Strive Technology Consulting https://www.striveit.com Sun, 12 Feb 2017 15:12:13 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.2 Cyber Security for Small Businesses https://www.striveit.com/2017/01/cyber-security-for-small-businesses/ https://www.striveit.com/2017/01/cyber-security-for-small-businesses/#respond Fri, 13 Jan 2017 22:17:05 +0000 http://www.striveit.com/?p=1708 If you want to learn more about how to develop your own cyber security plan for your small business, we discuss how to develop one custom-tailored for your organization, as well as general best practices all businesses should follow.

The post Cyber Security for Small Businesses appeared first on Strive Technology Consulting.

]]>
Cyber security for small businessesCyber Security for small businesses is one of those black giants that everyone “knows” is important, but most people don’t know what they really need to do to get it.  Many small businesses leaders think that their businesses are not at risk because they are small, unimportant, and therefore not worth hacking.

This is a dangerously false belief.

Security expert Brian Krebs recently published his Immutable Laws of Data Breaches, and they can shed light on why even SMB owners should be concerned about cyber security:

  • If you connect it to the Internet, someone will try to hack it.
  • If what you put on the Internet has value, someone will invest time and effort to steal it.
  • Even if what is stolen does not have immediate value to the thief, he can easily find buyers for it.
  • The price he secures for it will almost certainly be a tiny slice of its true worth to the victim.
  • Organizations and individuals unwilling to spend a small fraction of what those assets are worth to secure them against cybercrooks can expect to eventually be relieved of said assets.

 

Everyone’s network is at risk and has valuable data.  Ask yourself how much it is worth to you, not to the hackers.  What fraction of that value are you willing to invest to ensure it remains safe?

 

What SMB’s Should Do – 3 Steps

If you are an SMB trying to secure your own network, start with the following three steps:

  1. First, look at what you are wanting to secure ehendro. Think about physical equipment, data in all of its locations and applications, trade secrets, the network as a whole, and any other areas of concern.
  2. Next, for each of these areas, ask yourself: how would a thief gain access or steal it? You don’t have to know specific hacking techniques, general patterns are fine. For instance, data can be stolen when it is in transit (going over the internet) or at rest (stored on the hard drive). Your network can be accessed by nefarious/unwitting employees or remotely over the internet.
  3. Finally, go through each of these areas and each “attack vector” from step 2 and develop a plan for securing against each attack. If you are concerned about physical theft, add “move equipment to locked rooms” to your security plan. If you are worried about social engineering—people tricking employees into divulging information—then develop a training to inform them of the threat and put policies in place to get authorization before giving out sensitive information.

That is a good method for creating a s custom security plan for your unique environment.  You can also use the following general precautions every business should consider if they are concerned about security:

  • Have a business class firewall protecting the network. The cable or DSL modem that your ISP gave you is not sufficient.
  • Antivirus should be on all computers. This should update automatically and scan, in real time, all accessed files or devices (e.g. USB thumb drives).
  • Antimalware should be on all computers. This is similar to antivirus, but it looks for different kinds of malicious software.
  • Have a service scan and filter website traffic. This will help ensure software doesn’t make it to your computers, so AV won’t have to catch it. It can also help you block certain types of traffic, such as pornography or gambling, to keep your employees more productive.
  • Find a good email filtering service. This is not just for spam, though that is a good benefit. Most ransomware these days is transmitted through email, so make sure it is clean before it makes it to your computers.
  • Install encryption on all servers and workstations and make sure your sensitive data is stored there. This way, if something gets lost or stolen, your data is inaccessible to the thief.
  • Install physical locks protecting network equipment, servers, and any sensitive data storage devices.
  • Have Good Backups! As good as your security is, assume the thieves can get away with something.  Make sure they don’t steal the only copy.  See our series on backup and disaster recovery for more info on this.
  • Training and education. New security threats are always coming up and old ones are becoming new again. You and your employees don’t need to become security experts, but if they can be aware of what is out there, they will be in a better position to protect the company.

We would love to help you put together a cyber security strategy for your business.  If you are interested, please contact us for a free consultation!

The post Cyber Security for Small Businesses appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2017/01/cyber-security-for-small-businesses/feed/ 0
Why Do Hackers Write Viruses? https://www.striveit.com/2016/08/why-do-hackers-write-viruses/ https://www.striveit.com/2016/08/why-do-hackers-write-viruses/#respond Thu, 18 Aug 2016 15:35:17 +0000 http://www.striveit.com/?p=1074 Hackers can make a lot of money stealing your data and selling it back to you or to other hackers and criminals. Read more to find out how.

The post Why Do Hackers Write Viruses? appeared first on Strive Technology Consulting.

]]>
Hacker writing a virusIt’s All About the Money

Everyone hates viruses.  They are annoying, slow your computer down, and don’t seem like they’re doing much.  So why do hackers write viruses?  Is it just to be annoying little punks who want to feel powerful?  There is probably some percentage of viruses that get released that way.  But most often, it’s all about money.

First: Steal the Data

The first thing virus writers think about is what data they want to steal.  This can be social security numbers, health records, email credentials, active email addresses to spam (i.e. your address book), or any other type of data.  Sometimes it’s not even data they’re stealing, it’s resources.  They can use your computer’s CPU and internet connection to mine bitcoins, launch attacks on the people they’re really after, send spam, etc.  And it doesn’t matter if you don’t have these things on your computer.  They’re usually not targeting you specifically, they just release the virus on the public hope it lands on valuable computers.

Next: Bundle the Data

If someone steals your credit card, you will cancel it.  One stolen credit card number isn’t worth very much.  But thousands of credit card numbers are worth something, because some fraction of those people won’t know their cards are stolen, and the numbers will still be good.  The same goes for email accounts, health records, spam lists, and most other easily-stolen data.

Last: Sell it to Hackers & Criminals

That’s right: Hackers are stealing your data to sell it back to other hackers.  If someone can buy a thousand social security numbers and health records for $500 per bundle, 10 of those might be good and they can create fake identities, selling them for $1000 apiece.  (I’m making up the numbers, but you get the idea.)

Or: Sell it to Users

In the case of ransomware, they aren’t selling the data to other hackers.  They steal (encrypt) your data and then sell it back to you.  If you are new to ransomware, check out our article on Cryptolocker for a description of how it works.

Recap: Why do Hackers Write Viruses?

Because they can make money.  Good spammers can make six figures per year, but they need lists of real email addresses.  CryptoLocker was thought to have made $30 million, but they need access to computers so they can encrypt users data.  Viruses are how they get this data.

What can you do about it?

  1. Get a good firewall and spam filtering service
  2. Get good antivirus and anti-malware software on your computer and update/scan regularly
  3. Keep your computer and all programs up to date
  4. Back up your data often

If you are worried about your security and how well protected you are against viruses, contact Strive for an evaluation.  We can help keep you safe, secure, and always running smoothly.

The post Why Do Hackers Write Viruses? appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2016/08/why-do-hackers-write-viruses/feed/ 0
HIPAA Compliance Self-Assessment https://www.striveit.com/2016/08/hipaa-compliance-self-assessment/ https://www.striveit.com/2016/08/hipaa-compliance-self-assessment/#respond Tue, 02 Aug 2016 22:27:28 +0000 http://www.striveit.com/?p=1168 HIPAA compliance is scary and difficult, and for small practices it can seem unreasonably burdensome.  For those businesses, we offer one of the most comprehensive HIPAA Compliance services in the industry.  Find out more about it here. For those still in the research phase, we would like to offer you this HIPAA Compliance Self-Assessment.  This is […]

The post HIPAA Compliance Self-Assessment appeared first on Strive Technology Consulting.

]]>
HIPAA Compliance Self-AssessmentHIPAA compliance is scary and difficult, and for small practices it can seem unreasonably burdensome.  For those businesses, we offer one of the most comprehensive HIPAA Compliance services in the industry.  Find out more about it here.

For those still in the research phase, we would like to offer you this HIPAA Compliance Self-Assessment.  This is by no means comprehensive, but it will point you in the right direction in your research. Read on to learn what you can do to become HIPAA complaint.

 

Security Policies and Procedures

Establish policies in order to handle and manage all security violations

  • Are your employees aware of the penalties that ensue from security violations?
  • Are internal penalties in place for employees who violate security procedures?
  • Do all your users know what to do in the event of security incidents or issues?
  • Is there a process in place to document, track, and address security issues or incidents?
  • Have you hired someone to track all security logs, reports, and records?
  • Do you have a security official in charge of a password and smart security policy?
  • Have you ever undertaken a risk analysis?

Documentation

In the event of an audit, you will need to prove your compliance.

  • Have you written down your security policies and procedures for your records?
  • Do you have documentation proving you’ve trained all your employees?
  • Do you have documentation proving you performed security risk assessments (SRA’s)?
  • Where the SRA shows shortcomings, do you have a remediation plan written down?
  • Do you have copies of all Business Associate Agreements (BAA’s)?
  • Do you have an incident management plan to show the auditors?
  • Is all of your documentation updated regularly and do you keep old versions to show progress?

Access Management

Restrict access to ePHI to those who have permission to access it.

  • Do you have measures in place to authorize or supervise access to ePHI?
  • Are there processes for determining the validity of access to ePHI?
  • In the event of employee termination, is their access to ePHI blocked?

Security Awareness Training

Establish a security awareness training program for all staff.

  • Are employees regularly reminded about security concerns?
  • Do you hold meetings about the importance of password, software, and IT security?
  • Are your employees aware of the process surrounding malicious software?
  • Do you have procedures for regular review of login attempts?
  • Do those procedures check for any discrepancies or issues?
  • Have you established procedures to monitor, manage, and protect passwords?

The Worst Case Scenario

Implement a plan for the protection and use of ePHI in the event of an emergency or disaster.

  • Are there tested and revised plans in place for an emergency?
  • Have you analyzed the applications and data needed for these emergency plans?
  • In the event of a disaster (I.T.E.O.A.D.), can you make or retrieve copies of ePHI?
  • I.T.E.O.A.D… Can you restore or recover all ePHI?
  • I.T.E.O.A.D… Will your ePHI be protected?
  • I.T.E.O.A.D… Can critical ePHI related business functions be completed?

 

I would like to thank Harrison Depner for this HIPAA Compliance Self-Assessment, first published at Kasey’s blog.

The post HIPAA Compliance Self-Assessment appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2016/08/hipaa-compliance-self-assessment/feed/ 0
6 Things to Consider Before Upgrading to Windows 10 https://www.striveit.com/2016/07/6-things-to-consider-before-upgrading-to-windows-10/ https://www.striveit.com/2016/07/6-things-to-consider-before-upgrading-to-windows-10/#respond Fri, 01 Jul 2016 18:24:46 +0000 http://www.striveit.com/?p=1175 Upgrading to Windows 10 has a lot of benefits, and a lot of potential pitfalls. We give you 5 things to consider before upgrading to Windows 10, plus the advice we're giving to our clients.

The post 6 Things to Consider Before Upgrading to Windows 10 appeared first on Strive Technology Consulting.

]]>
Windows 10 upgrade imageWindows 10 Upgrade Is Available

Windows 10 has been available for a year now, and Microsoft wants everyone to upgrade to it.  You may have even seen some of the “invitations” to upgrade.  They’ve been pretty pushy about it.

As with all Microsoft upgrades, this is a mixed bag.  You may want to do it, you may not.  To help in your decision, here is a list of 6 things to consider before upgrading to Windows 10.

Upgrade Considerations

  1. The upgrade is free, but only for another month.  Microsoft is offering free upgrades via Windows Update until  July 29.  After that, you will have to pay for the upgrade.
  2. The Start menu is back.  One of the biggest complaints about Windows 8 was the removal of the Start menu.  Microsoft listened to the feedback and brought it back for Windows 10.
  3. New look & feel. Some people love it for its simple and sleek look.  Some hate it, finding it over-stylized and less functional.  This shouldn’t make or break your decision, but realize it is different.
  4. Not all software & hardware is compatible. Even some newer computers were designed with components that couldn’t be used with Windows 10, or haven’t been tested yet.  So before you decide to upgrade to Windows 10, call your computer company and make sure they have up-to-date drivers for all of your PC’s components.  Also call your major software vendors and make sure their software has been tested on Windows 10.
  5. Upgrading can fail.  All of the upgrades we have seen and performed have gone smoothly and successfully.  However, we have also heard about a lot of unsuccessful attempts.  In fact, a company in Seattle just sued Microsoft–and won–for lost wages and a new computer because of a failed (and unauthorized) upgrade to their computers.
  6. The cost of upgrade problems. If the upgrade goes south, your computer(s) may be less efficient, may crash more, may become unusable, or may lose data.  It will probably go fine, but plan on a couple of days of problems, inefficiencies, and getting used to the new changes.

Our Advice

After considering all of the above, ask yourself why do you want to upgrade?  Do you need it?  If there are tangible benefits to Windows 10 that you really want now, then it is worth the risks.  Call your PC manufacturer and software vendors and make sure they all support Windows 10, then go ahead and upgrade.  If there isn’t a specific feature or set of benefits you are trying to leverage, we recommend not upgrading.  We generally recommend replacing computers every 3-5 years (click here to find out why).  And Windows 7 and 8 will be under official Microsoft support until 2020 and 2023.  This means you can upgrade to  Windows 10 safely as you replace your older machines rather than doing somewhat risky in-place upgrades on your existing production machines.

 

Have questions on Windows 10 upgrades or how to create a technology plan so you don’t have to worry about these kinds of things?  Call us today for a free 30 minutes telephone consultation!

The post 6 Things to Consider Before Upgrading to Windows 10 appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2016/07/6-things-to-consider-before-upgrading-to-windows-10/feed/ 0
A Better Way To Handle Passwords https://www.striveit.com/2016/04/better-way-handle-passwords/ https://www.striveit.com/2016/04/better-way-handle-passwords/#respond Tue, 26 Apr 2016 20:17:39 +0000 http://www.striveit.com/?p=1033 We all know we're "supposed" to have different passwords for every website. But who actually does that? Read on to find out how to have different passwords for all your websites, and never forget them all again.

The post A Better Way To Handle Passwords appeared first on Strive Technology Consulting.

]]>
A better way to handle your passwords. Laptop with sticky notesWe all know we’re not supposed to re-use passwords. Password security is tricky. We have heard the security experts telling us for years that it is dangerous to use the same password for multiple websites or accounts. Once a hacker gets your password from one site, the logic goes, they have your password everywhere.

But we all do it anyway. It was reasonable advice to give back when you had a secure password to your computer, your email, and maybe your bank. But with the cloud proliferating, we can easily have dozens or even hundreds of accounts. It’s like exercising every day and not eating sugar. We all know it’s a good idea, but we all know we’re not going to do it.

Password Managers: A better way to handle passwords

Here’s a novel idea: let technology fix the problem that technology has caused. Computers are really great at remembering things, even hundreds of passwords – you can use your own to strengthen your password security! How?

Password managers give you the best of both worlds: One secure password gets you into all your websites, and all of your websites have different passwords!

Here’s how it works. You install a piece of software on your computer and give it a strong “master” password. Then, when you sign up for a new website, it will see what you’re doing and ask, “would you like me to remember this password for you?” It can even generate secure passwords for you so you don’t have to think about it. Once you have everything set up, you’ll only ever need to remember two passwords, one for your computer and one for your password manager.

Our Suggestion for Password Security

There are a lot of good password managers out there, but we are going to recommend LastPass. It is very secure, easy to install, easy to use, and free! (They also have a paid version with advanced features.)

Plus, everything is stored securely in the cloud. This means you can safely sync all of your passwords across all your computers and mobile devices—Windows, Mac, Linux, iPhone, iPad, Android phones and tablets, even Blackberry.

The security-conscious among us understand it’s hard to trust whether a company is telling you the truth about their security. LastPass let a well-respected independent auditor examine their code, and he gives it a thumbs up!

LastPass double- and triple-encrypts everything while it is on your computer, including your master password, before passing it all up to the cloud. This way, no one from the company has any way to access your passwords.

How To Start

Getting started with the LastPass password manager is easy: go to the website and install it. It will ask you for a username and password. Then, just open your preferred internet browser like normal. As you enter passwords, LastPass will offer to save them for you. When it alerts you of a website that has the same password as another, just change this as it comes up. It’s that easy!

The post A Better Way To Handle Passwords appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2016/04/better-way-handle-passwords/feed/ 0
How to Hire an IT Consultant https://www.striveit.com/2015/02/how-to-hire-an-it-consultant/ https://www.striveit.com/2015/02/how-to-hire-an-it-consultant/#respond Sun, 22 Feb 2015 23:40:16 +0000 http://www.striveit.com/?p=1006 This article includes what to look for, what to ignore, and what to run away from when interviewing and hiring a new IT company. Take it from the professionals, we know what makes a company in our industry good and can give you some great advice in your search.

The post How to Hire an IT Consultant appeared first on Strive Technology Consulting.

]]>
interviewThe Big Secrets: Want to know the big secret about how to hire an IT consultant?  Here it is:  Everybody can fix computers.  It’s true.  Anyone with the slightest talent for technology can be trained as a competent IT technician.

Lean in a little bit and I’ll let you in on big secret number two.  Ready?  All IT companies can fix computer problems equally as well.  Unless you are in the 0.5% of all companies out there that truly have a unique computer problem no one has seen, all tech support vendors will be able to fix your problems.

What does this mean for you?  When you are comparing IT companies to hire, don’t listen to them tell you they will fix your problems better than the competitor or your current vendor.  True, there are some actually bad and unskilled tech support providers out there, but you won’t be able pick them out of the crowd.  Just assume that when you call up any IT company with problem x, they will all be able to fix it.

Learn How to Hire an IT Consultant

The Real Differentiators: There are really only 3 ways that IT support companies differ from each other, which you should take into consideration when deciding how to hire an IT consultant:

  1. How they treat you: How they treat you is crucial. You don’t want to rely on Nick Burns to fix your computers.  Ask to call in to the tech support desk on a test call to see how they are.  Ask about their mission and company values and how they attract good people.  A tech consulting company’s hiring process will tell you a lot about the friendliness of the staff.
  2. How they ensure all their clients get good results: References from current clients are great, but has everyone ever given you a bad reference?  No.  The question is not whether they have some happy customers.  The question is how do they ensure their entire client base receives the same results as their favorite clients and references.  “We’re really good,” isn’t a good enough answer.  If they don’t have clearly defined processes and systems in place to ensure these results, they can’t guarantee them across the board.
  3. Knowledge and skill of employees:  As big as this one sounds, it is the least important of all differentiators.  What happens when the genius that used to take care of you gets hired by Google?  Who will replace him?  If that question worries you, then go back to #2 and ask that question again.

So don’t let the sales guy tell you that they can fix computers better than the other guys because they have smart employees, they’ve been doing it a long time, and they’ll assign you the best tech.  This is a recipe for disaster. Similarly, if you are unhappy with the tech consulting company you currently employ, “we will do better” isn’t a very good response when you ask them about the problem.  If they could really do better, why haven’t they already?

What To Ask An IT Company – Before You Pay

Here are some other questions to keep in mind when interviewing an IT support company, in no particular order.

  • Do you track your support metrics? Will you share averages with us?  This is a great way to compare claims of competence against competitors.  IT is a very measurable industry.  If they aren’t tracking these metrics, how can they know how to improve?
  • Do you use automatic remote monitoring tools? I hate asking this because it should be universal.  If they say no, run away.
  • Aside from installing a few tools, what do you do that is really proactive? If they claim to provide proactive tech support, make them back up their claims.
  • Let’s just assume you can fix my problems after they occur.  How are you going to keep them from happening in the first place?  Same as the last question, stated a different way.
  • What will you do to get to know us specifically as a client and how our business works? Even if they have a lot of clients, they should be able to give you advice and guidance customized for your particular needs.  Make sure they know how to do this.
  • Do you have a technology steering process?  You want to know your technology will be kept up to date, but you also don’t want to be “sold” on the latest fad.  Make sure they have a well defined, intentional way of providing solid advice. Will they steer your technology over time.
  • Are there multiple plans to select from? If so, are some missing key ingredients? This is a red flag of an inferior level of service.  Saving the money isn’t worth it, and neither is working with an IT support company that is willing to offer such a service to its customers.
  • Are they significantly less expensive than others? This is another red flag.  It costs a certain amount of money to provide quality IT support.  If some companies are significantly less than others, then they are not offering the same service. Or they are cutting corners somewhere.

What To Do Next

If you are unsure about how to proceed with an tech consulting company interview, please get in touch with us.  Yes, we understand how self serving it sounds to ask an IT company how to hire an IT consultant, but take a look at our mission and values.  We aren’t just in the business of technology consulting, we’re in the business of making people’s lives better.  If we can help out with some advice or to provide an honest counter proposal, we would be happy to do so.

The post How to Hire an IT Consultant appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2015/02/how-to-hire-an-it-consultant/feed/ 0
How to Avoid Computer Viruses – Part 2 https://www.striveit.com/2015/01/avoid-computer-viruses-part-2/ https://www.striveit.com/2015/01/avoid-computer-viruses-part-2/#respond Mon, 26 Jan 2015 17:59:46 +0000 http://www.striveit.com/?p=985 Part 2 in our series on How to Avoid Viruses. This covers the remaining 3 ways to protect your computer from getting viruses.

The post How to Avoid Computer Viruses – Part 2 appeared first on Strive Technology Consulting.

]]>
Note: This is the second in a 2 part series on how to avoid computer viruses and malware.
Read Part 1 here.

Computer ShieldThe One Way to Get a Computer Virus

There is only one way your computer can get a virus: by running a bad program.  It’s not browsing websites or opening email attachments that will give you the virus, but doing these things can launch that bad program behind your back. The following list describes how you can start avoiding computer viruses and keep your data information safe.

“There is only one way your computer can get a virus: by running a bad program.”

 

4 Techniques to Avoid Computer Viruses:

1. Read links – The best way to avoid computer viruses is to keep them from getting on your computer in the first place.  Hover over a link before you click on it and see where you are going.  See Part 1 in this series for more information on this crucial first step of virus protection.

The same applies for popup warnings on websites.  If you don’t know what the message means, or aren’t expecting it, don’t click “Yes.”

2. Good Virus Protection Software – You need good antivirus software on your computer.  This is essential.  We recommend Kaspersky Antivirus: we install it on our clients’ computers because of its effectiveness and minimal impact on performance.  In our experience, Norton and Symantec products have a negative impact on performance and we do not recommend them.  See the AV Comparatives website for a comparison of many AV products out there.

You should also have good anti malware software.  While many traditional AV programs offer anti malware features, most are not as good as MalwareBytes, the product we currently use.  You would think AV software would catch it all, but it doesn’t appear to work out that way.

We also offer our clients a third layer of protection, which is filtering website traffic before it comes into the network, thereby blocking known bad pages.

3. Keep everything up to date – Virus writers look for known security holes and exploit them.  The easiest way to prevent this is not to have security holes.  Do this by keeping all of your software up to date, especially Windows, Adobe Flash player, Java, and all of your web browsers.

Having said that, remember that sometimes having the latest and greatest introduces incompatibilities.  Internet Explorer fixes security problems with new releases, but also breaks certain websites, so this is a balancing act.

4. Beware email attachments – While it is possible to get infected from a virus merely by receiving a bad email, these are exceedingly rare.  Far more common is receiving an infected attachment and opening it.  First of all, all of your email should be filtered by at least one spam filtering service.  Second of all, don’t open any attachment you aren’t expecting.

If someone sends you something out of the blue that doesn’t make sense, that you didn’t ask for, or that’s out of character, don’t open it.  Reply back and ask if it’s legitimate.  If they say it is, and you know the person, then go ahead and open it.  If not, they’ll probably appreciate that you just let them know they are infected.  Then send them this article so they can be as clean and well informed as you are!

Virus protection is an essential component of your system’s functionality. If you or your business needs help implementing a professional security protection system to help avoid computer viruses, please contact us!

The post How to Avoid Computer Viruses – Part 2 appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2015/01/avoid-computer-viruses-part-2/feed/ 0
How to Avoid Computer Viruses – Part 1 https://www.striveit.com/2014/12/avoid-computer-viruses-part-1/ https://www.striveit.com/2014/12/avoid-computer-viruses-part-1/#respond Sun, 07 Dec 2014 03:03:45 +0000 http://www.striveit.com/?p=959 Part 1 in our series on How to Avoid Viruses. This covers the the most important technique in avoiding viruses: hovering over links and how to read them to ensure you are going to safe places.

The post How to Avoid Computer Viruses – Part 1 appeared first on Strive Technology Consulting.

]]>
Note: This is the first in a 2 part series on how to avoid computer viruses and malware.

 

Computer Shield

The Best Way to Avoid Computer Viruses

Forget antivirus software – use this simple technique below to avoid computer viruses before they ever infect your computer. The best way to avoid viruses is to know which website and email links are dangerous, and not to click on them.  Below are the steps to make virus protection simple.

 

Step 1: Hover Over the Link in Question

Hold the mouse over the link and don’t click on it.  You will see the website link you are about to click on, either at the bottom of the screen or in a popup next to the mouse.

Step 2: Look at the Domain mock_fraud_letter

Here is the big secret of looking at website links: ignore the http:// part, and look at the two words before the first slash.

For example, look at the link http://www.google.com/search?q=look+for+stuff. The two words before the first slash are google.com.  This tells you you’re going to Google.  Now look at the image to the right (click on it to enlarge).  The mouse is hovered over the link that claims to be http://www.BankOfAmerica.com, but the popup shows the actual site to be: http://www.bankofamerica.com.hack.com/ThisIsAHackedWebsite/YouAreNowInfected.htm.  If you look at the two words before the first slash, you will see is is actually going to hack.com.  You don’t trust hack.com, so you don’t click the link.

The simple steps highlighted above are crucial for virus protection. Follow these two steps whenever you are clicking on a link from an unexpected email or mistrusted website, and you will take a huge step toward never getting a virus again.

International Note: This trick works if you are in the US, where most domains in .com.  If you are in, for instance, the UK where domains end in .co.uk, then look for the 3 words before the first slash.

The post How to Avoid Computer Viruses – Part 1 appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2014/12/avoid-computer-viruses-part-1/feed/ 0
5 Steps to Avoid Credit Card Breaches https://www.striveit.com/2014/09/avoid-credit-card-breaches/ https://www.striveit.com/2014/09/avoid-credit-card-breaches/#respond Wed, 17 Sep 2014 18:32:37 +0000 http://www.striveit.com/?p=931 Even small businesses are susceptible to the kind of security breaches that Target and Home Depot experienced because they were all compromised by spyware. In this article, we discuss how to minimize the risk you face in this arena, and how to protect your customers and your own reputation from credit card thieves.

The post 5 Steps to Avoid Credit Card Breaches appeared first on Strive Technology Consulting.

]]>
Avoid credit card breaches. Image: Credit Card Lock

The Problem With Credit Card Breaches

As it turns out, credit card security is not something the tech industry has completely figured out. We have all heard about the stolen data and credit card numbers at Target, Neiman Marcus, and most recently Home Depot.  Credit card breaches affected over 70 million customers.

What is less well known is how this breach actually happened.  The answer: spyware caused the data breaches. In fact, the same malware caused both the Target and Home Depot breaches.

Most people think of viruses and malware these days as just causing popups and slowing down computers.  But they can do anything.  In this case, malware programs such as Backoff, BlackPOS, and Kaptoxa are designed to steal credit card data.  Computers infected with this malware read the credit cards as they’re being swiped and send the customer’s info to the malware owners. These people then sell it on the black market. This leads directly to huge amounts of credit card fraud.

Malware is responsible for data and credit card breaches. Small businesses are just as susceptible to this problem as large businesses. If your business swipes credit cards, take steps to protect your customers and your reputation.

Small businesses are also susceptible to credit card fraud

Don’t think that hackers are specifically targeting the Targets of the world because they get a bigger payoff.  It costs them nothing to infect small businesses, so they do.  In fact, the Secret Service is reporting that more than 1,000 American businesses were infected by the same malware that got Target, and that report was released a month ago.  Given the typical growth patterns for viruses, I’m sure you can imagine what that number is today.

So if you accept credit cards from your customers, consider yourself a target and take steps to protect yourself.

5 steps you can take to help secure your company from similar data breaches

  1. Protect Against Malware

    These days, there are so many ways to infect a computer. You need a multi-layered approach to malware protection.  First, start with endpoint protection.  This should include antivirus and anti-spyware software on all computers.  Second, protect your entire network by using a content filter that scans all traffic in and out of the network for malware.

  2. Isolate Financial Computers –

    Ideally, Point of Sale computers will never need to get onto the general internet.  They will need to contact your credit card company, your PoS software company, and that’s it.  If this is the case, you can create special firewall rules that block all traffic from PoS computers that isn’t going to one of those two destinations.  That way, even if your PoS computers do get infected, they can’t phone home with the stolen credit card data.

  3. Network Security Best Practices

    No matter what business you are in, your company should be following general network security best practices.  Your IT support provider should be doing regular checks to ensure all of your computers, remote computers, networking equipment, and public-facing services are configured optimally for security.  (And they should be doing this as part of their service, even if you aren’t asking for it.)

  4. Upgrade PoS devices

    Magnetic strips on credit cards have inherent security flaws.  Anyone can read a magnetic strip, save that data, and sell it on the black market.  And anyone who buys that data can create fake credit cards.  Credit card fraud is widespread, but the credit card industry is moving quickly to put smart chips in all credit cards.  These chips have their own security flaws, but one of the big advantages is that they are very difficult to duplicate.  So even if thieves steal the data from the cards, it won’t do the thieves any good because they can’t use it. As of October 2015, the credit card industry has mandated that all businesses must upgrade their PoS machines and card swipes.  Do this sooner than later to protect your customers.  As an added incentive, if you haven’t upgraded and someone’s card data is stolen from you, they will place all of the liability on you for not upgrading.

  5. Get a PCI-DSS Audit

    Hire a company to come in and perform an audit to make sure you are PCI compliant.  (PCI-DSS stands for Payment Card Industry Data Security Standard.)  They will go through your setup and make sure you are compliant with a minimum set of security standards and that you are handling customer’s data securely.  But this is a minimum standard; both Target and Home Depot were PCI compliant.  Think of this audit as table stakes to play the credit card game, not as a panacea to fix all security problems.

Credit card security is an issue your company must address. For help securing your network to minimize any risk of you being the next Target, please give us a call. We would be happy to discuss how Strive Technology Consulting can help you avoid credit card breaches within your company.

The post 5 Steps to Avoid Credit Card Breaches appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2014/09/avoid-credit-card-breaches/feed/ 0
Bad Microsoft Updates Causing Blue Screen Crashes https://www.striveit.com/2014/08/bad-microsoft-updates-causing-blue-screen-crashes/ https://www.striveit.com/2014/08/bad-microsoft-updates-causing-blue-screen-crashes/#respond Tue, 19 Aug 2014 00:26:01 +0000 http://www.striveit.com/?p=912 Microsoft has released some updates that are causing computers to crash with a blue screen error. We describe how to remove the updates if they are already installed, and how to boot your computer again if it has already crashed.

The post Bad Microsoft Updates Causing Blue Screen Crashes appeared first on Strive Technology Consulting.

]]>
bluescreen1Microsoft releases updates to fix bugs once a month.  Last week, they released a lot of updates, 3 of which are causing computers to crash and blue screen after a reboot.  Microsoft references three of these updates with their support article ID numbers. The numbers are are KB2982791, KB2976897, and KB2970228.

If your computers are set to use automatic updates, it may have already installed them.  It is an intermittent problem, therefore you may not have seen it cause problems yet.  See articles here and here for more information and a description of the problem.

If you are one of our Managed Services customers and you’ve installed our management software on your computers, you don’t have to worry about this. You will not be receiving these updates.  If not, please follow the instructions below to uninstall these updates.

Finally, if you are already experiencing this problem and your computer won’t turn on, have your IT provider boot the computer with an external “boot CD.” Then delete the C:\Windows\System32\FNTCACHE.DAT file.  That should allow the computer to boot, after which you can remove these updates.

Please contact us if you:

  • Do not have an IT provider
  • Need help removing these updates
  • Would like to hear about our Managed Services program, which will keep you from having problems like this.

Step by step instructions on how to uninstall an update

1.  Go into your Control Panel and open Programs and Features
uninstall1

 

2. Click “View installed updates”

Your computer will show you which updates installed, rather than which software programs.

uninstall2

3. Type one of the three article numbers into the search box

The article numbers are KB2982791, KB2976897, and KB2970228.  You will see that the article ID in the example image below does not match one of the these.  I have not installed these updates on my computer, so I cannot give you true example screenshots of what it will look like.  In place of these articles ID’s, I used “KB2826003,” which is a benign Office update.  Ignore the number in the image and replace it with each of the three above.

uninstall3

 

4. Make sure the article ID you searched for is in the title of the update.

Highlight that update, and click the Uninstall button.  Follow the wizard and accept all prompts.

uninstall4

 

 

The post Bad Microsoft Updates Causing Blue Screen Crashes appeared first on Strive Technology Consulting.

]]>
https://www.striveit.com/2014/08/bad-microsoft-updates-causing-blue-screen-crashes/feed/ 0