Come to the first networking event using the PoP! format, hosted by New England Web Developers Association.  There are a series of 5 minute presentations that the speakers are PASSIONATE about. There will be great snacks, a cash bar, and lots of really interesting people to meet.

Gavin Livingstone, President of Bryley Systems, an IT services and solutions company, will present:           

“First steps for mobile device security.”  

For more details, see the website: http://www.newda.org/

HP issues the following statement:

HP recently announced the potential for a certain type of unauthorized access to some HP LaserJet printers. The potential for this unauthorized access exists for LaserJet devices on a public Internet without a firewall, or for LaserJet devices in a private network, if a malicious effort is made by a party on the private network to modify the firmware of the device.

While no customer has reported to HP unauthorized access, HP has built a firmware update to mitigate this issue. To obtain the latest firmware for your product, access bulletin HPSBPI02728

SSRT100692 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default at this link:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449

Then:

1. Find your product in the table

2. If an update is available, you may click on the embedded link.

It will take you directly to the web page where the Firmware update is available.

Update your product's firmware using the instructions contained in the readme file for the firmware image. If you are an HP Managed Print Service customer, please contact your managed print services provider, who can install the firmware upgrade for you.

Because the security of our customers is of utmost importance to HP, we reiterate our recommendation to follow best practices for securing devices. This includes placing printers behind a firewall and, where possible, disabling remote firmware upload capabilities on exposed printers.

Additional information is available at http://www.hp.com/go/secureprinting

We are seeing an issue on our side about retrieving messages from the archive. 

I’ll keep you posted on this as I find out more details

Here’s our update:

Spam Soap has confirmed a problem with the Message Archiving service affecting all users such that access to archived messages via the Spam Soap Console results in the following error: "Connection to Message Archiving server failed."

Engineers are currently working to on a resolution. There are no lost messages, and there is no impact to message ingest.

Updates will be posted at www.spamsoap.com/support as they become available. We apologize for the disruption of service and the impact it may have on you.

 Spam Soap Representative

Virus Warning!

We have become aware that there is a fraudulent email being sent that claims to be from the US Postal Service or the US Post Office.  Email subject heading include "USPS Shipment Status ID#######" or "USPS Delivery Problems NR#######".  The reader is directed to click on a link or open an attachment.  This link or email attachment contains a virus and we recommend you delete the email immediately.  We advise you open emails from trusted senders only since these viruses are not restricted to this current fake Postal Sender.  If you are waiting for something from the post office, please call them first or email customerservice@ups.com. 

Links:                                                                                                                                                                                                                                                                                            Bryley’s Secure Network reduces the risk of you Company ever seeing these types of suspicious emails           

Suspicious IRS Emails

The IRS receives thousands of reports from taxpayers who receive suspicious emails, phone calls, faxes or notices claiming to be from the IRS.  The goal of these devices is to trick you into revealing personal and financial information and use several tactics such as claiming a greater tax refund, the use of IRS logos, and even have emails with a .gov address.  These communications appear to be legitimate, but these scammers are out to steal your identity and assets. 

Here are five things the IRS wants you to know about phishing scams:

1.       The IRS doesn’t ask for detailed personal and financial information like PIN numbers, passwords or similar secret access information for credit card, bank or other financial accounts.

2.       The IRS does not initiate taxpayer communications through e-mail and won’t send a message about your tax account. If you receive an e-mail from someone claiming to be the IRS or directing you to an IRS site:

• Do not reply to the message.

• Do not open any attachments. Attachments may contain malicious code that will infect your computer.

• Do not click on any links. If you clicked on links in a suspicious e-mail or phishing website and entered confidential information, visit the IRS website and enter the search term 'identity theft' for more information and resources to help. 

3.       The address of the official IRS website is http://www.irs.gov. Do not be confused or misled by sites claiming to be the IRS but ending in .com, .net, .org or other designations instead of .gov. If you discover a website that claims to be the IRS but you suspect it is bogus, do not provide any personal information on the suspicious site and report it to the IRS.

4.       If you receive a phone call, fax or letter in the mail from an individual claiming to be from the IRS but you suspect they are not an IRS employee, contact the IRS at 1-800-829-1040 to determine if the IRS has a legitimate need to contact you. Report any bogus correspondence.

5.       You can help shut down these schemes and prevent others from being victimized. Details on how to report specific types of scams and what to do if you’ve been victimized are available at http://www.irs.gov, keyword “phishing.”

 Links:

Bryley’s Secure Network reduces the risk of you Company ever seeing these types of suspicious emails

Tips for Creating a Strong Password

Passwords provide the first line of defense against unauthorized access to your computer. The stronger your password, the more protected your computer will be from hackers and malicious software. You should make sure you have strong passwords for all accounts on your computer.  If you're using a corporate network, your network administrator might require you to use a strong password.  For tips on how to create a strong password... http://windows.microsoft.com/en-US/windows-vista/Tips-for-creating-a-strong-password    

Scareware\scare-wear\, noun; application created by cybercriminals to look like antivirus software. Scareware attacks in three ways: 1) professional looking websites that seemingly sell antivirus software 2) pop ups to install software on infected sites 3) fake search results with videos that look like virus scans.  

Don’t

1.       Download unfamiliar software online

2.       Give your credit card information to unknown companies

3.       Shop for antivirus software online without first consulting a managed service provider

Do  

1.       Install a firewall

2.       Keep your security software up-to-date

And now you’re informed in100 words!

According to Microsoft, cybercriminals are now turning to phone calls as a new method of attack.  They call victims pretending to be computer security personnel from legitimate companies (including Microsoft), warn you of a security threat that could potentially be on your computer and then ask if you want a free security scan.  If you say yes, they direct you to a website that allows them to remotely access your PC.  Again, this is a scam!  If you receive a call of this nature do not give the caller any valuable information or access to your PC!

People who have previously fallen for this scam have either had their computer tainted and their valuable information stolen - usernames, passwords and/or financial information - or have given away their credit card details as they were under the impression that they were paying for a legitimate service.       

To comprehend the ubiquity of this new method of attack, Microsoft polled 7,000 PC users from North America and the U.K (the two locales currently exposed to the scam).  15 percent of those polled had received such a phone call and of that subset 22 percent fell for the scam.  79 percent of the time, the scam resulted in financial loss. Among those victims that incurred a monetary loss, 17 percent had money taken from their financial accounts, 19 percent had their passwords stolen, 17 percent were the victims of identity fraud and over 50 percent suffered from subsequent pricey computer problems. The amount of money stolen per victim spanned from $82 to $1,560 while the amount of money it took to fix each damaged PC ranged from $1,730 to $4,800.    

Although this phone scam has only been traced to the United States, Canada, England and Ireland, it was affecting Australians back in 2010 and has the likelihood of expanding its reach in 2011.

How do you protect yourself? Use common sense, and when in doubt follow this advice:

1.      Exercise caution and maintain suspicion when you receive an unsolicited calls for anything but especially for a security problem

2.      Never give any of your personal information – full name, date of birth, credit card number, social security number, bank account information – to an unsolicited caller

3.      Never go to a website or install software when an unsolicited caller tells you to

4.      If you happen to receive such a call, take down the caller’s information so as to pass it on to the police

5.      Keep all of your software updated, especially all security software

6.      Maximize password strength and mandate frequent changes

If you have any questions, concerns or problems regarding phone scams please contact Bryley today at 978.562.6077 or email Sales@Bryley.com.

Online security is not a new issue in 2011. Last year businesses witnessed an incredible rise in malware attacks and phishing scams. Although security firms work tirelessly to undermine online criminals, hackers too work around the clock to introduce novel and variant schemes that security tools are not yet equipped to prevent. And so as businesses benefit from the greatest antivirus products to date, they still face constantly updated methods of attack as well as new threats to their personal information.

That is why it is absolutely necessary to utilize common sense and constant vigilance when working online in 2011, but in order to do so you will need to be supplied with helpful information on what you should be looking out for. Below is a comprehensive list of the greatest online threats in 2011 coupled with advice on how to protect your crucial business data as we now realize that security products won’t always be enough.   

Threat # 1: Web apps

In 2010 businesses the world over turned to two new technological advances: smartphones and cloud computing. As mobile phones and cloud computing optimize employee productivity it is no surprise that these two business technologies are on the rise. It is also no surprise that as a result web applications are a new target for cybercriminals. According to a recent study conducted by the Pew Internet and American Life Project, 85% of US adults own a mobile device.  According to that same study on March 1, 2011 it was found that more than 50 apps on Google’s Android Market had been compromised by the Trojan virus DroidDream. When you run DroidDream believing it to be a web app for your smartphone, the Trojan automatically assumes total administrator access over your device and proceeds to download more malicious content as well as steal your personal information.   

How do you protect yourself? Proactively protecting yourself from malware-infected web apps isn’t exactly easy. Although Google caught onto DroidDream, wiped the malicious false apps from their Market, and remotely removed the apps from client devices, new ones will continue to crop up and will typically only spotted in hindsight.  If you wish to incorporate smartphones, cloud computing and web apps into your business plan, be sure to implement common sense protection procedures. Enforce password policies for maximum password protection, device locking, remote wiping, and hardware and data encryption.

Also, be sure to read reputable reviews on apps before purchasing them and only download apps that come from known and vouched for sources. You can even purchase antivirus web apps for your mobile device. Another security precaution would be to read an app’s permissions screen carefully before downloading which discuss the information the app will be allowed to access on your device and uncheck any undesirable permissions to information.      

Threat # 2: Social networking scams

Just as the use of web apps and related attacks are on the rise, social networking is also a growing trend among businesses. According to research conducted by BitDefender last November, 20% of all Facebook users are currently susceptible to malware attacks, the most common of which are phishing scams. A phishing scam is any attempt to fool a user into visiting a malicious site parading as a trusted social network site, typically Facebook. This sort of attack will more often than not come from a trusted Facebook Friend (a Friend who has already been compromised by the scam) in the form of a malicious link that can infect your PC and steal your personal data including your Facebook login information (thus increasing the reach of the scam as the hackers will now utilize your Friend list to further spread the malicious content). 

Another social networking scam is the use of false, malicious applications on sites such as Facebook. Just like the phishing scams, these apps will also steal your personal information from your social networking sites. While it does not seem like these sites contain critical personal information such as social security or bank account numbers, they do often contain your date of birth, location of birth, cellular phone number and email address – all of which can be gathered to build a profile that could result in identity theft.   

How do you protect yourself? First, know what suspicious behavior to look out for. Hazardous apps, for example, typically wish to post on our wall and access your Friend lists. You should ask yourself why an app would desire these permissions. Usually it is for malicious purposes. If you have already downloaded a hazardous app do not worry: very often saving your information is as simple as revoking the app in your security permissions and changing your account password. Also be wary of any invitations to view photos or videos on social networking sites. If that sort of activity does not seem to fit the sender’s online behavioral patterns you should probably not click on the link.

Also, be cautious of any link a site is trying to prompt you to follow to information concerning other social network scams - such as recent Twitter scams that you have never heard of prior to the link invitation. Hackers are beginning to use scare tactics to get you to click on links to purported security information or program downloads that are in fact malware. This leads us into Threat # 3.      

Threat # 3: False antivirus downloads

According to a report conducted in 2010 by Sophos, there have been over 850,000 instances of antivirus scams in the past year. This sort of attack is also known as scareware, as the malware utilizes relevant scare tactics concerning the recent distress over the prevalence of malware and convinces victims to download free antivirus software.  Sometimes the scam stops there, with the victim downloading malware onto their personal computer.  Other times the scam continues with the malware claiming that your computer is threatened by a virus and in order to save your device you must download a full version of the program, thus giving away your credit card information and identity to a cyber criminal.  

How do you protect yourself? You must utilize a current and reputable antivirus program such as those offered by McAfee to protect yourself from fake antivirus downloads. And be sure to never download an antivirus program online from a pop-up window or from a third-party site!

Threat # 4: PDF email attachments

Malicious email attachments are the oldest of online attacks and they are still prevalent in 2011, with PDF documents generating the greatest amount of occurrences, according to a 2010 report from Symantec. This is due to the fact that PDFs are the easiest way in which a hacker can create seemingly legitimate, concealed malicious content. According to MessageLabs, 65% of all email-based malware attacks utilized PDF attachments and the projection for 2011 is that this number will climb to 76%.

How do you protect yourself?  Obviously you want to incorporate an antivirus and spam filtering device into your security plan. Also, use common sense. Never open email attachments that you were not expecting or that you do not know the author of and keep your PDF reader up-to-date (Adobe for example regularly releases security updates). Also note that the new Adobe Reader X has an updated security architecture that will better protect you from PDF attachment attacks.

Threat # 5: War games 

According to Perimeter E-Security, war games are on the rise in 2011: everything from state-sponsored malware attacks, industrial espionage, and hactivism.

How do you protect yourself? Monitor your network traffic for suspicious activity and regularly review employee data access policies; these security measures will help you to protect yourself from both external as well as internal security threats.   

Want to learn more?

If you would like to learn more about the recent trajectory of cybercrime, vouched for security products, and common- sense tips on how to protect your personal data in 2011, contact Bryley Systems today for a free business-technology consultation.  Call 978.562.6077 or email GLivingstone@Bryley.com to learn more.

References

PC World: www.pcworld.com

October is National Cybersecurity Awareness Month and to help you celebrate we have compiled a list of best practices for password strength optimization. Passwords are the primary tool for online authentication and as such they are targeted information for cybercriminals looking to gain access to your workstation and/or personal records. Proactive measures are vital to prevent online identity theft, network infiltration, system crashes and the spread of botnets.  By following the 7 best practices described below you will fortify yourself against such malicious cyber threats.

1.    Create a “strong” password

A strong password is one that cannot be easily identified by a cybercriminal. When creating your next password, be aware of the DOS and DO NOTS of password strength.

a)    DO NOT draw from the obvious

When selecting a password do not draw from obvious sources – your name, your child’s name, not even something as seemingly ambiguous as your favorite flavor of ice cream or a random word. With the advent of social media sites, today’s cybercriminal can easily aggregate personal information and crack obvious passwords. Even if you feel that your password is obscure and/or unconnected to yourself, if it is simply a word or phrase, dictionary attacks – programs that plug in every word from a database - can still compromise you.

b)    DO use a mixture of letters, numbers, and special characters

Make your password complex and you will make it secure. Random placements of letters, numbers, and symbols will make it very difficult for cybercriminals to hack into your accounts. If you are afraid of forgetting such a complex password, try thinking of a phrase and use the first letter of every word - adding in numbers and symbols for extra security.

c)    DO NOT use the same password

Using the same password for every login is a recipe for disaster. A cybercriminal now only needs to crack one password for unlimited access to all of your online accounts.

d)    DO use longer passwords

When it comes to password security, always remember: the longer the better. According to online security experts, a password 15 characters in length could take up to two trillion years to crack. However, length isn’t everything. You must be sure to still utilize a mixture of letters, numbers and special characters and not cut corners and use a long word or phrase; otherwise, the precaution will not be effective.

By creating long, complex and unique passwords for every one of your authentication accounts you will guarantee password strength.

2.    Change your password regularly

It is very important to create strong passwords, but even strong passwords can be discovered by expert cybercriminals – especially if they are given ample time for discovery. That is why it is essential for you to get into the practice of routine and mandatory password changes. A perfect time to schedule updates is with the change of seasons as they divide the business year into obvious and unforgettable quarters. And as it is now just fall it is the perfect time to begin this excellent practice. You can start by announcing a mandatory password change in the next few weeks and update your business calendar for three more alterations for the winter, spring, and summer.

3.    Keep written reminders secure     

Long, complex, constantly changed passwords are hard to remember. You may need to write them down as a practical safeguard. Just be sure to avoid the bad habit of keeping these reminders close to your computer – or even worse taped to your screen. If you need written reminders, keep them in a secure area away from your workspace such as at home or in the glove compartment of your car.

4.    Keep reset information up-to-date

There will be moments when you simply cannot remember a password and will need to request a reset. As a precaution you should always be certain that your online accounts have your relevant email address on file so that when reset information is sent, it is sent to you and not to an abandoned account that has the potential to be exploited. It would be best to get into the practice of checking reset information on the scheduled dates for password changes.

5.    Review your organization’s password policy  

Take the time during your quarterly password changes and reset information checks to review and/or update your organization’s password policy – the rules and procedures employees are required to adhere to in order to ensure password and network security. If your organization does not already have such a policy, be sure to create one this fall and distribute it to all employees that utilize workstations.

6.    Expunge temporary usernames and passwords

If you recently employed any temporary staff or summer help be sure that their usernames and passwords no longer access your system.   

7.    Invest in antimalware software

Complexity and frequent changes will prevent cybercriminals from discovering your passwords, but malware has the capacity to bypass authentications and infiltrate your system. And with a reported 1.3 million websites infected in Q2 2010, we strongly advise that you implement antimalware into your security plan.

Be sure to implement these password practices at your organization so as to optimize your cyber and system security.  

If you would like any additional information on antimalware software please contact Bryley today at 888.280.5799 or email Sales@Bryley.com.