November 10th, 2009
According to the Internet Crime Complain Center, fraud involving online banking credentials of small businesses continues to increase. From this November 3 article, they write
“…the attack vector is a “spear phishing” e-mail which contains either an infected file or a link to an infectious Web site. The… recipient is … a person … who can initiate funds transfers on behalf of the business… Once the user opens the attachment, or navigates to the Web site, malware is installed on the user’s computer…, which harvests the user’s corporate online banking credentials. Shortly thereafter, the subject either creates another user account from the stolen credentials or directly initiates a funds transfer masquerading as a legitimate user.
More than ever, anyone doing any sort of online banking needs to be very certain of the security of their computer, network, and the server on the other end of the transaction. Sadly, my personal experience has shown that most people banking online don’t know the first thing about online security, or are concerned for the wrong reasons.
My recommendation is that if you must do online banking, have a computer dedicated to this task. (I usually lose people around here, but bear with me.) The problem is that today some malware can be so insidious that it can remain undetected for long periods of time. A solution is to take an old computer, put a light Linux distribution onto it, and use Firefox or another alternative web browser instead of Internet Explorer on Windows. Readers of my personal blog may think that I am starting to sway toward this becoming a rant, but my recommendation is purely pragmatic. Linux and alternative browsers pose a much smaller attack vector, and, without getting into a religious Windows vs. open source debate, as a result they are more secure.
Think carefully the next time you log on to your bank or credit union account online and ask yourself “If a hacker got access to this account and drained all of the funds available, what would I do?” Is mitigating this risk by recycling an old computer with some free software worth the additional protection that this would afford? My answer is “absolutely.”
Posted in Uncategorized | Comments Off
September 29th, 2009
In a previous post, I wrote how small businesses are being scammed by European cyber-hackers. In a related story, Computerworld reports how Pacto Construction Co. in Portland, ME is suing Ocean Bank of Delaware because the company lost hundreds of thousands of dollars due to allegedly weak security on the part of Ocean’s online banking system.
The main alleged weakness is the lack of two-factor authentication by Ocean Bank. While I am not sure that this places all of the blame in Ocean’s hands, and I think that Patco should be at least partially responsible for their losses if it is found that their own systems were compromised, a victory by the plaintiff in this case could set an interesting precedent to financial institutions who have not implemented strong authentication mechanisms in their online services. Banks and credit unions – take note! However, a victory by the defendant will likely send a very different signal, more to the tune of “If you bank online, you take your chances.” Small businesses and individuals – take note!
This week’s Data Security Podcast also has an excellent interview with the attorney who filed the suit on behalf of Patco.
Posted in Accounting & Bookkeeping, Business, Internet, Personal Finance, Policies, Security | Comments Off
September 23rd, 2009
This week’s Data Security Podcast had two items that really piqued my interest. The first was an article about an Ohio hospital which suffered data loss due to a malware infection. The malware was sent by the boyfriend of a hospital worker. Apparently he intended to follow his girlfriend’s movements on the Internet on her home PC. What he did not count on was her opening her email at work, and subsequently infecting a hospital computer. Quoting the PC World article,
“Between March 19 and March 28 the spyware sent more than 1,000 screen captures … via e-mail. They included details of medical procedures, diagnostic notes and other confidential information relating to 62 hospital patients. He was also able to obtain e-mail and financial records of four other hospital employees as well…”
This incident goes a long way to show that the biggest threat can often come from inside. Yes, while the boyfriend was the root cause, had the hospital employee not been allowed to access her personal email from work, her system would not have been infected in the first place.
In a separate news article, Panda Security reports that a hacker site is offering to crack Facebook accounts for the low low price of $100. Setting aside the question of whether the site is a “legitimate” hacking site (who’s to say they won’t just take your $100 and walk away?), I found it interesting that a Facebook account is now worth 3 times the street price of a social security or bank account number, which my sources say are going for $20-35 a piece.
Posted in Email, Internet, Policies, Security, System Administration | Comments Off
September 18th, 2009
The Astaro Security Gateway is a product we have been using for a few years with various clients as a UTM (Unified Threat Management) device. It offers a number of features that they require, including network security, email security, and web surfing security. Read the rest of this entry »
Posted in Email, Hardware, Internet, Security, System Administration | Comments Off
September 11th, 2009
Too often, we come across clients whose systems are out-dated. A general rule of thumb that we try to follow is replacing desktop systems every 3 years, servers every 5 years. These are general rules, and they don’t always apply. Here are some reasons you may need a hardware replacement now.
- Read the rest of this entry »
Posted in Business, Hardware | Comments Off
September 2nd, 2009
Readers of my personal blog or listeners to the Fresh Ubuntu Podcast will know that I have long been a proponent of Linux as an alternative to Windows, and now, more than ever, this should be a reality at your organization. What’s changed? Last year, Ubuntu, the leading desktop Linux distribution today, addded a package called Likewise-Open, from Likewise Software, Inc., to their software repositories. This means that, with just a few clicks, it is possible to make a Linux desktop computer log in to your existing Windows Active Directory system, without having to make separate user accounts for it. Read the rest of this entry »
Posted in Desktop Software, Open Source, System Administration | Comments Off
August 28th, 2009
This week, the Washingon Post reported a fascinating story on how “organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States.” They appear to be targeting small businesses for the simple reason that they are easier nuts to crack than large financial institutions. Read the rest of this entry »
Posted in Accounting & Bookkeeping, Business, Internet, Personal Finance, Security | Comments Off
August 26th, 2009
This article broke yesterday, in which an alleged whistleblower claims that FairPoint falsified the tests that showed its readiness to take over Verizon’s New England landlines.
“The account from an alleged FairPoint Communications insider may explain why telecommunications regulators in northern New England were surprised when FairPoint customers complained so vigorously after the firm took over phone lines from Verizon early this year.”
There’s some other interesting filler in this post, but it concludes with this:
After studying the pile of complaints from FairPoint customers, earlier this month the Vermont Public Service Board asked FairPoint to “show cause” why its license to do business in the state shouldn’t be revoked.
The only question that has to be raised is, ifwhen FairPoint is evicted from this state, who will take over?
Posted in Business, Telecommunications, Telephony | Comments Off
August 21st, 2009
This week, at a client’s request, I am reviewing their entire telecommunications spending. I decided to look at four different vendors to compare their offerings. The first one I looked at was AT&T, to see if they had a comparable long distance package. Read the rest of this entry »
Posted in Accounting & Bookkeeping, Business, Internet, Telephony | 1 Comment »
August 14th, 2009
I recently started the process of converting my personal finances from Quicken to Moneydance. I have been using Quicken for at least ten years, not because I like the program, it’s just that it’s “what I’ve always used.” I decided it was time to apply some of my own consulting practices and take a look at my personal finance management situation as if I was a client, and ask myself “is this the best solution for my problem?” The answer was a resounding “no.”
Read the rest of this entry »
Posted in Accounting & Bookkeeping, Desktop Software, Personal Finance | Comments Off