Archive for Tech Tips for Business Owners
The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.
FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam or “B.E.C.,” a scheme that targets businesses and has resulted in massive financial losses in Phoenix and other cities.
The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.
There are various versions of the scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments.
Tips for Businesses:
◾Be wary of e-mail-only wire transfer requests and requests involving urgency
◾Pick up the phone and verify legitimate business partners.
◾Be cautious of mimicked e-mail addresses
◾Practice multi-level authentication.
Article and images reposted from krebsonsecurity.com
Many poeple don’t think twice about their wireless router after setting it up. And it might be tempting to rush through the set-up process. Here’s why you should pay close attention while setting up your router, and afterwards.
Heard of ASUSTeK? Among other things, they sell ASUS-branded wireless routers for home use. Some of their routers come with features — called AiCloud and AiDisk — that allow people to attach a hard drive to their routers and create their own “cloud” storage. According to the FTC’s complaint, ASUS routers had major security flaws that allowed hackers to harm consumers in several ways, including getting access to sensitive personal information — like tax documents — that people stored through these “cloud” services.
If you have an ASUS router, take these steps right away:
- Download the latest security updates for your router. According to the FTC, the ASUS router update tool often indicated that software was current when it wasn’t, putting people’s home networks at risk. Moving forward, ASUS is required to provide accurate information about software updates. So check the router’s software update tool and the ASUS support site again for the newest security updates.
- Check if access to your network storage is limited. Make sure access to AiCloud and AiDisk is limited to what you want. The FTC took issue with the default option during AiDisk’s set-up, which gave anyone on the Internet access to your storage. For more privacy, choose “limited” or “admin rights” access instead of “limitless.”
- Change pre-set passwords. According to the FTC, ASUS pre-set weak default passwords on every router. So create new passwords that are strong and unique for both your router and any “cloud” services — something only you know. This can help prevent hackers from getting easy access to your network.
If you need professional advice or assistance in securing your business networks, contact CS2K today.
Microsoft will be pulling the plug on Internet Explorer 8,9 and 10 next week. The company has announced a final patch which will deliver the last few bug fixes to Internet Explorer on January 12th 2016, as well as an “End of Life” notification telling users to upgrade to IE11 or Microsoft Edge. This should be no surprise since March 2015 IE has been deprecated, mostly sticking around for the sake of enterprise compatibility.
If you are still using Internet Explorer 8, 9 or 10 for your business applications contact CS2K to discuss your options including migrating your application or switching to a modern browser.
Source – Microsoft KB
In Windows 7 if a specific update or driver caused problems on your computer, you had the option to open the list of Windows Updates, Right click on the problematic update, then select Hide Update. This would prevent that update from installing on the computer in future.
Unfortunately for now, Windows 10 does not have this capability. Instead you must download a separate Tool that will scan for updates then provide the option to block, hide or uninstall them.
You can find the tool at the MS Support KB Article KB3073930
Microsoft continues to warn that scammers are calling Windows users and duping them into putting malware on their machines or paying for worthless help.
More than a year after the U.S. Federal Trade Commission (FTC) heralded a major crackdown on fraudsters posing as Microsoft technical support personnel, consumers continue to receive calls from scammers. Since 2011 Microsoft has been tracking this con and reports that 22% of people called by phony support technicians fall for their scam.
The scammers try to trick users into believing that their computer is infected — often by having them look at a Windows log that typically shows scores of harmless or low-level errors — then convince them to download software or let the “technician” remotely access the PC. The con artists charge for their “help” and often get people to pay for worthless software. In actuality, the software is malware that steals online account information and passwords.
If you have fallen victim to this scam, please do not hesitate to contact CS2K to discuss your best options.
You can learn more about this and some tips directly at Microsoft’s website – http://www.microsoft.com/security/online-privacy/msname.aspx or in the original Computer World Reports
Keeping patient records secure and private is the concern of every hospital and health care provider, but they are often overwhelmed with years and years of patient information and the lack of adequate storage space. Destroying these health records in order to make room for more storage is often not an option. Patients want access to all of their health care records, and physicians need them in order to better diagnose patients. Online data storage is a way to satisfy all of these issues.
Using online data storage for these records allows easier access for patients, and offers easier sharing of patient information from hospital to physician, as well as from physician to physician. Storing health records online isn’t, however, without security concerns. Patients, hospitals, and physicians want assurance that these confidential records will remain safe, private, and secure, and will only be accessed by those authorized to do so.
What is HIPAA?
HIPAA or the Health Insurance Portability and Accountability Act of 1996 was created in order to protect health information and give patients certain rights regarding their private health information. It also allows for disclosure of health information necessary for patient care. This act specifies safeguards necessary for administrative, and physical and technical handling of patient health information.
According to the U.S. Department of Health and Human Services (HHS.gov) HIPAA has many requirements and restrictions. It requires safeguards for:
- Access Control
- Audit Controls
- Person or Entity Authentication
Access control is defined in the HIPAA Privacy Rule as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” It should allow authorized users to only access the minimum amount of information necessary to complete job functions. The Access Control specification also requires the implementation of an exclusive user identification or user ID, and immediate access in case of an emergency.
What Type of Security is Necessary?
When dealing with patient records in an office, maintaining privacy and security usually involves storing patient files in locked cabinets where the files can be physically secured and visibly monitored at all times. When you are storing patient information online, certain precautions must be met in order to maintain the same security and privacy guaranteed each patient.
While HIPAA permits patient records to be transmitted over the Internet, businesses will want a service that offers file encryption, authentication and password protection in order to secure the information. Although HIPAA does not require online data storage services to have encryption, it does require that patient information be adequately protected and accessible only to authorized persons. Encryption is the best way to protect that information and ensure authorized access to those records. It is also important to offer backup services in case of a virus attack, flood, or fire. Finally, the service must offer a method of tracking any security breach, as well as the ability to lock out former employees after they have left or been terminated.
When storing patient information, it is important to stay HIPAA compliant, as the fines for not doing so are expensive. While online data storage for health care businesses guarantee less worry, work, and expense for health care providers, the service is only as good as the security offered. Remaining HIPAA compliant is vital in order to continue a good business relationship with the health care industry.
Microsoft has reported that later today it will make available and emergency security update to fix the now famous zero day vulnerability found in all versions of Internet Explorer. This was expected but most unexpectedly, Microsoft will also be making the fix available to Windows XP which is no longer supported since April.
CS2K will test this update as soon as it is made available and will prepare a deployment plan over the weekend.
We maintain our computers similarly to how we maintain our own health – rarely do we take the time to learn about preventing health complications, and instead work to repair our health once we’ve become ill! We take care of our computers the same way, in that we rarely think about the safety or well-being of our data until something happens that leads to data loss or corruption. And when that does happen, how do you recover your lost computer files?
Have you ever taken a moment to imagine what would happen if you lost some or all of your computer files? Whether you only use your computer for personal reasons; or for school or work, file or data loss can be devastating! Think of all of those family photographs, music files or class assignments! Think of the report you spent weeks working on. Some files can be replaced with time and effort, while others (particularly your photos or home videos) cannot.
Numerous reports tell us that over a third of computer users don’t back up their files; and of those that actually do perform some data backup – 76% of people don’t do it often enough.
Most people tend to think computer files are lost only due to catastrophic events – like tornadoes and hurricanes. Don’t forget about slightly more common events, including fire, flood or computer viruses. A computer “disaster” does not necessarily have to be one from Mother Nature, either. Suppose you dropped your laptop down the stairs or spilled your coffee on the keyboard?
Losing personal files is devastating because of their sentimental value – while business owners who rely on content and files can consider the loss of data fatal to their business if they don’t have a data backup plan in place.
Create a Plan to Recover Your Lost Computer Files Before Disaster Strikes
Just like many human health issues can be prevented with proper diet and care, having a complete backup plan in place can prevent disaster from occurring to your precious data. Data backup isn’t as complicated or expensive as you might believe. It is far easier to back up your files to be able to restore them after something damages your computer, than it is to recover them after disaster strikes. Consider a data backup plan to be your computer’s insurance policy!
Picking Up The Pieces
If you’ve already experienced the loss of data and you hadn’t backed up your data and files, you’ll need to use data recovery services to recover as much of the lost information as possible. Data recovery makes it possible to save some of the data from damaged, corrupted or failed storage devices, but it’s expensive, and you may never recover 100% of the data you’ve lost.
Data Backup and Recovery Solution
Your best solution is to use a remote data backup system. This will backup and store your data files and information at regularly scheduled intervals to an online data store accessed via the web. Your backed-up information can then be restored to any computer if your computer’s hard disk fails, or if it has been attacked by a virus, or physically damaged. Some people back up their files to CDs or flash drives – and then keep these storage devices in the same location as the computer. If there is a natural disaster, chances are the computer and the backup copies will be ruined.
Remote data backup services exist for both personal computer users and businesses of all sizes. Prices range from very reasonable to very expensive – based on how much storage you require and other factors. Prevention is the best medicine – give yourself peace of mind with a data backup insurance policy for your computer files.
Click here to learn how Computer Solutions can help you prevent data loss and quickly recover your lost computer files with our Remote Data Storage Services for your business in Upland, CA and surrounding cities.
In a rare move that highlights the severity of a security hole in Internet Explorer, US Computer Emergency Readiness Team (CERT) says some IE users may want to “consider employing an alternate browser” till flaw is patched.
The zero-day exploit (a term given to a previously unknown, unpatched flaw) allows attackers to install malware on your computer without your permission. That malware could be used to gain control of your computer. The exploit is present in Internet Explorer 6 and above.