by Mark Stone

There I was, staring at a blank document, trying to come up with an idea of what topic to base my weekly article on this week. Several different topics were coming to mind, but nothing stood out. As my mind started to wander off, I looked at my Apple laptop and wondered what I would do if I ever lost it. I think I’d have a myocardial infarction! Then it hit me: I can’t believe I haven’t written about laptop theft yet.

The statistics on laptop theft are downright astounding. According to Safeware, North America’s largest computer insurance company, 600,000 laptop thefts occurred in 2004. This accounted for $720 million in hardware losses; much worse yet is the $5.4 billion in theft of proprietary information. According to the FBI, 97% of stolen laptops are never recovered, and the chances of a laptop being stolen are one in ten. I could go on, but I’m sure you get the picture.

Gartner Group has stated that a whopping 73% of companies do not have specific security policies for their computers. Incorporating laptops into your company security policy is extremely important. Rules should be clearly defined as to what is expected of laptop owners. Due to the risk of having proprietary or confidential information being compromised, the best thing all of us can do would be to encrypt any sensitive data stored on the laptop.

What does it mean to encrypt data on a laptop? Encryption achieves the goal of making any sensitive data unreadable and unavailable to prying eyes. It’s just like when our web browsers jumble the information between our computer and our bank when we’re doing online banking. When a hard drive (or specific folders of a hard drive) is encrypted, it is done so with a key, or password, which is used to decrypt the information. Without that key, the would-be thief cannot get at that information.

Going through all the steps necessary to encrypt data on the hard drive is well beyond the scope of this article. The good news is there is a program available that is free to download and use that will go a long way in protecting your sensitive data. I encourage everyone to visit www.truecrypt.org, where you can find out more about how easy it is to protect your data. There is good documentation available on the site and the download is available for free.

The trickle-down effect of laptop loss and theft is becoming more severe as we retain more and more data. Encrypting the information stored on our laptops is just one large step to take in preventing the worst-case scenarios. The old adage of an ounce of prevention’ couldn’t be more appropriate for this issue. Take the time to protect yourself or your company.

For more information on protecting your laptop and encrypting your data, call Tech Central at 972.996.6650

by Todd Pheifer

The Internet has changed how everything is done in modern society. Some of this change is obviously positive, but with any change comes the possibility that things could get abused. Just about every industry makes use of the Internet in one way or another whether it is for research, communication, or organizational infrastructure. Employees in many different firms are on the Internet throughout the day. The challenge for organizations lies in regulating this usage. As with any other medium, not all Internet usage is for professional reasons. Therefore, some companies have taken the step of monitoring the Internet usage of their employees. Here are a few advantages to this practice.

You Are at Work

Ideally, when companies monitor their employee’s Internet usage, it sends a message that the organization expects people to be productive with the tools that they have been given. This is the same principle that applies to the use of the phone, the copy machine, the fax machine, and various office supplies. Most companies understand that their employees do not spend every moment of the day focused on the work at hand. A few personal phone calls and a bit of idle surfing on the Internet may not destroy the organization. However, some companies feel it is best to set a tone and remind their employees that they are not on their own time.

Personal Responsibility

Another benefit to Internet monitoring is that it sends a message to the employees that certain policies will be followed and enforced. Some companies have written policies about Internet usage in terms of which sites employees should not be visiting during company time. However, without a monitoring system in place the employee may feel like they are safe to do whatever they want as long as they quickly close their browser before the boss walks in. If an employee feels like they are being monitored they may be less prone to go to certain sites in the first place.

Liability

Finally, an Internet monitoring practice reminds the employee that they may be liable for certain things that happen on the Internet during business hours. In addition, it conveys a sense that the company may be at risk if certain employees visit sites that are not connected to the business of the organization. Ultimately, an Internet monitoring policy sends a strong message that the employer takes employee behavior seriously. What companies have to keep in mind is that monitoring employees can create a negative environment where people do not feel trusted. Negative reinforcement may set a tone, but in the long run it may simply cause the employee to avoid the reinforcement rather than engage in behavior that is positive for the workplace.

For more information on employee internet monitoring, call Tech Central at 972.996.6650

by Brian Lamacraft

Using the Internet can be a dangerous place if you are not careful. The use of email programs can be a way for criminals and hackers to get into your personal data by the means of what we call phishing. This term means to “fish” or in other words the criminal sends you a piece of information that seems legitimate and tries to entice you into filling in a form or going to a website to complete a form and then using this to steal your data, money or even your entire identity.

Phishing by email is very common and you may receive such things as “your account is being deleted,” “please update,” “we have received an error,” and so on. This is used to scare you into thinking something is very wrong with one of your online accounts and force you into quickly entering in the requested data. Often the email seems legitimate and looks like it could have come from a trusted site. But, this is not the case because a company will never ask you for information via email and make you sign a form. This is always done from the website and not from an email form. You should never fill out a form via email under any circumstances from any website. Sometimes when you sign up from a site they will get you to verify your account by email. Since you have joined, this is safe. If you are not sure, don’t join any sites that seem to be questionable to you.

Other common phishing attempts are ones that claim you have won money or prizes and ask for sensitive financial data to get your reward. Never fall for these trick. If an email is suspect, just delete it right away. If you receive phishing attempts from sites you have already joined, notify the site about he hacking attempt so they can work to eliminate the threats. Sites that care about your business will work with you to lessen the chances of you getting phishing emails.

A good idea is to create another email account and use that one for online activity so it collects all the junk, while using your main email for business and personal contacts. Many email providers work hard to remove suspected phishing emails but some always slip through undetected. Make sure you only bookmark websites that you trust and don’t do business with any that you think are suspect.

Conclusion

Phishing is a part of using the Internet, but you can avoid this scam with some basic common sense. Never open email you think is even remotely suspect and report any phishing attempts from sites you join to the webmasters of that site so they can work to eliminate the threats. Create a separate email account if you do a lot of emailing online so potential threats only go to one account and keep your main account relatively phishing free.

For more information on securing your network, call Tech Central at 972.996.6650

by Timothy Justice

As computers become more advanced, the security threats to the data on the computers becomes more real. The encryption standards that were considered state of the art 10 years ago are now vulnerable to rather weak software exploits, and traditional passwords can be compromised in less than five minutes by rather unsophisticated, easy to obtain software. For obvious reasons, I’m not going to tell you how to FIND that software, but it is 1) out there, and 2) completely legal.

But it is not these pieces of software that you need to fear. Any network administrator worth his/her salt is well aware of the presence of these programs and has taken steps to protect their computer network from attack using these exploits. Hacking into a network in this computer age is not a matter of connecting directly to the target computer; security is implemented in layers, and finding the presence of a computer on the network is only the first piece in a rather large, complicated puzzle. And these layers will not be set up the same way; getting through one hole doesn’t mean you will get through the next.

The biggest threat to a company’s data is actually a rogue employee within the company. Getting in from the outside often means navigating a complex maze of firewalls, encryption, password protection and other security methods. And it means doing it quickly; once an attack is detected, the network administrator can and often does slam the door on the intruder, leaving them not only holding the bag, but needing to find another way in, as that vulnerability will quickly be patched.

A company employee has already achieved the first task in compromising a network: gaining access. Because they already have permissions on the network and are inside the DMZ, employees do not have to navigate the outside layers of security. The information, once gathered, can be passed outside the network rather quickly.

A well prepared network administrator knows this, however, and should have constructed the network to minimize the damage that can be done by individual employees, and to ensure that any employee who does manage to compromise the network can be quickly tracked. This is the main reason many companies monitor computer usage; they’re less concerned about you watching YouTube than they are about your potential use of the Internet to remove proprietary and confidential information from their network.

As an employee, you should be aware that anything done on your user account will be traced back to you. For this reason, you should lock your computer if you will be away for even 5 minutes, and log off every time you leave for the day. An open computer is an invitation to a would be cracker, just as an open door or window is an invitation to a would be burglar.

For more information on securing your network, call Tech Central at 972.996.6650

by Phil Dotree

As hard drives are made larger and larger to accommodate the growing need for data storage, more and more important files are stored on the devices; everything from family photos to critical business files.

When a hard drive goes down, it can be a disaster for the computer owner.

Luckily, the growing data recovery industry has emerged to help get data back from damaged drives.  By essentially reconstructing the drive to a working condition, data recovery engineers can pull essential information off of a hard drive for a price, of course.

As with any service, though, there are good and bad data recovery companies, and a bad data recovery company can render a drive completely unrecoverable.  If you have a failed hard drive, it’s essential to look for a few specific things that will ensure that your drive’s in the right hands.

Make sure the company has a clean room. This is absolutely essential in order to work on hard drives with physical problems.

A clean room is exactly what it sounds like; it’s a heavily filtered, strictly controlled environment which allows an engineer to open a hard drive and work on it.  Hard drives can’t be opened in a normal room because even a single speck of dust can permanently damage the delicate magnetic platters that hold the drive’s information, so if you’re looking at a few data recovery companies, always ask if they have a clean room.

Find out how long the company’s been in business. Reputable data recovery companies have usually been around for at least five years or so; there are some decent companies that have been in business for less time, but generally speaking, the longer the company’s been in business, the more time they’ve had to develop techniques and learn what works and what doesn’t.

Ask about past clients. If a data recovery company has several major recurring clients, i.e. Fortune 500 companies, they’ve probably got some decent qualifications.  Major companies do their research, and only continue to use a company if they find some merit to them.

This isn’t an absolutely necessary qualification, but it’ll help to give you some peace of mind when making your decision.

Look for hidden fees. Different data recovery companies will charge different rates, and in a lot of cases, different rates for the same services; for that reason, it’s good to call around to gauge pricing before making a decision.  Be sure to ask about all fees, though; lower-end data recovery companies find ways to sneak in charges in the form of “clean room fees” and other hidden costs.  Make sure you’re aware of all the financial risk you’re taking on before sending your hard drive in to any particular data recovery company.

Make sure the company doesn’t void your hard drive’s warranty. Even if your hard drive is out of warranty, ask if the data recovery company you’re considering is authorized by hard drive manufacturers to open hard drives and recover them. Hard drive manufacturers often have strict criteria for evaluating whether a data recovery company is up to snuff, so usually you can trust their judgment.

Only use a company that practices nondestructive methods. Some data recovery companies may immediately run a drive through a series of programs designed to pull data off of drives with light failures; the problem with that method is that if the hard drive has a problem of a more severe nature, the act of running the programs could damage the drive permanently.  Good data recovery companies only practice nondestructive methods that stand no chance of causing additional damage to a hard drive.

Most computer users would rather never pursue data recovery, but if your hard drive’s in the right hands, it can be a pretty painless process.  Remember to do some research and choose based on qualifications as well as price; after all, your data’s valuable.  Don’t trust it to a company that can’t handle it.

For more information on data recovery, call Tech Central at 972.996.6650