Wednesday, June 30th, 2010
On July 13th of this year Windows Server 2000 will no longer be supported by Microsoft. Also on July 13th of this year Windows XP SP2 will no longer be supported. These operating systems are expiring and it is vital to any business to be ready for this. Please let Mobile IT Solutions or any other Microsoft Certified Partner know about your operating system situation.
Monday, June 21st, 2010
A lot of noise has been made in the media these days about network security, or the lack there of. Last year the FBI announced that revenues from cyber-crime, for the first time ever, exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping more than $1 trillion annually in illicit profits. (That’s more than Wal-Mart, General Motors and, Chevron combined).** Security professionals even go so far as to describe the virus/ antivirus race as a big game of whack a mole that the antivirus companies are destined to lose. With so many people who are supposed to know saying that the situation is hopeless, where does that leave today’s practices? Should we all just unplug our computer and go home? Even though an unplugged network is the only absolutely secure network, there are specific steps that you can take to limit your risk and increase your chances of success. Think about it, you can’t just stop driving a car because of the risk of having a wreck. There is a better way.
If a business wants to swim in today’s shark infested digital oceans, then they need to have three very important aspects of network security.
Firewall +Content Filter:
There is a level of security built into practically every gateway device that connects you to the internet. But every medical practice today should have a full blown firewall with a content filter. The difference between a default routing device that you get from your internet service provider and a true firewall is the difference between a bolt lock on your front door and a security guard sitting outside. Sure, a bolt lock offers a level of protection, but a security guard proactively watches every single person who tries to go in or come out. If he sees anything fishy he acts immediately. A firewall has a service called “stateful packet inspection” that serves as the security guard for your network. Adding a content filter that blocks users from accessing “bad” websites is like not allowing anyone in the house to talk to anyone on the phone who is a shady character. If you can’t go to where the viruses are it’s a lot harder to get a virus.
Internal Usage Policies:
If you lost your laptop at the airport how many of your patients’ would you have to contact and warn them that their patient records may have been compromised? What about your phone? Do you have sensitive information on your phone? The FBI estimated that 80% on all cases of identity theft were either an inside job or an inside mistake. I had a client that boasted to me about all the high level, high tech security systems and how they had done such a good job securing their very complicated network. I looked at him plainly and told him that I could hack his network in less than 15 minutes. He shot me a curious glance and said, “show me.” So I went to his website and clicked on the “locations” tab which proudly boasted all of their remote locations. I picked one and I called the number. In my nicest most professional IT voice I said, “ Hello, my name is Robert Smith. I am working with COMPANYX’s IT Director, Fred. (The name of any company’s IT Director is very easy information to obtain) He gave me the wrong remote access password. Can you give me your username and password? Thank you so much. Oh, and one more thing… what program does he normally use to connect in? Thank you so much for your time.“ And just like that I had remote access into his network. Do you have a key word or phrase that employees require before any sensitive access information is given? Can you ensure that the new intern you hired can’t easily browse your network and steal sensitive information that he/or she can sell to the highest bidder? Internal security is the most important, yet is often the most overlooked aspect of overall IT security.
Updates/ Antivirus system:
As important as operating system updates and antivirus programs are, they alone will not keep you safe. Without them you are almost guaranteed to be compromised but you must do more. In the past, viruses were more of a prank or malicious joke. IT Nerds with way too much time on their hands tried to get back at the cruel world that kept them alone and friendless by crashing everyone’s computers. Today, you have a much more sinister IT criminal. The viruses you see today, the truly bad ones are designed to run undetected. They don’t want to slow your computer down or crash your system. They want to run in the background and capture every key stroke so they can get your online banking password or to intercept a batch transmission of credit card processes. The adage, “If it’s not broken, don’t fix it.” Doesn’t apply here. You can’t treat network security like you treat you automobile’s maintenance. If you wait till you hear the clunking or see the smoke, it may be too late. A compromised network can truly be a costly experience. When it comes to security we are not rich enough to be cheap and reactive.
**http://www.fbi.gov/, www.cnnmoney.com
Joe W. Moon
Operations Manager
Mobile IT Solutions
Computer & Networking Services
