The Lowdown on Laptops

This is a great article, published by the Federal Trade Commission. Laptops have become a must-have for the road warrior, and so many times we've heard horror stories about these portable PCs being left in taxis, lost in airports, or stolen at conferences. Ms. Fair in her article lays out a few basic guidelines for securing your laptop information:

The Lowdown on Laptops: Data Security for the Road Warrior

by Lesley Fair

Scan the lobby at any office building and you’ll see them: Busy executives scrolling through messages on their PDAs, flipping through stacks of client files, and carrying on animated conversations with colleagues via cell phone. No one appreciates the convenience of today’s virtual office more than the globetrotting Road Warrior. But are you maintaining the same high standards for data security when you’re on the go? Here are some tips for reducing the risk of a glitch when you’re away from the office:

Protect your passwords.

Many companies have special passwords and access numbers for employees to use when they’re off-site. Avoid the temptation to jot them down on a scrap of paper you keep with your laptop. Don’t use shortcut keys to program passwords, access codes, or credit card numbers.

Lock it and stock it.

Before leaving on business travel, check your briefcase, PDA, and laptop for data that shouldn’t go on the road with you. Sensitive information is best left locked in a file cabinet or burned to a CD or flash drive stored securely in your office.

Keep things in sight pre-flight.

According to a company that insures personal computers, 10% of laptop thefts occur in airports. Keep your eye on your electronic devices when going through airport screening. Don’t put your cell phone, PDA, or computer on the conveyor belt until the person directly ahead of you has made it through the metal detector.

Too close for comfort.

A survey of business travelers found that a third of them ‘fessed up to sneaking a peek at an airplane seatmate’s computer screen. Defer work on confidential client files until you’re away from prying eyes. Or consider buying a filter for your laptop screen.

Mum’s the word.

Ever taken a look at the documents some travelers leave on the computer at the hotel business center? And just think of the sensitive information blurted out during loud cell phone conversations. Remind your employees to keep their guard up in public. You never know who might be listening.

Tutor the telecommuter.

Information on home computers can be just as vulnerable to compromise. Require up-to-date firewall, anti-virus, and anti-spyware protection and the latest security patches on home computers used even occasionally for business. Establish company policies about off-site access to sensitive data.

Wipe the slate clean.

Business travelers often are the first in line for the latest electronic device, but need to take care before disposing of the old one. When getting rid of computers, cell phones, or PDAs, deleting files using keyboard commands may not be sufficient because data can remain on a device’s memory. Check with your IT staff to see if there is a “wipe” utility program that can overwrite the memory so data is no longer recoverable.

Lesley Fair is an attorney in the FTC’s Bureau of Consumer Protection who specializes in business compliance.

Six Risks of Employee Internet Use

If you own a business today, there is absolutely no way that you can underestimate the potential damage that employee internet usage can bring to your company. The internet, while being a great fount of knowledge and learning, is also a haven for inappropriate behavior and system attacks. Furthermore, it also poses a liability for any company that does not manage internet use by employees. Here are six basic types of internet-based threats and the risks associated with each:

1. Inappropriate Surfing: While there is much subjectivity inherent in determining what is or isn't offensive, many companies are restricting internet usage to "business purpose" only, simply to limit the liability of the company. Many companies publish "Authorized Usage Policies" in order to formally document accepted usage, however, many companies struggle with policy enforcement. Furthermore, with the huge onset of file-sharing and Peer-to-Peer websites, companies have also been faced with the issue of copyrighted content being downloaded to the business network.

2. Spyware: Spyware, by definition, is a very specific subset of Malicious Software that is coded to monitor and report on activity on an infected system. Spyware comes in a variety of forms. One type, known as "Key Loggers", are used to steal personal or proprietary information by monitoring user key strokes and uploading, via a background process, such items as passwords and/or credit card numbers. Other types, such as Adware, are used to monitor surfing habits in order to better market other similar websites via "pop-up" advertisements. These infections may not necessarily compromise data, but can slow down a network tremendously and reduce worker productivity.

3. Instant Messaging: Also known as "IM" or "IRC", this potentially useful tool is quite detrimental when used for personal reasons. Employees with unsupervised instant-messaging tools can spend large amounts of times conversing with friends and family during business hours, taking away their ability to be productive. Additionally, the protocols that server Internet-based IM can be a vector for attacks known as "Zombie Attacks". Zombie Attacks infect multiple computers using the IM service, causing them to send Denial of Service attacks to a specific site. If a business is identified to be the source of one of the Zombie Attacks, you can be liable for the loss of service for the site being attacked.

4. Phishing: A relatively new problem, phishing attacks are designed to drive unsuspecting email users to fake websites for the purpose of retrieving personal information. Mimicking such websites as Amazon and Ebay, these attacks convincingly request personal information from users, including user names, passwords, and credit card information.

5. Malware: Short for Malicious Software, this describes any piece of software designed to damage a computer system, delete data, or interrupt the normal processing of an internal computer. There are many classifications, including viruses, worms, and trojans. All of these can be inadvertently downloaded onto a computer by clicking on a link on a website. Malware can also be automatically installed should sufficient security measures be not in place. Once infected, many of these softwares are designed to replicate, meaning they are extremely difficult to get rid of.

6. Peer to Peer Applications: Once again referring to copyrighted data, peer-to-peer sites such as Kazaa or Limewire promote illegal distribution of music or video via a series of meshed networks. This causes significant liability problems for both the company and the individual responsible for the downloads. Furthermore, many P2P applications are configured to share a computer's hard drive, leaving sensitive information open to download by other users of the same P2P network.

Jackson Thornton Technologies has worked with several businesses to establish Authorized Usage Policies while also helping to configure solutions that help monitor and enforce internet usage.

Did You Know #2?

Did you know that Orange County Choppers is a Microsoft Dynamics GP user? Watch the great video below to see how OCC is taking advantage of the complete Microsoft stack, including Microsoft Small Business Server 2003 and Microsoft SQL Server 2005: