business hours.

4. Keep your software updated
Hackers can be a lazy bunch. They will often target those with out of date software, because it’s usually easier to hack. To reduce the chance of being hacked, you should take steps to ensure that your software is up-to-date. This includes your virus and malware scanners, as well as browsers and even software you don’t use.

Get your staff to perform a ‘software audit’ on their computers on a regular basis. This means going through their computer and properly uninstalling software that they don’t use, while also taking time to ensure their system is completely updated.

5. Automate your backup
Many businesses rely on a designated person to execute a backup of important data files and often they’re using old, outdated media for the backup.  For proper protection, you need a “business-class” provider with solutions designed to protect your critical data.

While proper data protection isn’t free, it’s essential to your business survival and we’ve got a solution for every business size and every budget.

If you are looking to make your systems more secure, please contact us today. We have a solution that will work for your business.