Wednesday, September 28, 2011

Prevent Identity Theft and Your Company's Reputation by Filling in the Holes Before They are Found

by Matthew Frank - Inside Sales Representative at MAC Source Communications

I'm no Internet security expert and I don't claim to be one.  I can't hack a website, break into a bank account or send someone a malicious code through e-mail that will let me take over someone's computer.  But, I have "acquired" people's passwords before.  It's fairly simple.

I discovered a while back that it's not that hard to do it in online games.  I found out that people used their game account password for the trading room password.  I would try out the password on their account and see if I could log into it (it would knock them off the game).  About 1 in 20 worked.  I got into people's accounts and took their items.  I must of repeated this at least a dozen times in a period of 3 months.  Then I got bored and stopped playing.  That was it.  That was my extent of "acquiring" someone's password.

Unfortunately in this day and age, people tend to go much deeper than online games (and guessing people's passwords).  Examples like Wikileaks, AT&T, and Citibank all come to mind.  These global companies, these multi-billion dollar companies are being hacked and information much more important than a sword or ring from a game are being taken.  People's identities are being stolen.  There livelihoods are being destroyed and someone is making off with a lot of money.

So, what do you do?  Do you restrict your employees from going to any websites that could potentially be harmful?  Do you block all outside communication on your network?  How about telling employees that they cannot even sign onto a website such as linkedin.com which is made for the workplace.  Many companies require their employees to make passwords with letters, #'s, and symbols.  I will tell you from personal experience, that the human brain can only remember so many combinations.  I have had to reset my password for my direct deposit at least 8 times in a month in a half before finding one I could actually remember.

Yes, I will agree that by locking down websites, blocking people having outside communication on the network, and making employees choose there password by using so many different types of characters that their head explodes is a great way to protect everyone, but it keeps down employee moral, and unhappy employees are less productive.  In fact, it's been proven that employees that are given more freedom at work, are happier, more productive, and their caliber of work is much higher.

What should be done is find the right solution.  Get a Next Generation Firewall (NGFW) from a company like Palo Alto Networks.  It allows you to monitor what your employees are doing, how long they are on a website or application for and tweak the security protocols.  In fact, you can actually give someone access to Facebook without them playing games.  Let the marketing have access to posts and responses from customers and clients, but block the games.  Don't want outside people using your network?  Great!  Block them, or limit what they use.  Isn't technology great?  Only a few years ago you could either block or unblock Facebook.  It was Black or White.  Now there are a number of shades of Gray.

There are companies, like TAG Solutions, that will do something called "Social Engineering".  Basically, TAG will try to get into your company and find human error.  They may pretend to be an employee, or some worker (mailman, repair man, delivery person, etc...).  Then they go in and try to get sensitive information.  This shows vulnerability in the company they infiltrate.  They will find the holes in a company's security.

They will do security and awareness training, vulnerability management, risk management, penetration tests, and much more.  TAG will find the security loopholes in your company (because every company has security holes), and make suggestions to fix them.  If you wan't, they will even go so far as to actually patch up the holes rather than just suggesting remedies.

Both of these solutions will help companies prevent identity theft of their customers and employees, help protect against theft of passwords and valuable information, and in the long run, save companies money.  Because, in the end, what costs more: patching up holes before they are found or fixing your company's reputation once you are infiltrated?  I would go with option one.

If you want more information on these solutions visit our website at www.macsoureinc.com or contact Liz Rizzo at erizzo@macsourceinc.com





Thursday, September 22, 2011


Cybercrime claims 1 million victims a day


By MSN Money partner on Thu, Sep 8, 2011 11:27 AM

In the US alone, more than 74 million people were victims of some form of cybercrime last year, leading to $32 billion in direct financial losses.

This post comes from Jeanine Skowronski at partner site MainStreet.

Americans have gotten all too familiar with cybercrime during the past year, following large-scale data breaches at Citibank, Sony and Epsilon, but the problem may still be worse than you think.

According to a report from antivirus software manufacturer Norton, global cybercrime has claimed 431 million adult victims in the past year, costing countries $114 billion in direct financial losses. That figure jumps to $388 billion when you factor in the value that victims place on the time they spent recouping the losses.

Last year, in the U.S. specifically, more than 74 million people were victims of some form of cybercrime, leading to $32 billion in direct financial losses.

After extrapolating survey results, Norton found that every second, 14 adults worldwide are victimized by online fraudsters, which is more than 1 million people every day.


Examples of cybercrime include emailed viruses and malware (still the most prevalent offense with 54% of respondents saying they have experienced this type of fraud), online scams (11%) and phising messages (10%), which attempt to obtain personal information through deceptive links in emails. The figures are based on surveys of 19,636 people in 24 countries.



Norton says those types of online scams have become more prevalent partially due to growing popularity of smartphones, which offer another digital platform for fraudsters to exploit.


The company cites in its report that, when looking at global estimates, cybercrime costs world governments more than the marijuana, cocaine and heroin black markets combined. Based on stats from the United Nations Office on Drugs and Crime, those illicit trades cost $141.1 billion, $85 billion and $61 billion, respectively, for a total of $288 billion.


We did some digging and found that cybercrime losses more than surpass some countries' entire GDP, such as Iceland ($11.82 billion), Malta ($10.41 billion) and Barbados ($6.23 billion). It also dwarves productivity losses due to insomnia ($63.2 billion), long-term care obligations ($33.6 billion) and March Madness ($1.8 billion), though having that money back would do little to solve the country's astronomical debt problem.


For link to original article click here


Want to protect your company from security breaches?  Contact Matthew Frank at mfrank@macsourceinc.com or Liz Rizzo at erizzo@macsourceinc.com for more information.


Visit us at www.macsourceinc.com


Thursday, September 1, 2011

How to Protect Your Business In the Age of Technology

by Matthew Frank - Inside Sales Rep at MAC Source Communications

If you have ever watched the movie "Catch Me If You Can" you know that it was fairly easy for Leonardo DiCaprio's character to become someone else and steal millions of dollars from companies.  He was able to print his own paychecks, make new ID's, and then when all is said and done, he was able to disappear.  This all took place in the 1960s, before personal computers, before cell phones, before social media.  And the guy was less than 19 years old.  Oh, the movie was based on true events.

Now, its 2011, and we have things like personal computers, iPads, Cellphones, and Social Media.  In fact, we have so much technology, that people are constantly exposed.  What does this mean?  It means that people are just as exposed, if not more exposed than in the 1960's.

To combat this, you have a few options.  You can lock down all your electronics.  Password protect and encrypt every device you have and even then that doesn't give you 100% protection.  You can never go on the Internet again (although, lets be realistic, I would be crying after about 2 hours), or you can be smart about your technology.

The first thing to do is to look at your business and say "Am I properly protected?"  Do you have all your security features in place?  Is the wifi at your company secure?  Is your firewall setup properly?  Do you monitor everything your employees do online to make sure there is no malicious software coming through and people are being productive?  What about guest access to your wireless network?  Do guests have the ability to go on your network without having the ability to get into the private information on there?  Think about these questions for 2 minutes.  Good, now here are two solutions.


Next Generation Firewall:

Most companies have firewalls that block everything coming through a specific port.  The problem with this, is that it blocks things that are both good and bad.  Who wants to block the good?  Facebook for instance, is a great tool to use for marketing, but most companies can only turn it on or off.  They can't choose what features they want on, or what they want blocked.

With the Next Generation Firewall from Palo Alto Networks, you can control what applications and content come through on your network.  That means, that you can allow Facebook, but limit it.  Block games, but give employees the ability to read their messages.  Stop them from posting pictures (especially if you have sensitive information in your company that cannot be leaked) but allow them to post status updates or update the company page.  What about monitoring what sites employees are on?  Don't have time right?  Well, this firewall is a great device, in that it can generate reports for you in a nice and clean format so that you can see what is coming through your firewall.  You can see who is viewing something, what they are viewing, and how long they are viewing it for.  It also gives you graphs and tables, because lets face it, to many words can turn anyone away.

Social Media:

The second way to protect your company is by understanding how people get information.  Facebook is a staple in most people's lives.  The problem is that most people keep it open for anyone to see, and lets be honest here, will friend anyone.  To understand how people get information off Facebook and use it for bad intentions, you need to understand how to do it yourself.  On Tuesday September 13th, 2011, join MAC Source Communications and Information Security Expert and Penetration Tester, Steve Stasiukonis, to learn "How to Rob a Bank With Facebook."  Steve will explain how white collar criminals leverage the use of common people, processes and technologies to infiltrate the internal workings of your network. He will share his real world experiences on how he and his company used these techniques to breach the networks of numerous banks and other financial institutions.  This is a Webinar, so you don't even need to leave your office.

For more information on both ways to protect your business visit www.macsourceinc.com

Also, you can contact me at 585-368-2101 or Elizabeth Rizzo at 518-694-3904 for more information.