Users of Internet Explorer beware: security researchers have found a new flaw in the popular Microsoft browser that allow hackers to commit something called “cookiejacking”, which enables them to steal information and data from IE cookies from any website.

Despite a few flaws, Internet Explorer remains one of the most commonly used browsers in businesses today, making it a ripe target for hackers looking for security flaws to exploit.

One such flaw has been discovered recently by a security researcher in Italy. Dubbed “cookiejacking”, the flaw allows hackers to hijack a cookie of any website, thereby allowing them to gain access to passwords, credit card information, and various other data stored in the cookie. The flaw is found in any version of Internet Explorer in any version of Windows.

However, users must first drag and drop an item before the exploit can be activated. It might sound like a bit of a stretch, but hackers are known for their creativity, so expect that a seemingly appropriate situation will be presented in which you will find it perfectly normal to do a drag-and-drop action.

Microsoft responded to the threat by labeling it as “low risk”, citing the level of user interaction required for cookiejacking to occur. It did, however, encourage users to be more vigilant and alert, as well as to refrain from clicking suspicious links and visiting dubious websites.

Regardless of what platform or OS you use, there is always the constant threat from cyberattacks – all it takes is one attack to break through and put important business data at risk. It is essential to always educate users on how to avoid being victimized by scams and hacks, and to have the right security software to ensure that your company’s information is safe and secure.

If you are interested in user training for security and / or better security protocols, please give us a call and we’ll be happy to draw up a custom security blueprint that’s tailor-made to meet your needs.

With the security software of many businesses becoming more and more advanced these days, cyber-thieves are resorting to socially engineered cyber-attacks to bait unsuspecting employees with scams like phishing to infiltrate IT systems. This is why it is important to train your employees against becoming victims of such underhanded strategies.

One of the things many people fail to realize is that securing business data from malware and other sorts of cyber-attacks doesn’t stop with implementing the right security software. These days, cyber-criminals also use all sorts of tricks to bait unsuspecting employees into being catalysts for malware entering your system.

Reports cite that as much as 60 percent of cyber and malware attacks on businesses are done through social engineering – meaning that instead of a direct attack on your system, hackers are using ploys found on email and social networks to get people in your organization to unwittingly introduce malware into your IT infrastructure.

This is why it’s equally important to put emphasis on training your employees to recognize common cyber-attack strategies such as phishing, or how to use proper virus scanning software so any external or thumb drives they plug into their computers are malware-free. Remember, it only takes one mistake from a gullible employee to open the gates of your system to keyloggers and other sorts of malware and viruses.

Keeping your company’s IT system safe is an investment. Getting the right security protocols and then training your employees to not only use and respect these protocols but also be more aware about security risks goes a long way in keeping your data safe and your operations stable.

Security experts have recently discovered a new threat to Mac OS X systems. Called the ‘MacDefender’, this malware is designed to fool users into downloading a fake anti-virus program, which informs users that the system is ‘infected’, and then tries to dupe or bully them into buying another fake anti-virus program.

It is a widely held belief that one of the reasons Macs are superior to other systems is because of their ‘invulnerability’ to viruses, malware, and similar threats. All well and good, except for the fact that a recent rogue anti-virus malware that specifically attack Mac OS X systems has been discovered.

So much for the ‘Mac = no virus’ myth.

Called the ‘MacDefender’ and also known as Mac Security and Mac Protector, this malware tricks users by having them think that their system is under attack. It begins when users visit a malicious website where the program automatically downloads itself to the computer. If you have the “Open safe files after downloading” option selected, it automatically installs itself onto the system. The original installation package is then also automatically deleted.

Next, a new menu item appears on the Mac OS X menubar. You’ll see a small orange shield that becomes red, which supposedly means that there are viruses in your system. You’ll then be prompted to “register” – which involves giving out your credit card information – to a website to clean the virus. If you don’t, the malware will then direct your browser to porn sites to ‘encourage’ you to register and pay up.

To know more about how MacDefender works, check out this video.

While Macs are certainly targeted less than Windows systems, the threat of getting infected by viruses and malware is very real, especially if myths like Macs being impervious to viruses persist. To know more about protecting yourself from threats like these, please contact us so we can draw up a plan to keep your system safe and secure.

Google may soon find itself going head to head with services like PayPal as it debuts a new service called Google Wallet, which enables users to transform their smartphones into virtual credit cards. Simply swipe over a participating outlet’s cashier to pay for your bills and earn loyalty points and coupons at the same time.

Smartphone technology has grown by leaps and bounds these past few years, and having a smartphone these days is almost synonymous to being online all the time. Software giant Google has decided to tap into this phenomenon with a new service called “Google Wallet”, which enables users to make purchases and payments from their smartphones.

Partnering with Mastercard, Macy’s, Subway, American Eagle, Citibank, and Sprint, Google assures users that their e-wallet service is safe. The service requires that smartphones have a special chip that allows the user to simply “tap” or “swipe” the phone at participating stores to pay for merchandise or services. When you swipe your smartphone’s e-wallet, you also earn coupons and points for rewards.

The technology is also designed so that the user can turn the chip off when Google Wallet is not being used, making it safe from hackers. If the smartphone is lost, the data can also be wiped remotely.

A similar system to Google Wallet has been operational in some countries including Japan for some time now, but its use is limited to only certain areas and stores there.

While the concept of Google Wallet has great potential, there are still several limitations to the system as Google continues to look for more partners for the enterprise before its official launch, which is slated for within a month or two.

It’s important these days to protect your data and personal information as more and more people become victims of identity theft. Don’t let yourself become the next victim. All it takes is following some simple steps to ensure a safer and more secure online experience.

Security experts are seeing a rise in the incidence of cyber-crime these days as more and more people use the web for their day-to-day needs. No one is spared – both businesses and private individuals have become victims of opportunistic cyber-criminals who take advantage of loopholes in security systems and a lack of foresight and alertness on the part of users.

One common cyber-crime is identity theft, in which hackers steal and assume the identity and personal information of someone else. Under the guise of the usually unknowing victim, these unscrupulous individuals commit fraud or other crimes.

While there is no 100% guaranteed way to be safe from identity theft when online, there are a number of steps you can take to protect your identity and your data.

1. Have the right security software. One of the keys to keeping your identity and data secure is having the proper security software in place to protect your system. Also make sure to update the software regularly.
2. Know the modus operandi. It’s also important to be aware of the different scams and techniques hackers use, such as phishing, which involves duping the user into clicking a legitimate-looking (but fake) link that has the victim enter personal information or download a file that introduces malware into the system. The rule of thumb is that if an email is unsolicited, there is a high probability of it being a scam or phishing email.
3. Be stingy with your personal information. Be sure to only fill out personal information on sites that are legitimate and that you trust, and even then, only if you absolutely need to. Check and double check things like the URL or the company’s tag line to know if a site is what it says it is and whether it is secure. Phishing sites also look legit – but a careful look should be enough to tip you off that something’s amiss.
4. Create unique passwords. The more complicated your passwords are, the harder they are to guess or hack. So don’t pick generic passwords like “password” or “12345″ or things like your birthday or wedding anniversary. The best passwords are alphanumeric – a combination of both letters and numbers.
5. Secure wireless networks. It’s important to allow only the right people to have access to your wireless networks. Besides saving bandwidth, this also prevents leechers and hackers from using your connection to tap into your system or use it for unscrupulous activities.

To know more about keeping your identity and data secure, please give us a call and we’ll be happy to discuss a custom security solution that meets your specific needs.

Data loss disasters come in many forms, ranging from simple human errors to “acts of God” that cannot be controlled. However, you can control how you prepare for such occurrences – and the steps may be easier than you think.

What would happen to your business if you had a major data loss? The possibility is definitely there; this can’t be denied. Data loss disasters come in many forms, ranging from simple human errors to “acts of God” that cannot be controlled. However, you can control how you prepare for them.

Here are eight questions you can ask yourself to test your disaster preparedness.

1. First: Do we back up our data?

It’s amazing how many small businesses do not have a backup system in place. It’s so easy to assume disaster won’t strike you. But data loss doesn’t always come from huge, cinema-worthy disasters. They can result from simple everyday errors – yet have huge disastrous results. Don’t let this be you.

2. Do we back up all of our account information?

Many small businesses tend to keep their accounts data on one employee’s PC, instead of the network which is on their backup schedule. But what if you lose your customer database? Be sure it’s included in the files to be backed up.

3. Do we back up our email files?

Ever wish you had that one email from a few months back, in which a customer gave you the “go ahead” – but now they’re refusing to pay for your work? These days, email is increasingly used as legal evidence of agreements or notices to proceed. If they’re included in your backup, you can easily pull up even deleted emails – received or sent.

4. Is our Calendar and Contact information backed up?

What if you came to work one morning and your online calendar and address book was gone? What appointments and communications would you miss, and at what cost? Most of the time, by default your Outlook Contact and Calendar files are stored on the individual PCs. Make sure these files are included in your backup set.

5. Do we back up folders and files from each computer?

In addition to important information that is stored in shared networks, think about the files that each of your employees create and use on their own hard drives. Spreadsheets, letters, memos, databases – wouldn’t it be a shame to lose all that work?

6. Are we always saving our files to an area that will be backed up?

Consider where each and every file your work on is being saved. Will it be included in your backups? Develop policies and educate your employees on where to save their work so it’s included in your backup schedule.

7. Do we back up data frequently enough?

This answer to this question is – how much work are you willing to risk? Say you complete an important contract on Tuesday morning, and an employee accidentally deletes it that afternoon. But you only run backups on Monday, Wednesday, and Friday. Bye-bye contract! A more frequent backup schedule would have saved the day.

8. Do we know where our backups are and how to use them?

If you use USB drives, external hard drives, or backup tapes for your backups, are you storing them offsite in a safe place? Even if your files are backed up to the cloud, do you know how to recover them in case of an emergency? Knowing your backup system and keeping it safe will ensure you can get back to business quickly and efficiently.

Even if you already have a backup system in place, take a few moments to think about your specific business. If the unthinkable happened, exactly what data would you need to get back up and running? What could you not operate without? Once you identify these things, simply make sure they are included in your backup.

Need help? We’re experts in guiding small businesses in setting up a backup system that meets their unique needs. Give us a call today to discuss the options available to keep your business data safe and sound.

Calculating the ROI of a Technology Investment, The ROI Series—Part 4: Cost savings are usually important to small businesses even in the best of times. New technology solutions may be necessary for survival and growth, however—and they may not be as expensive as you think when you consider their return on investment (ROI). In this four-part series, we’ll explain what ROI is, help you understand indirect ROI, and provide guidelines for predicting and measuring the ROI of a technology investment.

Part 4: Measuring ROI

If you’ve been following this series, you’ve already learned what ROI is and how you can use it to make sure your technology implementations are profitable. But the process doesn’t stop there: it’s important, once you’ve implemented a new technology solution, to track its benefits.

There are many direct and indirect benefits of implementing new technology, as we’ve described—but in most cases, companies don’t know what they are.

In many cases, what you measure is clear. Consider a service company that implements customer service software designed to help phone representatives more quickly resolve customer issues. To determine ROI, the company simply measures the number of calls per employee before and after implementing the software.

In other cases, companies don’t measure what we call the relevant “value drivers.” Some companies don’t know what to measure; others know what to measure but don’t know how to do it. The end result: only 17 percent of CFOs measure ROI for outsourcing projects, according to Hewitt Associates.

As an example of how this could happen, consider a manufacturing company that implements software designed to reduce errors in a product line, thereby improving quality. While the company may be tracking the increase in quality (in the form of fewer returned goods, for example), it may not be considering other value drivers. How about waste? We can assume that quality has improved, fewer products have been scrapped—but the company doesn’t have a business process in place that can track costs incurred from waste.

How do you identify value drivers? Follow the workflow. IT will always impact your business processes in some way. For example, it might eliminate, create, or change a business process. So to identify value drivers, look at the results you hope to achieve from these business process changes.

As an example, consider the service company we referenced previously. As a result of its new customer service software, the company might reduce its customer service employees from five to four. This change in business process shows that one value driver is the reduction in labor costs due to increased efficiency, resulting in a direct ROI. Another value driver might be improved customer service, resulting in an indirect ROI.

As another example, consider a company that implements software to track employee performance against objectives. In the past, it has paid bonuses randomly; now it has a methodology. This change in business process shows that one value driver is the savings in bonuses not paid due to non-performance, resulting in a direct ROI. Another value driver might be improved employee morale and effort, resulting in an indirect ROI.

Generally, a year of data collection should be sufficient to determine the changes in costs and revenues that will drive both direct and indirect ROI, providing you with solid data to determine just how effective your IT investment has been.

An alarming trend in cyber-crime is becoming more and more prevalent these days – the increased number of SMBs targeted by hackers and cyber-thieves. Security experts point toward the weaker security protocols many such companies have, making them much easier targets for cyber-attacks.

There is a misconception among many SMBs that they are small targets for would-be cyber-attacks. “We’re too small a company to be of any worth” is the mindset of many. However, there is an ongoing trend in which smaller companies actually find themselves victims of the most elaborate and vicious cyber-attacks.

Why? Security experts are discovering that SMBs tend to have less or inferior security protocols in place to counter cyber-attacks. While this was of little consequence in the past, cyber criminals are now starting to take notice of the fact, and are exploiting it to their advantage. And it’s profitable too – an attack on one SMB might not amount to as much as a larger organization, but given the greater ease through which hackers can attack smaller businesses, they more than make up for the difference in the volume of companies they target. According to several news reports, these cyber-thieves can make off with as much as $70 million.

The more unfortunate fact is that smaller companies are less able to counteract the effects of losses from cyber-attacks. This is why you should stay one step ahead of cyber-thieves by updating your security systems. Short term or long term, it’s a practical solution to keep information and data safe, and your operations stable. Give us a call today – we can help.

These days, be it for personal or business reasons, people must be online as much as possible. Unfortunately, hackers also realize this, and an emerging trend is to exploit public networks to gain access to the personal and sensitive information of the people connected to it. But as long as you have the proper protocols in place, you can connect without fear of hacking or intrusion into your system.

These days, Wi-Fi is everywhere. Airports, coffee shops, train and bus stations, malls – almost every public place you can think offers Wi-Fi connectivity. Being connected to the internet has evolved from luxury to necessity, and whether it’s for personal or business reasons people are online as much as possible.

This is all well and good, except when you consider that hackers have started to extend their playing field to public Wi-Fi networks. With the volume of sensitive information such as passwords and financial transactions, it’s inevitable that crooks and fraudsters move to public networks where there is more potential to illegally farm large chunks of information.

Two things are important about this emerging trend. First, it’s the very nature of public networks that makes them vulnerable to attack. Second, hacking has become much easier these days, with very simple hacking programs such as Firesheep easily downloadable from the web.

However, the solution is simple as well: have the proper security protocols on your smartphone or laptop. It’s unfortunate that many people neglect to recognize the importance of such policies, and only have minimal security (if any at all) to guard against attacks. But as long as you have the proper protocols in place, you can stay connected – even through public Wi-Fi – without fear of hacking or any sort of intrusion into your system.

If you want to know more about keeping your portable devices safe from attacks, please feel free to contact us. We’ll be glad to explain the issue in more detail and draw up a solution customized to fit your needs.

So your data is stored in the cloud. That’s a good thing, right? Absolutely – if you’ve done your due diligence and fully understand the service of your provider. Asking the right questions and taking a few precautions will go a long way in ensuring that you can recover your critical data quickly should data loss occur.

A few weeks ago, Amazon suffered several days of outage in its EC2 and RDS service, bringing down dozens if not hundreds of services along with it—including such high-profile sites as Reddit, Heroku, Foursquare, Quora, and many others. Although the cause of that outage has been analyzed extensively in many forums, the discussion is interesting and relevant because it brings attention to the lesson that wherever or whomever you entrust your data to—be it in the “cloud” or to a big company like Amazon—it pays to be smart about how you manage your data, especially if it’s critical to your business.

Understand your options. When someone else is managing your data, it’s easy to leave the details to them. However, making sure that you at least have some understanding of what your options are in what different service providers can offer you will pay dividends later if something goes wrong, since you’ll be better equipped to make an informed decision on the spot. Things you should look at include:

• Who is the service provider? What is their history? Who is behind them? What is their track record?
• Where do they store your data? Do they own the servers where your data is stored or do they rely on someone else?
• Is your data stored within the local area (i.e., a drive away) or is it distributed all over the map?
• Do they provide a mirror of your data within your own server, or is everything in their data centers?
• What measures do they employ to make sure your data is safe?
• What methods do they employ to ensure you can get to your data when you need it?
• Do they provide service level assurances or guarantees to back up their claims?

These are just some of the basic questions you should be asking of your service provider.

Do a test drive. Often you will not know exactly how a service works until the rubber hits the road, so to speak. Ask your service provider for a demo or a trial period. Test how fast it is to back up your data, but more importantly how fast you can bring it back when you need it. This is especially important if you’re talking about gigabytes of data. Understand that doing backups in the cloud can be hampered by your bandwidth and many other components of your system and theirs.

Don’t put all your eggs in one basket. Some service providers give users the option of storing data in multiple sites, to ensure that your data is safe if one site goes down. But why rely on just one service provider when you can get the services of multiple providers instead? Or perhaps better yet, why not manage some of your data on your own? While it may be complex and costly to reproduce what many service providers can provide today, it is relatively easy to set up a simple system to keep at least some of your really, really important data locally by using an unused computer or a relatively cheap, network-attached storage device or secondary/removable drive that you can buy at your local store.

Create a plan and write it down. Unforeseen occurrences can and will happen—not only from your side but from your service provider’s as well. When they do happen, you will need to have a contingency plan ready, often referred to as a Business Continuity Plan. Make sure to document your plan in writing, and communicate it to everyone in your organization so they will know what to do in case disaster strikes.

With its promise of unprecedented efficiency, reliability, scalability, and cost savings, cloud computing and storing your data in the cloud is the topic du jour these days. However, it’s sometimes easy to overlook the basic due diligence that’s necessary regardless of how or where your data is stored. Ultimately, it is your business on the line—and being prudent and proactive about how your data is stored, managed, and (most importantly) recovered in times of need will save you much grief when you actually need it.