It looks like China is still denying any involement in the recent google hack. The exploit used was a zero day attack. On January 21, Microsoft announced that they actually had known about the flaw since last September and it was in “the queue” to be addressed. Microsoft released Security Bulletin MS 10-002
in resonse to the attack.
Read more at ZDNet.com.
Continuation of “Computer Security Tips for Small Businesses – Part 1”
5. Change Server administrator passwords once in a while, especially if an employee leaves who knew the password. User passwords should be a combination of letters, numbers and symbols. These are much harder to crack. Also, do not use the same password everywhere. Some administrators will use one password for their servers and also their online accounts.
6. Have an IT company check your system for common vulnerabilities. Software like SAINT is available to check for exploits in a network system.
7. When thinking of putting up a web server, if you are just putting up a non-confidential informational site, not tied to an internal database, it is always a good idea to have an external hosting company run it for you. This way if it is hacked, the hackers will not gain access to your internal network.
8. One less common thing is to use online searches like Google to check for confidential information that may have been placed on a social board regarding your company. Believe it or not, disgruntled employees have placed sensitive company information on blogs before.
This is just a quick list, but hopefully it will give you some ideas in planning the security of your network.
Daniel W. Dieterle
While large companies and government agencies move forward in the battle of cyber security, small businesses have similar, but unique hurdles when it comes to securing their systems. Many small businesses do not have full time IT support and rely on an outside vendor for computer services. If you are a small business owner or manager, you may have several questions on securing your business. Here are some quick tips for securing your business.
1. Make sure your workstations and server(s) are receiving windows security updates. If you do not have an IT staff and are not comfortable checking your server, have your support company check it and show you that it is receiving these important security patches.
2. Make sure that you have anti-virus/spyware programs running on all your servers and workstations and that they are getting regular updates. Check the status of your anti-virus program and check that the protection is set to “enabled” and that it has received updates recently. Some viruses will disable your anti-virus, or hinder the update process, so it is good to check on this once in a while. Also, you should run a full virus scan on your systems regularly. It might be a good idea to do this off hours or weekends, because it will take a while to complete.
3. Check your Wi-Fi and router security settings. Many times, Wi-Fi routers are accessible from outside your building so it is imperative that the security be set to the highest available. If your wireless router is older or is set to WEP security, it needs to be changed. WEP has been cracked awhile ago and is not secure. Change this to WPA or preferably WPA2. Change your SSID from factory default and make sure that the router is set to not broadcast the SSID. And last but not least, change the administrator password on your router; it is set to a standard default password from the factory.
4. Make sure you have a firewall installed, either one built into your internet router or use the built in Microsoft firewall.
– Continues in next post –