Hackers continue to target online banking transactions as many SMBs do not realize the vulnerabilities in their current arrangements with their bank. Left unaddressed, you run the risk of allowing cyber-criminals to steal tens of thousands of dollars right from under your nose.

In a recent attack, cyber-thieves managed to get away with $63,000 after they exploited vulnerabilities in the online payroll system of a small business with its bank.

First, the crooks managed to infiltrate the company’s system through a piece of malware called the Zeus Trojan. This gave them access to the company’s data, including the password and username used in transacting with the company’s bank. The thieves then created several new ghost employees and created payroll accounts for them, which they sent to the bank and authenticated using the company controller’s username and password. And to cover their tracks, the hackers erased the confirmation emails regarding the transaction.

This incident highlights the need for better security systems in both the business and their bank – as security experts cite online banking transactions as one of the favorite targets of cyber-criminals. Cyber-attacks such as this one exploit weaknesses in many existing systems that rely on very simple and automated authentication procedures to confirm transactions.

A direct threat to your business finances is not something to be taken lightly. You not only need to review your current online banking system, but also the current security protocols you have installed, since hackers and cyber-criminals are constantly updating Trojans and other malware to adapt to changing IT protection systems.

We encourage you to have us take a look at the systems you have in place to determine if you are at risk for attacks like these. Please do not hesitate to contact us and we will be happy to draw up custom security solutions that address your specific needs.

References:
Sold a Lemon in Internet Banking
Cybercrooks Drive Away With $63,000 from Car Dealership

Initiatives such as WebBlaze and BitBlaze from the mind of IT genius Professor Dawn Song are setting the bar high for security, constantly providing solutions developers can use to create better security for their clients.

If you think hackers are the only ones doing their research to release newer and scarier viruses and malware on the web, think again. It is comforting to know that there are also very capable people doing what they can to make the internet a safer place – like Professor Dawn Song, associate professor at the University of California at Berkeley and MacArthur Foundation fellow.

In a nutshell, Professor Song has been looking at different ways to make the internet experience more secure. Her two initiatives – WebBlaze and BitBlaze – are aimed toward developers who want to create better and much more secure programs and applications.

WebBlaze is a compilation of different strategies from Song and other like minds who tackle different problems and solutions in all sorts of platforms, and BitBlaze is an analysis tool for malicious software. While we won’t go into too much detail (it involves very complicated math), the gist is that Song and her colleagues are drawing up some very solid solutions to constantly evolving security issues on the web.

It’s exciting to see developments like these in the security industry. As threats continue to evolve, so does the means through which they are fought. The more we use the internet and the more the online experience becomes integral to the day-to-day operations of businesses big and small, the more important securing your data and information becomes. And because of efforts such as Professor Song’s, we can expect security programs to be much more effective and efficient as time passes.

Know more about BitBlaze and WebBlaze

Learn more about Dawn Song here

If you are looking to assess and beef up your security systems, we’d be happy to sit down with you and take a look at improvements that can make your business and your data much more secure.

The drive to be more intimate can benefit your business. If you have a tighter circle of customers, you will establish yourself as a channel for consumption. This will make your next sale easier compared to the first.

November 17, 2010 was declared by Jimmy Kimmel during his television show as “National Unfriend Day”, the opportunity for all Facebook users to declutter their Facebook pages by “unfriending” people in their friends’ lists. He claims that Facebook has been “cheapening” the idea of friendship. To many the idea was hilarious, but others are seriously considering the wisdom of unfriending.

Is Kimmel on to something here? Can unfriending benefit your online business?

Research shows that as social media gets bigger, we’re getting smaller. Brian Wong, a network marketer says it simply: “With the growth of social networking, I am finding it increasingly difficult to separate business connections and personal connections.” He says that having almost 1,000 friends on Facebook has made it difficult for him to see the feeds and updates of his “real” friends and important business partners.

Lately there is a growing trend of de-scaling on the internet. People have started “pruning” their social lives online. For example, the popular Farmville app lost 30 million players this year, and people are beginning to realize that conversations and comments are more important than a huge number of blog hits.

So how can de-scaling and unfriending help your business? The drive to be more intimate can benefit your business by allowing you to form a tighter circle of customers, more successfully establishing you as a preferred channel for consumption.

Luckily, there are tools that can help you descale your social networks:

1. Path – Offers small-scale communities where people feel more comfortable sharing personal information. It controls who can view your information and does not include features that make your content viral.
2. Letter.ly – A subscription-based newsletter for bloggers who feel that public posts decrease the quality of conversations. This newsletter opens discussion only to people who pay, or who are privately invited to read a blog post.
3. GroupMe – A texting app which limits your group text participants to only 14, to ensure that meaningful dialogues take place.

What about the flip side of unfriending and descaling? While you’re considering who to eliminate from your social circles, your contacts are likely doing the same. Here are some tips to help you make their cuts:

1.       Be selective in your communications.
Of course, your product is important – to you. But not every little detail is as important to your audience. Be sure to focus on key features and benefits from your audience’s perspective.

2.       Stay on topic.
Always give relevant communications to your customers, and never rant or badmouth competitors. This is a sure way to lose customers.

3.       Provide value.
In addition to talking about your product or service, find ways to provide value to your circle of friends. Understand topics and pain points important to them, and provide valuable information and advice to help them succeed. You’ll soon come to be considered as a valuable resource to your contacts – one that they want to keep in their online social groups.

One thing is clear: quality is still more important than quantity, especially in the current economic downturn when people are downsizing everything. Start “pruning” your social network – and take steps to avoid being pruned – and you’ll reap the benefits of having a tight circle of loyal friends and customers.

Open Wi-Fi networks are indispensable, especially for people who need to work on the go. But without the proper security, you may find that they can prove to be troublesome as well.

These days, more and more people are on the go, and many of them bring their work with them. And in this day and age, it’s ideal if you’re working – or playing for that matter – while connected to the internet, which is often through public Wi-Fi hotspots.

While connecting to public and open-access Wi-Fi hotspots is indeed convenient, using open networks also poses risks that endanger your security. The open nature that allows anyone to use the connection also enables unscrupulous people to gain access to your private information. The whole act of stealing information from people who are using public Wi-Fi networks is called ‘sidejacking’.

There are applications such as Firesheep, for example, that provide an easy-to-use platform that others can exploit to spy and harvest personal, sensitive information from you. And since Firesheep is a Mozilla Firefox plug in, virtually anyone can download and use it to sidejack people on the same network.

You can’t be too cautious with your personal and business data these days, so you always need to have the proper laptop configuration and security infrastructure to protect your system, especially when you frequently avail of open and public networks. To know more about this, please feel free to give us a call and we’ll be happy to draw up some security options that meet your specific needs.

by Lynn Mareth, Vice President at Data Network Group

Many of you know about our upcoming Computer Disaster Planning seminar, but what you may not know is we just had a disaster of our own this past Monday morning.  We have a rental countertop hot & cold water dispenser that malfunctioned over the weekend and flooded our office and some of our neighbor’s offices. Thankfully, none of our servers or computers got wet, but half of our office space had standing water on the floor.  This is the second flood we’ve experienced in 5 years in two separate office spaces.  The last flood occurred when a toilet overflowed.

What if our servers or computers had gotten wet? What if the damage had been much worse and we couldn’t occupy our space?  Thankfully we have a plan in place for such a disaster, but many businesses do not.

Here are a few things to think about regarding disaster planning:

• Have a plan in place for possible disasters such as a flood, fire, theft, etc. Occasionally look at the plan to see if it needs updating.
• If your space is unusable due to a fire or flood, can you and your staff work from home? How will you implement this?
• Work with your IT service provider and create a plan of action in case something happens to your computers. Make sure you have a good offsite backup to start. If you absolutely cannot be down for a few days there are redundant technologies you can implement but they come at a price. Also, keep your important software installation CDs & keys in a fireproof safe.
• Know who to call and have their numbers handy if disaster does strike.
  • Landlord
  • Insurance company
  • Disaster restoration service company, plumber, etc.
  • IT service provider

If you want to learn more about disaster planning for your computing environment, sign up for our free Lunch & Learn on November 18^th at the Omni in Broomfield.

Click HERE to register for the event.  Seminar attendees will automatically be entered in a drawing for a new Amazon Kindle!

by Kerry Grimes, Senior Network Engineer / Project Manager for Data Network Group

As senior engineer at Data Network Group, I had every intention of writing this week about a cool technology we are utilizing or testing. However, blogs are about current events — and the most dramatic event in our community this week is the Fourmile fire that erupted over the Labor Day weekend in the foothills right outside of Boulder. When I woke on Tuesday morning to campfire smells and hazy smoke at my house (located 30 miles and many canyons north of Boulder), it was clear this wasn’t a minor fire.

This Fourmile fire has turned out to hit very close to home for most employees at DNG. One of our clients, Rocky Mountain Fire Department, is actively involved in fighting this fire. I’ve had only the best experiences with the folks at Rocky Fire and their collaboration makes me confident the remediation efforts are in excellent hands. Thanks RMFD and everyone involved for your efforts!

Unfortunately, DNG also has several friends and colleagues who live in the affected area of the fire, some of whom have been evacuated and whose homes are still in danger. One of our field consultants, Matt Giancola, who lived in Sunshine Canyon when he first moved to Colorado in 2002, found out that the home he lived in during that period was destroyed as well as the entire street. Matt’s friends who work at Boulder Beer and Oscar Blues are planning a benefit event for the people of Sunshine Canyon who have lost their homes. Matt and others from DNG plan to volunteer their time for this event.

DNG is also looking at other ways to support the victims of the fire. Currently, one way to volunteer is to email Volunteer Connection at: services@volunteerconnection.net.

On positive news, I heard that the “Gold Hill Inn” is still standing! I recently visited this mountain restaurant for the 1st time and it immediately became a favorite. Where else can you find an affordable 5-course meal served in a rustic wooden lodge on a street that looks like it came out of an Old West movie? Probably nowhere. That’s one place I know I’ll appreciate even more once this fire is exhausted!

It seems that even the most innocuous machines in the workplace can serve as a security threat to companies. According to this report from CBS News, many office copiers save the images they copy on a dedicated hard disk installed inside them. This means that everything from mundane memos to your most sensitive information such as financial statements and contracts are stored – and could potentially extracted.

So the next time you dispose of a copy machine, if you’re not sure what’s stored on it and how to get it off – give us a call to help out.

To see the news report, watch this video.

Users beware of ransomware: malicious software that extorts money from users in exchange for freeing the user’s computer or data. One particularly nasty version was recently discovered by researchers at CA which came bundled with a software download called uFast Download Manager. The malware blocks Internet access for users until they pay the publisher a fee via SMS. Users who download the software are immediately infected, seeing a message posted in Russian demanding a ransom under the guise of activating the uFast Download Manager application. To keep your computer environment safe, always be wary of downloading suspicious free software on the Internet. If you need help or are unsure, please contact us first so we can help!

Spanish authorities report that they have arrested the masterminds behind a string of online criminal activities using the botnet dubbed Mariposa. Mariposa is the original name of a commercially distributed Do-it-Yourself malware kit, sold online for 800/1000 EUR for “wannabe” hackers.  Along with the arrest, authorities seized sensitive data belonging to about 800,000 users in 190 countries, gathered from an estimated 12M+ infected host computers on the Internet.

What’s particularly interesting is that the cybercriminals arrested were not themselves the author of the malware, nor were they any more techincally adept than many ordinary users. They simply had access to malware widely available on the Internet, and were able to conduct a crime of such a wide scale and reach.

This illustrates that it’s become easier for many cybercriminals to conduct their nefarious deeds online, and highlights the need for more vigilance on the part of law-abiding netizens in keeping their network secure from hackers and malware.

Is your network safe? Contact us to find out.

Related articles:

• How FBI, police busted massive botnet (go.theregister.com)
• Botnet takedowns ‘don’t hurt crooks enough’ (go.theregister.com)
• Vodafone distributes Mariposa Bot, Conficker and Lineage in HTC Magic (techie-buzz.com)

Microsoft recently released a number of security bulletins and patches addressing vulnerabilities in Windows and Office that are of high risk to users. It’s widely believed that many will be exploited by hackers within the next 30 days. One of them could potentially allow hackers or malware authors to easily compromise systems by tricking users to download malicious AVI-formatted files. Others require nothing more than just visiting a website. Another specifically targets Powerpoint Viewer 2003, and opening a malicious .ppt file could affect your system.

This latest round of patches and vulnerability updates is really nothing new – although the sheer number made public in one day is notable. This highlights the need for a comprehensive security policy, because vulnerabilities do exist in even the most mundane or old versions of software. Customers under our Managed Services plan can rest easy since we monitor and update their computers as soon as these patches and advisories are released. Find out more about what we do to make your systems safe and secure. Contact us today.

Related links:

• Patch Tuesday: Microsoft plugs critical Windows worm holes (zdnet)
• Researchers warn of likely attacks against Windows, PowerPoint (computerworld)
• Microsoft delivers huge Windows security update (computerworld)