) 
Windows 7 Security Tips
There are a lot of good reasons to upgrade to Windows 7, but today I am just here to talk about security! I recently had to completely re-load my son’s computer at home due to a particularly pernicious virus. After doing the clean up and the reloading of everything, I realized that there were a few things I could have and should have done to help protect that computer. The fact that ‘nothing valuable’ was on it did not make it less costly and time consuming to fix! Please note, these are really tips for you home users… if you are on a corporate network, some of these settings may be an issue, and you should just call IT (after all, IT guys gotta make a living too).
Clearly, you need to have anti-virus software. Everyone should be nodding their heads at this point in agreement, glad in their knowledge that they have already taken this critical step. Unless of course you are not nodding your head. Then I’d advise hopping on Amazon.com or running the the nearest store and buying a good security suite, or heck, there are good free ones (Avast, Microsoft Security Essentials, AVG Free) that you can download.
But of course I know we already all had that step down. What I wanted to talk about was configuring Windows 7 to really help keep the world of computing a happier, safer place.
First – Turn on Automatic Updates!
Make sure Windows Update is turned on. To do this, just type the word ‘update’ in the search box when you click on the Start Button and (without hitting enter) click on Windows Update, which will be listed above. In the left pane click on Change Settings then under Important Updates you can choose to install new updates automatically. You can also select the day and time that will least inconvenience you. Under Recommended Updates chose “Give me Recommended updates the same way I receive important updates” by checking the box next to it and then click OK. Easy Peasy.
Second (and building on our newfound confidence in complex windows configuration as shown in our achievement of the above step) – Turn on Windows Firewall!
Now this is starting to sound important, right? Well, this one is simple! Click Start and select Control Panel. Click on Systems and Security. Take a break. Let your fingers rest. No reason to get carpal tunnel here. Ok. Now click on Windows Firewall and to the left you will see Turn Windows Firewall on or off. Click on it and then select the button for Turn on Windows Firewall for each type of network. Just turn them all on. Again, bask a moment in the glory of the control you are taking here! If you have never configured anything other than iTunes, this is pretty cool stuff!
Third – Windows Defender
Windows Defender is the built in anti spyware software in Windows 7. Let’s make sure it is on and working for you! Click on the Start button and type in “Defender” and hit enter. If you get a dialog box that says This program is turned off, AND you don’t have any purchased anti spyware running (remember above when we bought that fancy security suite?) Check the box and see if it is doing this! If not, then click on the words “click here to turn it on” at the bottom of the dialog box. Done.
Fourth – Getting to Know the User Account Control
This User Account Control is the doorman at the IT party. It keeps out the undesirables and ensures that your computing fun is only enhanced by all the things that may want to come in. Click on Start button and click on control panel. Type UAC in the search box and click on the Change User Account Control Settings link. Now we get to tell the doorman how selective we want him to be! Power… so much power. Ok, let’s focus, we are almost done here. The settings here are from lowest protection (Never Notify) to highest (Always Notify) I strongly recommend using one of the top two settings. This may slow you down on occasion when using the internet, but it will give you a chance to recognize and respond to strange files downloading and executing themselves. Now, unless you give them permission (which my son still did) they can’t install or take any action. Go for the big beefy hard to please doorman at the top of the list. You’ll thank me later.
Final Step – The Action Center
This is it. We have reached the Star Chamber and have shown we desire mastery and enjoy the control of our own computing destiny. The Action Center is the home base of PC security. This is where we validate we have done everything correctly. Click on Start button, Control Panel, System and Security and Action Center. Sit back and look at the status and revel in the protection you have created for your home Windows 7 computer! If anything is missing, you have the steps above to fix it!
Happy (home) computing!
Richard Brunke
In: Security, Uncategorized
Mobile Device Security
I recently wrote an article for the WSCPA (Washington Society of of CPA’s) about Mobile Device Security. The article was not focused on the newest device flaw, or any particular fan-boy approach to the best or the worst device, but included a general approach to treating mobile devices with the same care you give towards managing laptop users.
Perhaps in the future I will re-post the entire article, but for now, here are the key points to developing a policy for mobile devices:
- Require that passwords be used. Password protection is a standard feature of mobile devices, yet few users utilize it as they find it inconvenient. This simple step is the most effective way to ensure the data on a device stays secure until it can be remote wiped.
- Turn on encryption! All the common devices have the ability to transmit data in an encrypted fashion, so make sure this is turned on with any device being used for email!
- Enable remote wipe! Ensure that your IT department gives itself access to every device so that they can remote wipe any lost or stolen device.
- Be clear on intellectual property policies! Business email and data transmitted to mobile devices is indeed intellectual property, and mobile device users must have clear policies outlining this fact, so that they understand the rights of the company to secure that data.
- Turn Bluetooth to hidden mode. Limit exposure to hackers who may discover your device if it is in default always on and discoverable mode.
- Have an acceptable use policy for applications. Applications are a big part of what owning a mobile device is becoming about… but they also can create a lot of issues, and they may present specific security risks. These applications can enable data theft, password theft, or other issues. If someone wants corporate data on their personal device, they may have to submit to some controls over what types of applications they run. If you are concerned about security, it may be important to limit the ability to load applications, or to require that applications loaded be vetted by IT first, as you can’t trust that the various places these come from (iPhone store, etc) can properly police all the applications presented to ensure that they don’t harbor malicious code or spyware.
Happy (mobile) computing!
Richard Brunke
Your Biggest Security Risk You Never Knew About
Sometimes you come across something and have one of those ‘really?’ moments. One would think that there are few big nasty surprises left in the world of digital security. Bad news and new leaks in the same old places sure, but surprises… no.
Well, here is a big surprise for you.
Your digital copier has a hard drive in it and keeps records of all documents scanned, copied, faxed, and emailed. Most every copier build since 2002 has a hard drive and retains this data. Think about the things you copy:
- Employee files with SS number, drivers licences etc
- Medical information
- Tax documents
- Personal letters
- Not to mention whatever body parts were copied at the last company holiday party
And when you are done with that leased copier, or you give away or sell your old owned copier, that content is available to whomever buys it. Apperantly we don’t know much about this, but identity thieves have long known of this opportunity. A recent story told of used copiers being purchased with hundreds of pages of medical information, pay stubs and payroll information, and even a list of targets for a major police drug raid.
HIPAA and SoX compliance just went out the door.
There are software solutions such as InfoSweep that will completely wipe these hard drives. Alternatively, before sending off that old copier, have your service person remove the hard drive and give it to you. Pound it with a sledge hammer a few times, drill holes in it, or pound a few nails through it. Any of these will render it useless.
Perhaps most importantly, DON’T every copy private or sensitive material on a public facility copier! Any document you copy, fax, or email from one of the copy shop machines will leave behind a copy on that machines hard drive.
I am somewhat shocked that this is not commonly known, and even more shocked at the implications to compliance and data security. It is a gaping hole in the average companies data security plans, and really needs to be addressed. Talk to your copier service person, or IT staff or consultant and make sure that you have options available to destroy data on copier hard drives.
Happy (and safe) Computing!
Richard Brunke
Is Your iPhone Hackable?
Sometimes we find that new technology adoption rates can greatly exceed new technology maturation rates. In the case of the iPhone, while product is flying off the shelf, there may be some scary flaws needing resolution, and while I doubt any such issues will drive away the legions of fans, it is important to know what the risks are so you can protect your data.
The most recent security flap is, uncharacteristicly, not with the new version of Windows, but with the iPhone. Well the ’staggering’ truth may not be quite so scary as all of that, but it is an interesting and worthy story nonetheless. Basically, if you leave your iPhone lying around and someone who happens to have a laptop handy running Ubuntu “Lucid Lynx” 10.04 picks it up, they can bypass all security and see everything on your iPhone. Now, while that is sort of scary, it is a bit of a stretch to imagine hordes of potential hackers arming themselves with Linux laptops and hunting around for loose iPhones so they can see your vacation pictures.
Still, Apple needs to plug this flaw in its product. If you own one, don’t panic. If you see any questionable characters with well used laptops eyeing your iPhone while you sit at the Starbucks, don’t panic, don’t call the police, just think of it a bit like your wallet – if you leave it lying on the table, you are asking to lose the stuff in it. This is just another reminder that our mobile devices store things of value, just like our wallets, and deserve at least the same amount of care! Don’t leave them lying around, think about what you are storing on them, and for gods sake, don’t loan them to Linux OS weilding laptop owners!
Happy (mobile) computing!
Richard Brunke
The Hacker’s are Getting Smarter – And I Almost Got Caught Today!
We all like to think we are too smart to open the wrong files, the wrong emails… and yet, today, I was one click away from doom (well, if you define doom as having to take my computer in to the help desk to be wiped and cleaned). Actually, when you are the executive at an IT services company, that is about as close to doom as it gets if you define doom as total embarrassment.
Hacker’s are getting smart. Really smart. The email I received had claims that a lawsuit regarding a copyright infringement case was being filed against my business, and it was from the ‘Marcus Law Center’.
Now, this really did not make sense to me, and I could not think of any reason such a thing was happening, but the link to the documentation was there, and all good phishing emails are able to evoke that sense of panic, that need to check in. Well, in a moment of insanity, I started opening the attachment, and then saw it was an EXE file, not a PDF file, even though it made it look like I was clicking on a PDF document to open it. Smart really.
Well, Windows 7 did me a favor and asked me if I wanted to open the file, and, in a moment of clarity, I stopped and looked up the email online to find it was indeed a spoof with malware attached.
Always good to think twice before opening any attachments in email.
Happy (virus and malware free) Computing!
Richard Brunke
