Details: http://tinyurl.com/3pbdq8y

A recent court ruling demonstrates that SMB’s can’t rely too heavily on their banks for protection against account fraud.  In this case, the small business used online banking primarily to make weekly payroll payments.  The cyber thieves used the ZeuS trojan to steal its online banking credentials, and then heisted over $500,000 in batches of fraudulent automated clearing house (ACH) transfers over a period of seven days.  While the business was able to recover about $230,000 of the stolen funds, they were out the rest of the money.

This is just one example of how small businesses are increasingly becoming targets of online fraud and need to ensure that they’re taking the computer and network security seriously.

As a small business, what are some steps you can take to help guard against this type of fraud?  Here are a few useful tips from security experts.

Step #1:

Probably the most important precaution a small business can take today is that of a “layered” approach to security.  This includes ensuring you have up-to-date security software on your computers along with having advanced network firewalls that offer built-in malware and intrusion prevention systems (Often called UTM firewalls – these are not the wireless routers/firewalls you find at typical big box retail stores).  Layering is crucial because viruses use multiple methods to discover and exploit weaknesses in your computers and network, and then replicate themselves.

Step #2:

Never accept incoming communications purporting to be from financial institutions you do business with, whether by email or phone call.

“Call them back using only the phone numbers published on your cards or statements,” Richard Wang, manager of SophosLabs US, said.

Step #3:

Use strong passwords and don’t reuse your bank password elsewhere.

“Remember that if you use the same password on multiple sites, then it’s only as secure as the weakest site,” Wang said.

Use two factor authentication if your bank offers it, such as confirmation numbers by text message to your phone, Wang said.

Step #4:

When logging in to perform online transactions, always enter the website address directly in your browser.  Never click links that claim to take you to banking sites.

Step #5:

Log in and review the transactions for all your bank accounts on a daily or semi-daily basis. The sooner you catch fraud, the better.

Step #6:

Keep all operating systems, software and security measures up to date. Manufacturers are constantly updating these programs to tackle the ever-changing realm of threats out there, and unless you’re staying on top of these updates, you could leave yourself vulnerable.

Don’t fall for it…

Microsoft offered up some advice, including:

• Be suspicious of unsolicited calls related to a security problem, even if they claim to represent a respected company.
• Never provide personal information, such as credit card or bank details, to an unsolicited caller.
• Do not go to a website, type anything into a computer, install software or follow any other instruction from someone who calls out of the blue.
• Take the caller’s information down and pass it to the authorities.
• Use a strong password and change it regularly.

See this link from Microsoft offering additional advice and how to avoid falling victim these types of scams.

Understand the need- Many companies are so busy in the here and now they fail to think about the “what ifs” that could be right around the corner. When the sun is shining brightly and everything is working in tip top form, it is easy to overlook the need for a business continuity plan. Unfortunately if you wait until you need a plan to devise a plan it will be too late. A business continuity plan will outline the steps your company will take immediately after a disaster takes place. This plan will determine how you will continue operations as well as recover and restore any data that was compromised. Without a plan of action for the minutes, hours and days immediately following a disaster, your business will likely not survive.

Work with your managed service provider- Managed service providers offer many services that are vital to your day-to-day operations. A good managed service provider will offer suggestions and advice on how to develop your BCP and what services they can provide in the event of a disaster. Getting your business up and running requires the resumption of communications, data, applications and hardware which is more than likely supported by your managed service provider.

Develop, test and update your BCP- Once you have identified your immediate needs during or after an emergency you can develop your BCP with information provided by your managed service provider. Writing a BCP is just the first step. Your entire staff must be prepared for a disaster and trained accordingly. Mandatory training and testing is needed to spot weaknesses in the plan. Once you feel your plan is effective and everyone is prepared for a disaster, don’t fall into a false sense of security. Your BCP should be routinely tested and updated to reflect your current operating systems.

Disaster recovery plans and business continuity plans are necessary if you want your business and company to make it through any number of natural or man made disasters. By working closely with your managed service provider you can rest assured that all your bases are covered when disaster strikes.

Content by Managed Services Provider University

• OpenDNS is the provider of the world’s leading Internet navigation and security services that make networks safer, faster, smarter and more reliable.
• OpenDNS Enterprise is a cloud-based service; there is no appliance to purchase or software to install on each machine.
• OpenDNS provides comprehensive security for your organization’s network through botnet and malware site protection.
• OpenDNS blocks known malicious or infected sites from resolving on your network. Since infected sites are prevented from resolving, malicious content is blocked from reaching your network. Fortune 100 companies have chosen OpenDNS Enterprise specifically for its Malware protection.
• In addition to blocking botnets and malware, OpenDNS also protects users from being phished. Phishing websites are sites that spoof well-known brands, in an attempt to gain your sensitive information.
• OpenDNS Enterprise provides more than 50 categories of Web content filtering. Categories include Adult, Social Networking, Proxies/Anonymizers, P2P/Filesharing and more.
• With OpenDNS Enterprise, you can gain insight into Internet activity and usage on your network — both at the DNS and content filtering levels. OpenDNS enables you to receive daily detailed reports by email on traffic, blocked sites, and categories of traffic that you can easily forward to colleagues or management.

Contact us today to learn more or to start protecting your network today!

There are so many gadgets and technology solutions out there that it can be easy to buy more than you need, or to buy the wrong types of products that just don’t deliver the solutions your business needs. When deciding what types of technologies can help your business reach its goals, here are a few things to look for:

Communications – technology is well known for its capability to improve the ability for people to communicate with one another. Whether you’ve got employees on the road or down the hall, virtual phone systems can route calls to cell phones and keep everyone in touch regardless of location. Instant messaging and email provide quick ways to communicate with the written word and keep documentation of these conversations for future reference. Social media and networking sites provide a way to keep in touch with co-workers, customers, and the competition at a glance.

Data Storage, Warehousing and Search – If you find employees are spending a lot of time looking for certain reports, forms or other data that they need to perform their job responsibilities, investing in network hardware and software to keep track of the whereabouts of your data can be useful.

Telecommuting – many small businesses also find that there isn’t a need for all employees to work in the same office building in order to get their work done. Having employees who telecommute requires the technology to make that happen (a secure network for employees to access data they require to do their job; improved communication systems to receive incoming phone calls at their homes or on their cell phones and the ability to keep in touch with co-workers in different locations). Having employees telecommute can save you from needing a larger office space, which keeps your overhead costs lower, too.

Customer Relationship Management – having some sort of CRM software to help you manage your database of clients and prospects is well worth the investment. Many businesses will tell you the “money is in the list”; meaning the amount of money a company earns is directly proportional to the number of people on their mailing list. Some companies use software like ACT, Goldmine or SalesForce to track their clients and leads. Others have custom-built software developed to handle unique needs that can’t be addressed with existing software.

Technology makes it possible for small business to increase productivity and compete with larger businesses on a smaller budget, thereby increasing profitability. Efficiency and organization is improved through the use of appropriate data storage, search and mining, customers are better managed through customer relationship management systems, and it is possible for money to be saved when employees telecommute from home. Before investing in any new technology, identify the unique needs of your business and determine which technology will best meet your needs.

Purchase Anti-virus Software

Every computer is vulnerable to the wide variety of viruses, trojans, and worms that are on the Internet. These malicious software programs can do anything from damage your computer and files to steal your password and other important information stored on your computer. Purchase a good anti-virus software program and make sure that it is always up to date. Also, check to see that your anti-virus software checks for spyware, adware, and any other type of malware that could be hiding on your computer.

Avoid Phishing Emails

It is important to discuss with your employees the importance of not opening spam email, attachments or forwards that could possibly contain viruses. Make sure that your email has a filtering system that helps to filter out spam and other malicious email. Responding to phishing emails can be another costly mistake. Phishing emails are disguised as legitimate emails that then request login and password information. Changing passwords monthly can help to lessen the damage should an employee accidentally respond to a phishing email.

Minimize Damage From Dishonest or Disgruntled Employees

It is often difficult to predict if one of your employees will become disgruntled or dishonest, but you can put some safeguards in place to help minimize the damage should you find that you have one. Thoroughly screen your employees before hiring them, especially if they will have access to any confidential or financial company information. Limiting the number of employees that have access to this confidential information and changing your company passwords often can help to prevent former employees from accessing company computers.

Secure Your Wireless Network

Make sure that your wireless router is encrypted, and that your business is using WPA2 wireless security. A firewall is another important key to protecting the security of your small business. A firewall will allow access only to authorized users while blocking unauthorized access to the computer.

Have An Internet Use Policy

Aside from the obvious lack of productivity that personal Internet use can cause for your business, it can often be too easy to click on websites that contain malicious software that could easily infect your company computer and shut your system down temporarily or even permanently.

Avoid Having Everything on One Computer

Purchasing computer equipment is costly, so many small businesses will try to get away with fewer computers in order to save money. If you have your financial information on the same computer that your employees are accessing their company emails, you could risk losing everything that is vital to running your business should an infected email slip through.

Have a Data Backup System

Be sure to have some type of data storage and backup system in place in the event that your current system goes down. Having all of your files readily available to you in case of an emergency can ensure that your business will retain customers and continue to run smoothly no matter what the disaster.

Minimize Damage From Stolen Equipment

It difficult to prevent break-ins or equipment from being stolen from your home or office building, but you can have some security by ensuring that all of the information on your computer is encrypted and password protected.

Trying to scrimp when it comes to your small business’s computer security can be a costly mistake. Arm yourself with the knowledge of what your business could be up against and take steps towards prevention. The investment will give your company the security necessary to keep your information secure.

Technically, the issue isn’t the unsecured Wi-Fi networks so much as it is with websites not utilizing SSL (HTTPS) encrypted pages.  And don’t be fooled by sites that simply use SSL for logins – unless the whole website is using SSL, it’s still possible for someone using  a tool such as Firesheep to take over your account once you’ve logged in.

While this issue and the techniques utilized to do this aren’t new, what’s truly frightening is the availability and ease of use of the Firesheep tool which enables anyone with little or no technical skill to perform these types of hacks.   This is a VERY big deal – and VERY DANGEROUS.

So, how do you protect yourself against such hijacks when using public hotspots?  Ideally, utilizing a VPN is your best bet as it will encrypt your entire network connection.  If you don’t have access to a VPN, try to only use sites that use HTTPS for their entire site.  Outside of that, I would recommend not using such sites at all until you’re using a network you trust.

I suspect that we’ll start to see a number of sites such as Hotmail, Facebook, etc. start to implement full HTTPS security across their entire sites in the future, but until then it’s best to exercise appropriate caution when utilizing unsecured Wi-Fi hotspots.

If you’d like a VPN for your small business, we’d be happy to assist you – it’s not nearly as expensive or complex as you may think – contact us today.

An email policy is a legal document that details your organization’s definition of acceptable use for the company email system. It should indicate who emails can be received from or sent to, as well as outline what constitutes appropriate content for work emails.

In additional, having a company email policy will:

Protect the Organization from Liabilities: When all employees read and sign an email policy, it proves they are aware and agree to the information contained in that policy. Should an email be sent that is not considered appropriate content according to the email policy, the employee, not the business, would bear the brunt of liability for any damages or suits brought as a result of their sending an inappropriate email.

Promote a Professional Environment: If email is used only in a professional manner in the workplace, you can be sure that embarrassing mistakes will not occur. For example, if staff are using work email to communicate with friends, the content in those emails are likely to be sloppy, unprofessional, and informal. If those emails accidentally get sent to clients or other professionals – the company image may become damaged. If an email policy does not allow for personal use of the work email system, your staff will remain in a professional mindset and eliminate the potential of personal emails going out to customers.

Increase Productivity: Email tends to be a distraction for employees who are using it for non-professional reasons. If an email policy prohibits the use of work email for personal use, your employees will stay on task more and avoid the distractions that come from sending and receiving personal emails during work hours.

Establish Systems for Email: If the email policy outlines appropriate content for an email sent during work hours over the company email system, it can also help establish systems to ensure all staff members are contributing to the brand or image of the company. Have each staff member use a template for email responses and set up signature lines that appear in all outgoing emails to further establish the company’s professionalism and image in the eyes of individuals who may receive email from your staff. Setting guidelines for content and use of email creates a single, comprehensive image of the company that helps keep the organization aligned with its mission.

An email policy is a document that provides your business with certain legal protections involving misuse of the email system by employees. Because it is a legal document, many businesses elect to have a lawyer draw up the email policy, or at the very least, review the policy before it is implemented within the organization. Having a lawyer review or prepare an email policy may seem like an unnecessary upfront cost, but has the potential to save you in legal fees in the future.

Just as a reminder, if you’re still running Windows XP – Service Pack 2 (SP2) expired on July 13^th, 2010 and is no longer supported.  You need to install SP3 or look into moving to Windows 7 to be running a supported version of Windows XP.  Support for SP3 will continue through April 2014.