Are you connected to unknown networks?

February 9, 2011

Chances are you are not only connected to your business network but that you are also connected to another unknown or malicious networks with highly sophisticated cyber criminals. Let me explain…

You are aware of your local network. It consists of servers, printers, other systems and even devices like PDA’s. Then there are peer to peer file sharing networks or P2P networks. These are networks that consist of subscribers to services like Napster, Kazaa and Gnutella where users can share files like music, images and video. The threat with being associated with these networks is you are giving other anonomyous users access to your system and with little efforts they can access other files that consist of your financial information or office documents. This is a growing concern with business leaders that have users that use their corporate systems for these purposes.

Then there is the botnet. A Robot Network is where an agent (software program) is installed on your system and makes you part of a network. One of the most poplular and recent bots is the Conficker worm, said to have made its way onto over 7 million government, business and home systems. Most of these networks are run by cyber crime syndicates like the Russian Business Network, Shadow Crew and the Gray Pigeons.

Albert Gonzalez, one of the captains of Shadow Crew, was responsible for the largest security breachs including companies like 7-Eleven Inc., New England grocery store chain Hannaford, and payment card processor Heartland Payment Systems.

Have your systems checked and checked often to make sure you aren’t sharing information you would have rather not have. The other threat is these other networks use your system resources to spread spam and host images just to name a few.

Here is an interesting story about a company that was breached as a result of a user having a P2P application installed on one of its systems. Below is a video that YOU MUST WATCH that illustrates how your children can expose all kinds of information that is stored on your system.

Information Week Article


10 ways malicious software gets installed on your computer

February 4, 2011

If you take note all of these methods are self inflected. In other words most of the time you install the malware for the cyber criminals. Don’t be fooled… security isn’t a firewall, anti-virus or other security software solution. Security is a mindset combined with a holistic approach including protection, detection and a prompt response methods.

1. Email attachments

2. Portable media (i.e. usb drives, CD”s, external hard drives, etc.)

3. Visiting Malicious Web Sites

4. Downloading files from web sites

5. Participation in P2P File Sharing Services (Limewire, Napster, etc.)

6. Instant messaging

7, Social Networking sites

8. Social Engineering Attacks

9. Not following security guidelines and policies

10. Ignoring common sense


Cyber Bullying

February 3, 2011

Today there are new ways for bullies to harass and intimidate your children. Statistics show that 1 in 3 kids become victims so chances are someone who is reading this now has a child that is a being bullied and doesn’t even know it. It is a simple thing to ask your child if he or she is on the receiving (or giving) end of this hurtful type of abuse. Just last night I was speaking to my 12 year old son and simply asked if he had ever been bullied and he said… Nope. It was clear he wasn’t hiding anything and he wasn’t stressed about the question. On the other hand my 9 year old daughter has been a victim of this type of abuse and she was confident enough to come forward and let us know what was going on. We took action, spoke with the teacher and the problem has since gone away. If she had been too scared to come forward it is possible that it could have continued…

Take action. Start a dialog with your children about being bullied. It is a real issue with sometime drastic results that could be averted with a simple conversation.


5 steps to secure your data

February 1, 2011

There are five steps to creating a good security plan: assess, plan, execute, monitor and repeat.

  • Risks Assessment. Identify key digital assets and information that need to be protected, including hardware, software, documentation and data. Review the threats and risks. Make a prioritized list of items to protect.
  • Plan. Create a work plan for preventing, detecting and responding to security threats. Identify who will be responsible for implementing and monitoring the plan. Agree a timetable for implementation.
  • Execute. Communicate with staff. Train where necessary. Remediate until all know threats are mitigated.
  • Monitor. Continue to monitor for new threats and followed with prompt remediation. Build a mindset that security is a discipline and build this mindset into your culture. Software tools alone can’t secure your data. Continue to educate end users and those that have access to the data. Update and modify the plan as changes occur in personnel, hardware or software.
  • Repeat. Plan for a complete review periodically. Consider assessing quarterly but not longer than a time from of six to twelve months after you complete the first plan or when your business goes through significant changes.

Commit to the program and don’t wait until an incident disrupts your business. It isn’t the breach that will really cost you it is the tarnished image that businesses get following the breach is the most costly. Statistics show that customers, typically the high profile ones, will abandon a company or system if they feel uncomfortable with the security of it.

Here is a great example.


Mobile security issues due to surpass computers

January 27, 2011

Yesterday the SANS News-bites reported that according to the Cisco 2010 Annual Security Report, cyber criminals appear to be shifting their focus from Windows machines to mobile devices. Users are falling prey to social engineering scams through social networking (i.e. Facebook, Twitter, etc.), email and phone calls. Social Engineering is best described as tricking the user to respond typically by clicking a link, downloading an attachment or in this case even accepting a phone call.

Other important notes in this report is that there has been a decrease in spam and the focus for cyber criminals is shifting to Apple based products. Spam decreased due to the large number of “take downs”. Apple is under attack because of the large increase in product sales primarily focused on the Ipad.  To my point that I have made about why the perception that Apple has a more secure product… it is security by obscurity but as Apple surges in market share the hackers are taking note. For the same reason criminals hold up banks… it is where the money is.

Here is a link for the rest of the story. Also below is a news report involving the recent breach involving AT&T and the Apple Ipad.

Cybercrime migrating to mobile and Apple, Cisco report


Are your employees Facebook addicts?

January 25, 2011

If you have over 500 friends, continue to change your profile picture over and over again, check your profile 2-3 times per hour and you update your status while your driving then you have a problem. This is becoming a major issue for employers and we have had some of our clients go as far as firing employees for their online social media abuse. Facebook isn’t the only culprit it just seems to be the biggest one.

What can we do to prevent this from killing productivity?

There are filters that can be added to control your the content that your users can access. This will not only increase productivity but it will increase the security of your information as many malicious infections are installed on your systems when your users are excepting a virtual drink from their Facebook friends. In addition to filtering your web traffic you could talk to your employees and let them know about the dangers to your data and to their job!

Maybe passing this video around your office might make your users aware of how silly their addiction is and encourage them to stop wasting company time.


Team Sklar is seeking support for Shamrock Marathon

January 24, 2011

Ever wanted to do something extraordinary!? Well this is your chance! About two years ago just like Forest Gump I decided to start running and haven’t stopped yet. If you own a business or know a business owner that might be interested in supporting Team Sklar and our cause “Kicking Cancer’s Butt!” please contact me. 804-730-2628 / randy@sklartech.com

We are currently training for the Virginia Beach Shamrock half marathon and we will be running to kick cancer’s butt again!

We need all the help we can get!

Here is a list of past/current sponsors. We can’t thank them enough! I often joke that if I run out of room on the shirt I’ll run with a cape to fit the logo’s of all of our major sponsors on it!

– Computer Telephone Technologies
– Telecom Consulting Group
– Atwood Printing
– Actuarial Consulting Group
– Fun Bus
– Nettek
– CCS
– KISS
– CWD Kids
– Network People
– Cobb Technologies
– ADSS Global
– MTGroupe
– Computer Site Columbus
– Code Blue
and many more!

” He who wished to secure the good of others, has already secured his own.”


%d bloggers like this: