The DataGuard Data Protection Newsletter
June - October, 2006
To subscribe: Click Here
Newsletter archives: Click Here
Suggestions, comments: Click Here

Welcome!

If there are any topics you would like to see discussed in the future or if you have any comments, please contact me at JoeT@HighCaliber.com

Top

Bullet Points

  • Small Businesses Vulnerable to CyberCrime

    Symantec's semiannual Internet Security Threat Report found that small businesses have consistently been near the top of targeted groups for cyberattacks during the past year, and the nature of the attacks is changing. While past attacks were designed to destroy data, today's cyberattacks are all about stealing data.

    Small businesses are acutely aware of the threat but are ill-prepared to deal with it, according to data from the San Jose, Calif.-based Small Business Technology Institute. The organization's 2005 survey of more than 1,000 businesses with up to 100 employees found that while more than 70% consider information security a very high priority, only 30% increased spending on information security software during the past year. Less than half (41%) of those surveyed allocate a specific budget for security solutions. A significant percentage lack sufficient controls for even basic systems, such as e-mail (18% are unsecured). Wireless networks are especially vulnerable: 60% are not secured. A majority of small businesses (56%) experienced at least one security incident in the past year, citing computer viruses, spyware and other malware as the main cause.

    Click Here For Article

    Top

  • Securing Your SmartPhone/PDA

    Don’t overlook securing these small devices. Here are some key security measures you can take to protect them:

    Click Here For Article

    Top

  • Protecting Yourself From Spoofed Websites

    A spoofed website is one that appears to belong to a particular organization or individual but really belongs to someone else. Spoofed sites hide their true identities in several ways, including by disguising their URLs. There are ways that you can protect yourself from spoofed sites (and the malicious hyperlinks that may lead to them).

    Click Here For Article

    Top

  • Protecting Wireless Connections

    Here are some things employees working remotely should do to protect their wireless connections:

    Click Here For Article

    Top

  • SpyWare Epidemic

    With estimates that spyware has infiltrated as many as 87% of all PCs, the spyware problem is of epidemic proportion. For SMBs, where resources are tight, fighting the spyware problem can prove even more difficult. Contact us if you are interested in installing an enterprise-wide spyware solution.

    Top

The Problem With Portable Storage Devices

Small storage devices are small, inexpensive, easy to use -- and easy to lose. This poses a potentially serious security problem. A $30 USB Flash drive misplaced in a restaurant or airport may contain sensitive data that can leave a company vulnerable to a rival, or a lawsuit. In one much-publicized case, a former employee of a major financial institution unwittingly sold on eBay a wireless handheld device containing an ex-employer's customer list.

As mobile devices and cheap, removable storage media proliferate, security risks have grown exponentially. Take the iPod. Commercially available software now enables the little MPEG player to download a lot more than music files: e-mail, calendar contacts, favorite Web sites and data files for example. The practice has become widespread enough to gain an official nickname: slurping.

Conversely, portable storage devices become conduits for viruses and other malware. A visitor left alone in a conference room with an unguarded PC needs only a few moments to upload malware or a Trojan horse into the corporate network. An employee takes corporate files home, infects them with a virus on his or her home computer, then uploads them to an office PC.

In a 2004 report, "How to tackle the threat from portable storage devices," Gartner Inc. advised companies to consider prohibiting or at least restricting the use of small, portable storage devices -- from USB keychain devices to iPods -- by employees and outside contractors who have direct access to corporate networks. The report also advised companies to institute a "desktop lockdown policy" that permitted only authorized devices to be plugged in.

Banning portable storage devices is rarely a viable solution. These devices are one of the easiest ways to move data. Most of the ways people use them are valid, like taking information home to work, copying presentations off file servers, etc. GFI Software Ltd., SmartLine Inc. and DeviceWall have introduced software that enables administrators to centrally control what type of device and port can be utilized to read from, or write to, a particular PC. For example, an end user might be given read/write privileges for a notebook or personal digital assistant (PDA) that can be equipped with security software, but not to a keychain device. In addition, Microsoft's Windows XP Service Pack 2 provides a registry key that can be configured to make USB storage devices read-only.

Ramon, Calif.-based SmartLine's DeviceLock can grant read or read/write, but not write-only privileges. Both SmartLine and DeviceWall products allow administrators to grant users temporary access to USB devices, when their PCs are offline, by providing temporary access codes.

Well-defined corporate policies covering appropriate usage of these devices coupled with education/training may be the only way to control this burgeoning problem at this time.

Top

To subscribe to this newsletter: Click Here
DataGuard archives: Click Here
Related Services from High Caliber Solutions:
    Data Protection Services
    Disaster Planning
    Email Archiving