Tag Archives: Ben Rothke

About 1999 days ago Data Security

The Right Way to Respond to a Data Breach

our beautiful site

Gregory S. Nelson, a volunteer SCORE counselor in Naples, Fla. who advises small businesses on technology issues, had his own technology issue in recent months with an online purchase after buying some additional memory for his computer. After making the purchase, he was notified by the online retailer it had been hacked exposing his purchasing information. “They did all the right things. They sent me a letter telling me when it had occurred. They hired a credit watch company to watch over my account for a year and even sent me monthly updates to let me know if there had been any suspicious activity,” Nelson says. “You know, you get annoyed when something like this happens. But at the end of the day, they did everything possible to correct it. Would I buy from them again? Yes, I would.” What’s the moral to the story? Experiencing a data breach isn’t the kiss of death for a business. It’s the immediate response in the aftermath that will make or break the company. Develop an incident response plan “Stop it, contain it, and control it,” says Ben Rothke, a senior security consultant from the security firm BT INS, outlining the first critical steps. Rothke offers the following advice to patch up the leak and patch up any problems that may come as a result of the leak with customers or employees. Data leaks happen to all types of organization. No size business – large or small — is immune. A business owner can’t assume it’ll never happen to his or her company. Think “when”, not “if,” and draw up an incident response plan before your business suffers a leak. If it’s already too late, here are some steps to follow in the event of a data breach: Find a data breach specialist: Is there anyone on your IT staff that can handle a data breach? If not, have a security specialist handy in the company rolodex. It may be that more than one consultant is needed: someone to pinpoint the leak and plug it and someone else to assess the damage done and implement fast changes to prevent it from happening again. “Surprisingly, a lot of companies don’t take any action to prevent another breach. It’s like they believe it happened once, it can’t possibly happen again,” says Nelson. Assess the damage: First assess what data was compromised and how bad is the damage. “Disclosure can actually be counter-productive, if no one is really compromised. Not all breaches are created equal,” says Rothke. If the breach was potentially harmful exposing customers, for example, then take a page from Nelson’s experience with his online retailer. Send out a letter of explanation. Invest in ways to undo or prevent any further damage. Make the information public and easy to access like on the company website. Come clean:Remember Nelson’s experience with the memory seller? It was the full and immediate disclosure that turned a bad situation into an opportunity to build a more loyal and trusting customer for future purchases. Take corrective steps: Affected parties and the public need immediate reassurance the business is making this a top priority and taking steps to prevent it from ever happening again. It is unlikely you’ll be forgiven a second time, if your clients get compromised again. Try to limit the fall out:Call in the experts to contain and monitor the damage. Update security policies more frequently; at least once, if not twice a year. Customize those policies, along with the response plan, to target and best protect the most sensitive data. Conclusions A data breach is more than an IT problem. It’s a company wide crisis and needs to be handled that way. Whether they come from in-house or out-of-house, the IT professionals need to be supported in what they do and directed that fixing it is top priority. Since it is also a communications crisis, it needs to be handled like any other crisis management issue, involving public relations specialists and possibly media spokespeople. Finance and accounting need to assess the monetary damage, as well. Most importantly, those affected need to see leadership at the top step up and offer honest, public transparency about what’s being done. SIDEBAR: Other tips to get any business through a data leak Call the cops! “Get the ball rolling and file a police report, maybe even contact the FBI,” says Nelson. Nelson contends that’s the first important step in establishing that the company is taking full responsibility for the problem with immediate action. Lock down data where possible. Rothke recommends archiving data that is rarely accessed into a safer place. “Data is increasingly portable. Establish some security controls to make it more difficult to move it around. Not every employee needs to have their USB ports enabled. Have them sign non-disclosure agreements and get trained in what kinds of data are especially sensitive,” says Rothke. An IT department can do a lot to secure data, but it won’t help if an employee reveals too much by phone or email. Limit access to the system. For some employees, it’s best to limit the size of their e-mails. A 20 megabyte e-mail is quite large and filled with proprietary information can do a lot of damage getting out to the wrong person. Shut down the system at odd hours like the middle of the night or on the weekends for non-essential employees. Limit the size of outgoing e-mails, depending on the user’s needs. While a graphics designer may need 20 megabytes to use on a single e-mail, chances are most employees who just shuffle around text documents all day don’t need more than five megabytes for e-mail.

About 2333 days ago Data Security

Which Anti-Virus Software Should You Use?

Out of all the security programs installed on the company network or end user’s desktop, it’s probably the anti-virus software that’s doing the most to earn its keep. The joint Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey found that overwhelmingly viral attacks remain the greatest source of financial losses and damages to businesses than any other breach in computer security. Losses from all computer security incidents among the survey’s 313 respondents totaled more than $52 million for 2006, down by more than 50 percent compared to 2005, according to the survey. Ninety-seven percent of the companies that responded reported using anti-virus software. Don’t log on without it Some companies tend to get lax about anti-virus software once they’ve installed a good firewall at the network gateway. “No firewall out there is a silver bullet,” says Joern Wettern, co-author of Firewalls for Dummies. “Make sure you have anti-virus software installed on all PCs and check them regularly for updates.” For that reason, easy-to-schedule scans and automatic updating is probably the first feature a business owner would want to look for in an anti-virus program. When it comes to other features, Arabella Hallawell, vice president at Forrester Research, of Cambridge, Mass., who specializes in the security software market, advises clients to be choosier. “The rule of thumb is you should only pay for what you’re going to need within the next 12 months,” she says. “And don’t forget to do a competitive negotiation, regardless of how small your organization is.” Round-up of anti-virus software With that in mind, here is a round-up of just some of the offerings in anti-virus software, ranging from market leaders, Symantec and McAfee, to some of the smaller, more entrepreneurial companies, such as Alwil and Kaspersky. Norton’s AntiVirus Cost: $40 to buy. $30 annual fee. Features: Produced by Internet security giant Symantec, a better question might be: What doesn’t it feature? Norton’s standard version includes a firewall, scheduled scans, scans for instant messaging, as well as bundled spyware, adware and rootkit detection. All those bells and whistles may take a toll on speed however. It’s the one area that got a low rating from Consumer. The professionals don’t seem to disagree. John DeLozier, a network security expert and founding partner of Nply Security, a network security consulting group in Dallas, concedes it’s often the preferred choice of his clients. “But, I find (Norton) too big, too bloated and too intrusive with all the chatty pop-up windows,” says DeLozier. McAfee’s ViruScan Cost: $40 to buy. $40 annual fee. Features: McAfee’s anti-virus software is bundled in with anti-spyware software and a firewall. It features automatic updates and instant message scanning. Other versions include protection for laptops, e-mail servers and file servers. Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at industry conferences on network security, says, “I like McAfee. It’s mature. It’s automatic… with any brand, by the time it gets to version 3.0, the differences are going to be minimal at that point.” BitDefender Standard Cost: $30 to download. $20 annual fee. Features: BitDefender is worthy of mention, if for no other reason the critics seem to love it the most. It was recently ranked number one in its class by both PC World and Consumer Reports, who gave BitDefender especially high marks in detection and ease of use. The standard edition features both scheduled scans and scanning for instant messages. It does not include a firewall. Kapersky Labs AntiVirus Cost: $50 to buy. $35 annual fee. Kaspersky, a Russian software company best known in the small business and consumer market, is a little pricier. Wettern says it’s well worth it. “I find it updates very frequently, has great detection rates and is the fastest to react to new threats,” says Wettern. Kaspersky offers standard features like scheduled scans and spyware/adware protection. Additional features, not as easy to find, include laptop power saving, suspended scans during heavy usage and proactive rootkit removal for malware. Alwil’s Avast! Cost: Non-commercial use, free to download. Professional Edition is $40 a year. Features: You can’t beat the starting price. Avast also comes with a high rating from Consumer Reports and features IM scanning and a firewall. One of the unique features includes what Alwil calls a “virus chest.” It’s a folder on the disk drive that is impenetrable to any kind of virus attack, a sort of virtual lock box where sensitive files can be stored and isolated away from the rest of the operating system. Avast may also be a good solution for a small organization that does business worldwide. The software is offered in no less than 20 languages, including Japanese and Russian.

About 2333 days ago Antivirus Software

Which Anti-Virus Software Should You Use?

Out of all the security programs installed on the company network or end user’s desktop, it’s probably the anti-virus software that’s doing the most to earn its keep. The joint Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey found that overwhelmingly viral attacks remain the greatest source of financial losses and damages to businesses than any other breach in computer security. Losses from all computer security incidents among the survey’s 313 respondents totaled more than $52 million for 2006, down by more than 50 percent compared to 2005, according to the survey. Ninety-seven percent of the companies that responded reported using anti-virus software. Don’t log on without it Some companies tend to get lax about anti-virus software once they’ve installed a good firewall at the network gateway. “No firewall out there is a silver bullet,” says Joern Wettern, co-author of Firewalls for Dummies. “Make sure you have anti-virus software installed on all PCs and check them regularly for updates.” For that reason, easy-to-schedule scans and automatic updating is probably the first feature a business owner would want to look for in an anti-virus program. When it comes to other features, Arabella Hallawell, vice president at Forrester Research, of Cambridge, Mass., who specializes in the security software market, advises clients to be choosier. “The rule of thumb is you should only pay for what you’re going to need within the next 12 months,” she says. “And don’t forget to do a competitive negotiation, regardless of how small your organization is.” Round-up of anti-virus software With that in mind, here is a round-up of just some of the offerings in anti-virus software, ranging from market leaders, Symantec and McAfee, to some of the smaller, more entrepreneurial companies, such as Alwil and Kaspersky. Norton’s AntiVirus Cost: $40 to buy. $30 annual fee. Features: Produced by Internet security giant Symantec, a better question might be: What doesn’t it feature? Norton’s standard version includes a firewall, scheduled scans, scans for instant messaging, as well as bundled spyware, adware and rootkit detection. All those bells and whistles may take a toll on speed however. It’s the one area that got a low rating from Consumer. The professionals don’t seem to disagree. John DeLozier, a network security expert and founding partner of Nply Security, a network security consulting group in Dallas, concedes it’s often the preferred choice of his clients. “But, I find (Norton) too big, too bloated and too intrusive with all the chatty pop-up windows,” says DeLozier. McAfee’s ViruScan Cost: $40 to buy. $40 annual fee. Features: McAfee’s anti-virus software is bundled in with anti-spyware software and a firewall. It features automatic updates and instant message scanning. Other versions include protection for laptops, e-mail servers and file servers. Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at industry conferences on network security, says, “I like McAfee. It’s mature. It’s automatic… with any brand, by the time it gets to version 3.0, the differences are going to be minimal at that point.” BitDefender Standard Cost: $30 to download. $20 annual fee. Features: BitDefender is worthy of mention, if for no other reason the critics seem to love it the most. It was recently ranked number one in its class by both PC World and Consumer Reports, who gave BitDefender especially high marks in detection and ease of use. The standard edition features both scheduled scans and scanning for instant messages. It does not include a firewall. Kapersky Labs AntiVirus Cost: $50 to buy. $35 annual fee. Kaspersky, a Russian software company best known in the small business and consumer market, is a little pricier. Wettern says it’s well worth it. “I find it updates very frequently, has great detection rates and is the fastest to react to new threats,” says Wettern. Kaspersky offers standard features like scheduled scans and spyware/adware protection. Additional features, not as easy to find, include laptop power saving, suspended scans during heavy usage and proactive rootkit removal for malware. Alwil’s Avast! Cost: Non-commercial use, free to download. Professional Edition is $40 a year. Features: You can’t beat the starting price. Avast also comes with a high rating from Consumer Reports and features IM scanning and a firewall. One of the unique features includes what Alwil calls a “virus chest.” It’s a folder on the disk drive that is impenetrable to any kind of virus attack, a sort of virtual lock box where sensitive files can be stored and isolated away from the rest of the operating system. Avast may also be a good solution for a small organization that does business worldwide. The software is offered in no less than 20 languages, including Japanese and Russian.

About 2364 days ago Computer Security

Do You Need Anti-Virus Software for Your Handhelds?

There was a time when the wireless world was a worry-less world in terms of network security and fear of viral attacks. However, it appears those days are coming to a close. Viral attacks on handheld devices, to be sure, are still a rarity. But most security experts agree it’s only a matter of time before there is a major outbreak, which raises the question: is anti-virus software for the handheld now a necessity? According to a recent survey by Bluefire Security Technologies, 70 percent of more than 1,800 entrepreneurs and business executives polled — all of them wireless device users — say fear of viral attacks against their handhelds is a top security concern. The fear factor “The world has changed,” says Mark Komisky, co-founder of Bluefire and author of the survey. “The wireless ecosystem has matured. Devices are now capable of e-mail and are supported by more robust operating systems. They now have the same functionality as a notebook computer, which means they have the same vulnerabilities. From the perspective of a virus, a wireless device is now just another IP address on the Internet.” Viruses and worms that can attack computers through Web browsing, e-mail, or attachments, also run the risk of making your PDA or smartphone vulnerable. Up until June 2005, when the Cabir worm first appeared, targeting Symbian Series 60 phones, there was little real threat to handhelds. Since that time, there have been more than 100 mobile viruses detected and new strains are appearing every week and some have spread over Bluetooth and other wireless connections, according to F-Secure, an anti-virus maker based in Helsinki. “It’s just a matter of time until viruses are just as pervasive on handhelds because so much of computing is moving to mobile computing,” says Ben Rothke, author of Computer Security — 20 Things Every Employer Should Know. And it’s not just the handheld device itself that’s at risk. Komisky points out other key areas in which handhelds with wireless connectivity can pose risks to your business: Connecting through a public Web connection. Remote access can provide a hole in the network, especially if users are connecting to their e-mail, for example, through a public wireless Web connection at an airport or coffee shop hotspot. The desktop back at the office. Take an infected handheld and sync it up on the PC at work. Now, the PC is infected too. Such malware can also spread rapidly within your firm to other computers. The VPN connection to the network. Without a virtual private network (VPN) quarantine feature on the company firewall, there’s a risk of spreading an outbreak remotely just like any other infected laptop. The downside of handheld anti-virus protection So when in doubt, why not just get the anti-virus software as a precaution to protect your handheld and your business? There are some other considerations that businesses need to factor into the discussion, security experts say. “Don’t get me wrong, I would never tell my clients not to get anti-virus protection for their handhelds, if they wanted it,” says John DeLozier, of Nply Security, a Dallas-based network security consulting group. “But, I would advise them that there’s a much bigger risk of being compromised by loss or theft than from an attack.” DeLozier goes on to point out a couple of other reasons why a business owner might think twice about getting anti-virus software for PDAs and smartphones. Aside from the obvious cost of the software itself, there’s the greater cost of installing and maintaining it. Smaller companies, especially, tend to give their employees the freedom to pick out their own handheld devices and just expense them back to the company. It’s highly unlikely one brand of software will accommodate different handheld models. Managing compatibility can quickly become a major headache for a minimally staffed IT department. Meanwhile, it’s not just business consumers debating whether the time has come for anti-virus software to come standard on wireless devices. It remains to be seen whether manufacturers or wireless carriers will make it standard issue. According to the Bluefire survey, 86 percent of those polled say security software should be required in all handhelds. Three out of five say they feel confident their companies would be willing to pay more to have it. With that kind of demand, regardless of need, it’s a safe bet both manufacturers and carriers will figure it out soon enough and one way or the other wireless devices and security software will go hand-in-hand.

About 2364 days ago Computer Security

Security Starters: Critical Patches for Your PCs

The security software’s been installed. It includes anti-virus protection, a spam blocker, a firewall, a pop-up blocker and a spyware filter. Feel safe, yet? The good news: once all that’s done, the system is safe — at least for the moment. The bad news: a moment is about as long is it lasts. Malware programmers (whom most people call “hackers”) are constantly finding vulnerabilities in all brands of security software and writing code to exploit them. Security software vendors, at the same time, are constantly writing additional code for their programs to shore up those vulnerabilities from new threats. Those pieces of new code are called “patches” and without them your software is essentially worthless. Install all patches and updates It sounds so simple, but staying on top of those patches or updates is where the wheels fall off for most small and mid-size businesses that can’t afford a separate staff or department for information technology. No one can really blame the software vendors on this one, either. “Where there are updates available make sure you install them,” says Joern Wettern, co-author of Firewalls for Dummies. “Check all your computers at least once month to make sure no one’s turned off the automatic update feature.” Most security programs now include an automatic update feature that will have your computer download new updates directly from the vendor’s website on a regular schedule. The most it might require of the end user is the occasional request to reboot or a pop-up screen asking for a “click yes” to accept updates. For many end users, even that’s too much. “People get annoyed with those pop-up screens and just turn off the automatic feature. All it takes is one machine to not be updated and your whole network is vulnerable,” says security expert and partner John DeLozier, from Nply Security, a Dallas-based network security consulting group. DeLozier recommends utilizing what network security professionals euphemistically call the good old-fashioned “sneaker net.” What that amounts to is periodically have someone physically walk around to every single computer within the business to make sure the automatic update feature is toggled to the “on” position and is doing its job. Assign responsibility for patches DeLozier suggests that businesses follow this two-step strategy to keep the company’s systems safe. Have a maintenance plan. If you don’t have at least a part-time IT staffer to be responsible for patches and updates, then appoint someone else within the organization to be that person. Whether it’s once a month or once a quarter, have a set schedule to check all the computers and make sure patches are being downloaded on a regular basis. Make sure the plan gets executed properly. Once you make the commitment to a set a maintenance schedule, stick to it. Don’t let patches and updates fall off the priority list. Use reminders on project calendars and keep a written track record of dates and computers that have been checked. Don’t let a viral attack be your reminder that it’s time to update your software. Software solutions If the budget allows, there are a number of commercial software applications available that help organize and streamline the management of updates. Some of the popular software manufacturers who make products in this field include: Kaseya, GSI Languard, Numara, and Microsoft, the latter of which makes a Baseline Security Analyzer. Before committing to any software solution to patch your systems, just remember this: it’s one more piece of software someone has to be familiar enough with to properly utilize. The bottom line for small and mid-size businesses in need of developing a solution to patch their PCs is that they need to follow through. “Good security can be done on a budget,” says Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at conferences on security topics, “but you do have to manage it.”

About 2364 days ago Antivirus Software

Do You Need Anti-Virus Software for Your Handhelds?

There was a time when the wireless world was a worry-less world in terms of network security and fear of viral attacks. However, it appears those days are coming to a close. Viral attacks on handheld devices, to be sure, are still a rarity. But most security experts agree it’s only a matter of time before there is a major outbreak, which raises the question: is anti-virus software for the handheld now a necessity? According to a recent survey by Bluefire Security Technologies, 70 percent of more than 1,800 entrepreneurs and business executives polled — all of them wireless device users — say fear of viral attacks against their handhelds is a top security concern. The fear factor “The world has changed,” says Mark Komisky, co-founder of Bluefire and author of the survey. “The wireless ecosystem has matured. Devices are now capable of e-mail and are supported by more robust operating systems. They now have the same functionality as a notebook computer, which means they have the same vulnerabilities. From the perspective of a virus, a wireless device is now just another IP address on the Internet.” Viruses and worms that can attack computers through Web browsing, e-mail, or attachments, also run the risk of making your PDA or smartphone vulnerable. Up until June 2005, when the Cabir worm first appeared, targeting Symbian Series 60 phones, there was little real threat to handhelds. Since that time, there have been more than 100 mobile viruses detected and new strains are appearing every week and some have spread over Bluetooth and other wireless connections, according to F-Secure, an anti-virus maker based in Helsinki. “It’s just a matter of time until viruses are just as pervasive on handhelds because so much of computing is moving to mobile computing,” says Ben Rothke, author of Computer Security — 20 Things Every Employer Should Know. And it’s not just the handheld device itself that’s at risk. Komisky points out other key areas in which handhelds with wireless connectivity can pose risks to your business: Connecting through a public Web connection. Remote access can provide a hole in the network, especially if users are connecting to their e-mail, for example, through a public wireless Web connection at an airport or coffee shop hotspot. The desktop back at the office. Take an infected handheld and sync it up on the PC at work. Now, the PC is infected too. Such malware can also spread rapidly within your firm to other computers. The VPN connection to the network. Without a virtual private network (VPN) quarantine feature on the company firewall, there’s a risk of spreading an outbreak remotely just like any other infected laptop. The downside of handheld anti-virus protection So when in doubt, why not just get the anti-virus software as a precaution to protect your handheld and your business? There are some other considerations that businesses need to factor into the discussion, security experts say. “Don’t get me wrong, I would never tell my clients not to get anti-virus protection for their handhelds, if they wanted it,” says John DeLozier, of Nply Security, a Dallas-based network security consulting group. “But, I would advise them that there’s a much bigger risk of being compromised by loss or theft than from an attack.” DeLozier goes on to point out a couple of other reasons why a business owner might think twice about getting anti-virus software for PDAs and smartphones. Aside from the obvious cost of the software itself, there’s the greater cost of installing and maintaining it. Smaller companies, especially, tend to give their employees the freedom to pick out their own handheld devices and just expense them back to the company. It’s highly unlikely one brand of software will accommodate different handheld models. Managing compatibility can quickly become a major headache for a minimally staffed IT department. Meanwhile, it’s not just business consumers debating whether the time has come for anti-virus software to come standard on wireless devices. It remains to be seen whether manufacturers or wireless carriers will make it standard issue. According to the Bluefire survey, 86 percent of those polled say security software should be required in all handhelds. Three out of five say they feel confident their companies would be willing to pay more to have it. With that kind of demand, regardless of need, it’s a safe bet both manufacturers and carriers will figure it out soon enough and one way or the other wireless devices and security software will go hand-in-hand.

About 2394 days ago Computer Security

When a Virus Strikes

A recent survey by the Computer Security Institute and the San Francisco FBI’s Computer Intrusion Squad revealed two very interesting trends when put side by side. Number one, virus attacks are the leading cause of financial losses among cyber crimes committed against U.S. companies. Number two, 98 percent of the companies and organizations polled for the survey say they use firewalls. Ninety-seven percent use antivirus software. Virus attacks happen There’s plenty of preventative advice available to protect business owners from a virus attack and even more security products to purchase. But small businesses, in particular, would be wise to also have a crisis plan in place for what some would argue is inevitable. “Small businesses are more vulnerable to attack,” says Ben Rothke, director of security technology implementation at AXA Financial, a New York-based financial services firm, and the author of Computer Security — 20 Things Every Employee Should Know. Small and mid-size businesses “typically don’t have an IT department monitoring their network 24/7.” Signs of a possible virus attack So what can a company without an IT department do to prepare for the worst? For starters, know enough about viruses to know when the system’s been hit. Computers start crashing all around the office at the same time. One or more computers get flooded with pop-up ads. One or more computers get multiple warning screens from your security software. One or more computers get flooded with strange e-mails that seem to be replicating faster than they can be deleted. The company network slows down to near-standstill. Users are denied access when trying to log in. Respond immediately Once it’s been determined the network’s been attacked, you need to react. “Simply put, responding to a virus is like fighting a fire,” says Devin Jopp, chief technology officer for SCORE, a counseling service for small business owners. Here are some tips for hot to respond to a virus attack. Isolate Shut down all the infected computers and programs that appear to be infected to staunch the spread elsewhere within the network. As an added precaution, Joern Wettern, co-author of Firewalls for Dummies, says “disconnect any part of the system that is critical to your business… it helps to have those areas flagged in advance.” Treat Run your antivirus software. Jopp points out that 90 percent of all viruses can be identified and cleaned up by most antivirus programs. Diagnose In addition to identifying the virus, assess what parts of the network have been hit, the damage inflicted and what it will take to fix it. For more complicated attacks, have a local IT consultant with expertise in cleaning up viruses that can be called in on short notice. “A virus attack on a small business is too critical to let the fix-it guy in the office handle on his own” says Rothke. Learn See this as an opportunity to improve security for the next time. Chances are there’s room for improvement by way of updating software more frequently or training employees to avoid high risk web sites or dubious e-mail, for example. Don’t forget the customers Michael Shaw, California’s assistant state director for the National Federation of Independent Business (NFIB) advocates full disclosure to customers in the event of a virus attack. Employers need to have a plan in place to notify customers in case there is an attack that compromises customer information,” he says. In a growing number of states, companies are required by law to report data breaches to customers. Either way, a business owner may be wise to remember that a lost reputation is much harder to replace than lost data.

About 2394 days ago Computer Security

What Kind of Firewall Should You Use?

The average computer system left unprotected on the Internet will come under attack within 20 minutes after going online, according to the SANS Institute, a computer security watchdog. With that in mind, getting a firewall may seem like an easy decision. But, choosing a firewall and figuring out what exactly needs to be protected may be a little more complicated. Firewalls 101 A firewall provides a virtual barrier between an outside network (typically the Internet) and a private network or personal computer. It can be used to block viruses, worms, pop-up ads and spam, filter out contact with undesirable websites and protect sensitive files. There are two kinds of firewalls: hardware and software. Hardware firewalls (sometimes called embedded firewalls, as they are embedded into a router or switch) come housed in appliance form. It’s a device that is typically wired between the network and the gateway to the Internet. Software firewalls are loaded applications used to filter out unwanted traffic coming and going. And like anything else, either kind can cost a lot or a little ranging in price from less than a $100 to more than one hundred thousand dollars. A good mid-level firewall will range in price from about $500 to $1500 and accommodate up to 100 users. How to choose a firewall So which type of firewall is better for your business? “I don’t recommend a specific solution until I know what a company needs,” says Joern Wettern, co-author of Firewalls For Dummies. Wettern recommends that before picking out a firewall, a small or mid-size business owner would be wise to inventory what exactly is being protected and what kind of traffic is and isn’t to be allowed. Here are some criteria Wettern says to consider: Is the company network accessing the Internet strictly for surfing only? That being the case, a simple off-the-shelf consumer level software firewall may be all that is needed.  Is there a corporate website or an e-commerce component to the business? That’s a whole new level of liability, safeguarding customer credit card information for example, and it is far more complicated to protect. Most companies would choose both a hardware router-based firewall, with the added protection of an application-based firewall that does a better job of filtering out viral attacks. Does the business have employees that access the system remotely? For example, is there a sales force that is constantly “dialing in from the road?” Virtual private network (VPN) connections to the network present a great vulnerability and require more features in a firewall for full protection. A VPN quarantine feature that screens users for security risks for virus infections before allowing them to login remotely is available on most mid-level firewall products, like Checkpoint or Cisco PIX. Manage what you have One of the biggest problems that officials of small companies run into is believing that setting up a firewall is all they need to do to protect their business computers, network and data. Firewalls also need maintenance. “You don’t have to spend a lot, but you do have to take responsibility for it. You have to manage your firewall,” says Ben Rothke, director of security technology implementation at AXA Financial, a New York- based financial institution, and a frequent speaker at industry conferences on network security. Rothke says that for anything more complicated than basic Web surfing, invest the money in a specialized IT consultant to do the initial set-up. Make sure the firewall is configured properly from the beginning. At least monthly, he says, check for any new updates or patches and install them immediately. Test the system. There are many websites and programs that offer system checks that will point out the weak links in the network. Features and pricing are important, but it’s not what determines the quality of a good firewall. In the end, what may matter most is how well a firewall is maintained once it’s in place.

About 2394 days ago Antivirus Software

When a Virus Strikes

A recent survey by the Computer Security Institute and the San Francisco FBI’s Computer Intrusion Squad revealed two very interesting trends when put side by side. Number one, virus attacks are the leading cause of financial losses among cyber crimes committed against U.S. companies. Number two, 98 percent of the companies and organizations polled for the survey say they use firewalls. Ninety-seven percent use antivirus software. Virus attacks happen There’s plenty of preventative advice available to protect business owners from a virus attack and even more security products to purchase. But small businesses, in particular, would be wise to also have a crisis plan in place for what some would argue is inevitable. “Small businesses are more vulnerable to attack,” says Ben Rothke, director of security technology implementation at AXA Financial, a New York-based financial services firm, and the author of Computer Security — 20 Things Every Employee Should Know. Small and mid-size businesses “typically don’t have an IT department monitoring their network 24/7.” Signs of a possible virus attack So what can a company without an IT department do to prepare for the worst? For starters, know enough about viruses to know when the system’s been hit. Computers start crashing all around the office at the same time. One or more computers get flooded with pop-up ads. One or more computers get multiple warning screens from your security software. One or more computers get flooded with strange e-mails that seem to be replicating faster than they can be deleted. The company network slows down to near-standstill. Users are denied access when trying to log in. Respond immediately Once it’s been determined the network’s been attacked, you need to react. “Simply put, responding to a virus is like fighting a fire,” says Devin Jopp, chief technology officer for SCORE, a counseling service for small business owners. Here are some tips for hot to respond to a virus attack. Isolate Shut down all the infected computers and programs that appear to be infected to staunch the spread elsewhere within the network. As an added precaution, Joern Wettern, co-author of Firewalls for Dummies, says “disconnect any part of the system that is critical to your business… it helps to have those areas flagged in advance.” Treat Run your antivirus software. Jopp points out that 90 percent of all viruses can be identified and cleaned up by most antivirus programs. Diagnose In addition to identifying the virus, assess what parts of the network have been hit, the damage inflicted and what it will take to fix it. For more complicated attacks, have a local IT consultant with expertise in cleaning up viruses that can be called in on short notice. “A virus attack on a small business is too critical to let the fix-it guy in the office handle on his own” says Rothke. Learn See this as an opportunity to improve security for the next time. Chances are there’s room for improvement by way of updating software more frequently or training employees to avoid high risk web sites or dubious e-mail, for example. Don’t forget the customers Michael Shaw, California’s assistant state director for the National Federation of Independent Business (NFIB) advocates full disclosure to customers in the event of a virus attack. Employers need to have a plan in place to notify customers in case there is an attack that compromises customer information,” he says. In a growing number of states, companies are required by law to report data breaches to customers. Either way, a business owner may be wise to remember that a lost reputation is much harder to replace than lost data.