Fulcrum Group May 2014 Newsletter
In This Issue
|
Mark Your Calendars - Where We'll Be This Month & Next If you're new to our newsletter and you'd like to subscribe, contact us right now! Moving into summertime, we're shaking up our usual events and meetings with some fun new locales. Last month, our Fort Worth IT Professionals Group took in a Rangers game - this month, we're heading over to the minor league! Be sure you're checking our Events page and keeping an eye out for updates on our social media pages for where we'll be this summer. If you haven't "liked" us on Facebook, or followed us on Twitter and LinkedIn, do so right now to get word of fun events, helpful tech tips and useful info for small businesses. In May/June, we hope to see you at the following events:
- Wednesday, May 21st, 6:00 p.m. - If you're an IT Professional in the Fort Worth area, join us for happy hour, then stay and cheer on the Fort Worth Cats with us at LaGrave Field just north of downtown Fort Worth! Join our Fort Worth IT Professionals group on LinkedIn and get the scoop.
- Wednesday, June 25th – Want to find out how your small business might be best served by social media? We'll be hosting a Small Biz Marketing 101 Lunch & Learn at the Fort Worth Club in downtown Fort Worth with great topics for small business owners, including how to get your feet wet in the social media pool. More details coming your way soon! Follow us on our social media channels to stay informed.
Top ↑
|
Evaluating Your Company's IT Security StrategyBy Steve Meek As a business owner and security practitioner, my brain is at odds at times on how to behave. The part of me that earned security certifications and attends regular security meetings as part of the FBI’s InfraGard program knows all kinds of information about security best practices and where security gaps exist. The business side of my brain wants to give remote access to important data to all members of our team, tries to embrace social media as a way to stay in touch with clients and business partners and wants to give all team members the freedom to do any task needed to provide great customer service. Herein lies the problem.Computer and Network Security - A Risk Management Concern Computer and network security is not a technical issue, it is a risk management concern. As a business owner I need to make sure I see security in the same light as driving revenue, expense control, inventory management or proper staffing. That means I sometimes have opposing concerns, such as more security usually means harder to use or slower performance. If I were to turn on all security features to the highest levels on your firewall, your email filter and your anti-virus/anti-spyware, you’d kick me out because everything runs so slow. While some people focus on which anti-virus or firewall is the best, I tend to believe that the system you have more experience custom configuring will make the most difference. Protect Users & Your Data With Layers of Complimentary Security Tools, Focusing On Lowest-Cost Tools & Processes First Remember, this is not just a "small business problem". There are extremely large organizations getting compromised, too. In addition to a firewall and anti-virus tools, they also have a litany of other tools to give them layered protection - or what some call 'defense in depth'. Since no single tool could protect you from everything, you want an appropriate number of complementary security tools to help protect your users and your data. While I would definitely recommend web filtering, smarter firewalls, intrusion prevention and the various other security tools. I say priority is getting yourself off "the wildebeest list". As you might remember from Mutual of Omaha’s Wild Kingdom, the wildebeest at the back of the herd is usually the one taken down first. I guess paraphrased, I don’t have to be more secure than the bear...I just have to be more secure than most, so the bear attacks them. Besides the basic firewall and anti-virus, there are low cost things you should do in attempts to work yourself into the middle of the herd. Any of the miscellaneous security reports talk about the thousands of vulnerabilities and how hackers are 24x7 crimeware operations. Some might be mafia run, or located in foreign countries to protect themselves with international laws. This shadow economy has become big business and multilayered. If one of these firms choose you as a specific target, they will almost certainly get in with what is called Advanced Persistent Threats, or continually probing and attacking to get the keys to the kingdom.For SMBs, our best focus is to make sure we consistently implement ALL the lowest costs tools and processes first. What are some of the things a small business can do? A small business can do simple things like: 1) Establish guidelines for how users should act on the network, sometimes called policies and procedures. You wouldn’t put in plumbing before designing the house. Policies act as the blueprints to try and help you determine what to protect and how to protect. 2) I usually recommend thorough configuration of the lowest cost solutions such as constant patching of your PCs, laptops and servers. Even your devices like firewalls, printers, switches and other have firmware updates that can add more protection against attackers. 3) Longer or more complex passwords cost nothing but can help prevent easier access. Modern thought is it is better to have a complex pass phrase, like “heyletmeintothenetwork” instead of (even an intricate) single word, “L3tm31n”. 4) There are other freebie procedures, such as file system permissions, not logging in as an Administrator for day-to-day work, using Windows Group Policy to enforce behaviors on users, browsers and so forth. 5) And don’t forget to update your applications, too. Your line of business applications might have issues but some attacks are based on the freeware foundations of Adobe Acrobat reader, Flash, Shockwave - even your browser might be insecure. These seem small but can reduce the ways attackers try and get an in. 6) End users should make owners or IT personnel aware of any needed cloud applications. I have seen vulnerabilities shown for DropBox, EverNote and a host of other cloud applications. While these applications can make your work life easier, they are also open to certain vulnerabilities, such as we saw recently with the Heartbleed Bug. Just let management know what you’d like to use and then determine potential risk. Just by speaking up, you could discover that using these apps makes sense for the whole company and your IT knows a way to stay protected and allow everyone to have access. 7) There is a saying that you are only as secure as your least secure connection. While I usually think of VPN users or business partners, a user could accidentally allow access by poorly configured wireless at home, picking up and using an unknown USB drive or bringing an infected/unprotected laptop into the office (behind the firewall). 8) The bottom line is all the tools in the world won’t protect you if users aren’t aware of good basic security habits. The most common way malware gets in these days is from email attachments or links within emails. Did you know that clicking a link can install software (read this as 'install malware')? HIPAA and other security compliance programs stress Security Awareness training for this very reason. No One Company Is Perfectly Secure - Secure Enough Is The Goal. In a networked world, there is no way to be completely secure. Security thinking dictates we attempt to reduce risk to an “acceptable level”. Your computers, network and phone system are all just business tools. When the Fulcrum Group consults with our clients, we attempt to determine business needs and workflows to understand underlying requirements. In the same way, business owners should think about computer security as a “risk management” exercise. No business has an unlimited budget or amount of hours to protect data and users. The starting point is to use enough security sense to ensure you're not the last wildebeest in the pack. Top ↑
|
Updates On The Latest Security News-Makers  Change your passwords! One of the primary building blocks in keeping yourself safe online, experts have recommended we do this on a regular basis for years. With last month’s revelation of the Heartbleed bug, it is more important than ever to get those passwords updated on websites (which have been patched for Heartbleed) that you’ve created login credentials for.More thorough information on what the Heartbleed bug is and how it came about is discussed on our blog, here and here. Only after a website has been updated for Heartbleed, is it best to update your password (changing your password before a site is updated could do you more harm than good). Also included within those links is a thorough list of popular websites to check– giving that list a quick once-over will likely jog your memory for places you ‘ve frequented.Now that we’re a month into the revelation of the bug, most or many websites have been updated.Over this past month, as I’ve gone about my daily online routine, I’ve used this handy tool to check statuses of each website I’ve created login credentials for. First and foremost to me are activities that are directly connected to my bank account. Even though most banks don’t utilize the system that was affected by Heartbleed, I figured now was good a time as any to give that password an update (as well as utilizing any extra layers of protection your bank offers, often referred to as multi-factor authentication – look in your account services menu for how to activate this additional layer of protection on your accounts).I also checked sites I’ve used for our other financials (retirement accounts), the kids’ lunch accounts for school, where I’ve downloaded tunes and apps. Don’t forget about other websites you’ve logged into over the past couple of years – personal cloud email accounts (such as Yahoo or Hotmail), social media sites, of course, like Facebook and Twitter…your health insurance and other medical portals. The list is long.Here are 5 great rules to keep in mind in this post-Heartbleed world. If you use applications that require Internet Explorer, you’ll want to read this and this since the recent exposure of the IE vulnerability that had everyone abuzz. If you would like to talk to one of our experts about how these latest security flaws might affect not only you, but your business as well, please don’t hesitate to reach out to us today. Top ↑
|
Spotlight On...Russell Maxwell Systems Engineer Russell Maxwellis likely one of the helpful voices you hear when you contact The Fulcrum Group Help Desk. Working both in-house and with clients, onsite, Russell finds great satisfaction in helping people. Minimizing any possible downtime for clients when inevitable technical issues arise is always priority.When he’s not brushing up on the latest networking and security best practices, you’re likely to find Russell at local – and international - music festivals and concerts. Known around the office as “Chopper” (pre-full beard) Russell is super-hardworking and consistently follows through for our clients, working diligently, until issues get resolved.We asked Russell one thing he’d like to share with clients…He responded, “I hope people realize how important it is to migrate from using Windows XP. Now that Windows XP is no longer supported by the manufacturer, this allows hackers to exploit security holes that will no longer be patched.” Always looking out for you – we like to keep that kind of guy around!Top ↑
|
Did You Know...? SPOT Check Network Assessment And Your Security Posture  We want you away from the back of the wildebeest pack! With The Fulcrum Group's SPOT Check Network Assessment, we can help you better understand your IT security posture. Contact us today for your free SPOT Check Network Assessment! Top ↑
|
|
