Tuesday, April 29, 2014

Do you use Internet Explorer?

A vulnerability in Microsoft’s popular Internet Explorer web browser can allow a “remote, unauthorized attack” on users’ computers, the company announced over the weekend via a Service Advisory. Although it is working to fix the problem, the company suggests “workarounds.”

Meanwhile, the U.S. Computer Emergency Readiness Team, a division of the Department of Homeland Security, is urging computer users to employ Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) if possible, or temporarily switch to a different browser until an official update is made available.

The “use-after-free” vulnerability can allow remote attackers to install code on a user’s computer without authorization. Versions 6 through 11 of Internet Explorer (IE) are vulnerable, and users who still have the Windows XP operating system are at greater risk because the company is no longer supporting the product.

Better Business Bureau is joining with security experts in recommending that IE users take the following steps:
  • Download the EMET on your computer for additional protection (although it may not mitigate this particular vulnerability);
  • Temporarily switch to a different web browser, such as Goggle’s Chrome or Mozilla’s Firefox.
  • Disable Adobe Flash, as the attack may not work without it.

Windows XP users should upgrade their operating system or disconnect the computer from the Internet, as the company no longer supports this version of Windows.

Thursday, April 24, 2014

AOL Confirms Mail Service Has Been Spoofed

Do you have an AOL email address for your business? If so, check your sent messages!

AOL Mail is being spoofed and users’ AOL email accounts are apparently sending messages that contain a link in them which could lead to malware, viruses or phishing attacks, according to USA Today. It is currently unknown how widespread the issue is. AOL has assured its users that they are taking the necessary safety and security measures to resolve the issue and are working to have users’ accounts running smoothly and securely.

AOL is recommending that users check the email in their Sent folder to see if there has been mail sent unknowingly. Regardless of the findings, users should change their passwords and report any questions to the official AOL Mail Help Twitter page, which AOL has been using to respond to users’ tweets during business hours.

AOL has issued this statement in regards to the ongoing efforts they plan to take against the email spoofing.

Note: AOL, Inc. is a BBB National Partner. 

Thursday, April 17, 2014

Twitter is Getting a Makeover

Twitter announced last week that they are making improvements to users web profiles. There are three main features on the new profiles.

  • Best Tweets: Tweets that have a lot of favorites, retweets and replies will appear slightly larger, making it easy to find your most interesting content.
  • Pinned Tweet: This works similarly to Facebook pinning, where you can pin a Tweet to the top of your page. It's the first tweet your users will see when they land on your page.
  • Filtered Tweets: When looking at other profiles you can now choose how to view them. The options available are Tweets, Tweets with photo/video, or Tweets with replies. 
Twitter said that they will begin rolling out the new profiles in the coming weeks. As of now, only select group of individuals, such as film and TV stars, have the new profile. Twitter also said that anyone who signs up for a new account within the coming weeks will have the new layout as well.  

Check out First Lady, Michelle Obama's profile

What do you think of the new layout? 

Tuesday, April 15, 2014

Guest Blog: Fair Credit Reporting Act: 5 Big Rights You Should Know

Your credit report plays a huge part in big life purchases, employment, and helping you appear financially fit for lower interest rates, credit approval, and funding for personal or business needs. It’s important that it’s correct and reflects an accurate portrayal of your payment and credit history. Under the Fair Credit Reporting Act (FCRA) of 1970, consumers are protected against fraudulent information on their credit reports, unauthorized distribution, and unsolicited pre-screenings of information. 

To keep your information correct and safe, here’s five big rights you have under the Fair Credit Reporting Act: 

  1. You have the right to know what is in your credit report file. Under the act, you can collect a copy of your credit report once every 12 months for free. The three biggest firms (Experian, Equifax and TransUnion) offer one convenient report, which can be found at AnnualCreditReport.com. In some cases, you can review this information more often: if you are a victim of identity theft, you are unemployed but expect to apply for employment within 60 days, your file contains false information as a result of fraud, a person has taken adverse action against you because of your credit report or you are on public assistance.
  2. You must give your consent for distributing credit report information. Your credit report information may not be given out to just anyone who asks. There are specific criteria for viewing a credit report. Your report can only be viewed if: a court order has been issued, if you are applying for some form of credit, an insurance company is working on your behalf, or a government agency is determining whether to give you a license or other benefits. Other cases include a landlord considering you as a tenant or an employer wanting to check or verify information before offering you a job. These cases, however, require written consent from you. And if for some reason you are turned down for an application of credit, insurance or employment due to your credit report, you have the right to find out why.
  3. You have the right to dispute any incorrect information on your credit report. After you receive and review your report, if you find there are blatant errors in your history, you can do something about it. By law, the consumer reporting agencies must investigate all claims of false information. Inaccurate information must be removed or corrected within 30 days. You can know dispute credit report information online or in writing, but sending your dispute in writing by certified mail ensures you have a record of the dispute in case they refuse to remove an incorrect item you can show proof should be removed.
  4. There is a time limit on negative information reported on your credit report. If there are authentic negative items on your credit report because of past-due payments or a bankruptcy, and you are working to build your credit up, there is a time limit on how long negative items can remain on your credit report. Credit reporting agencies may not report negative information that is more than 7 years old or bankruptcies that are 10 years old.
  5. You may limit “prescreened” offers for credit and insurance. Have you received a tempting, pre-authorized offer in the mail lately for a new credit card? You have the right to opt-out of this prescreening process for five years or for life by calling 1-888-5-OPTOUT (1-888-567-8688). This helps keep your information safe and secure.
Culik Law is a BBB Accredited Business located in Woburn, MA. They have been Accredited since 2010.

Saturday, April 12, 2014

Beware of the "Heartbleed" Bug

The “Heartbleed” bug is a computer security vulnerability that can reveal the contents of a server’s memory and expose private data such as user names, passwords and even credit card information.

The Heartbleed bug exploits a flaw in the Secure Sockets Layer (SSL) of popular open source software called OpenSSL. SSL is the standard security technology that establishes an encrypted link between a user’s web browser and the server where a website is hosted. It is used to secure numerous kinds of data transfers, including email, instant messaging, social media, and business transactions. Encryption is essential to Internet security.

The flaw, discovered on April 7 but apparently in existence for two years, means that attackers can copy a server’s digital keys and use them to impersonate servers to decode communications from the past (and, potentially, the future).

BBB recommends that businesses immediately check to see if their website(s) use Open SSL or have been vulnerable. One way to check, recommended by tech/media website CNET, is a tool developed by a cryptography consultant. If vulnerability exists, businesses should work with their IT department or computer professional to install a more secure SSL on their websites.

Thursday, April 10, 2014

Does Your Business Use Windows XP?

Today, BBB released a warning to businesses and consumers that Microsoft Corporation is no longer providing support for Windows XP.

Starting April 8, 2014, the company will not provide technical support or security updates for the 12-year-old XP operating system, or for its Office 2003 software suite (which includes Word, Excel, Outlook, etc.). This means users will become more vulnerable to computer viruses and malware. Some security experts have speculated that scammers are waiting to launch XP attacks after support ends, so there may be an increase in malware activity in the coming weeks and months.

Better Business Bureau is offering businesses the following tips:

  • Older computers likely will not be able to run Windows 8, the latest version of the operating system. You may want to look at upgrading to an earlier version such as Windows 7, which is still be supported by the company.
  • If you can’t update your operating system at all, you should think about replacing your computer. It would be a good idea to disconnect your computer from the Internet so that you are not vulnerable to malware.
  • Backup all files, documents, photos, etc. onto an external drive, flash drive or a cloud storage site prior to upgrading your operating system or migrating your files to a new computer.

After April 8, if you are still on Windows XP, do not click on any links or pop-ups on your computer that claim to be from Microsoft support; they may be from scammers. Go directly to Microsoft’s website for information on how to upgrade your system.

Monday, April 7, 2014

Small Business Emergency Preparedness Checklist

As a small business owner, you should be aware and be prepared for emergencies that could affect your business. A solid emergency plan can give you peace of mind and a greater sense of security.

  • Make a list of the vulnerabilities and potential types of disasters (fire, flood, tornado, etc) that can occur and how your business would respond differently to being displaced for a week, a month, or longer
  • Determine alternate locations for your business to operate if you are displaced from your current building
  • Create and maintain an inventory of property
  • Read your insurance policies carefully. Read the fine print so you know what is and is not covered
  • Have an emergency preparedness kit ready
  • Identify essential staff who are core to the operations of the business and keep a list of their phone numbers (home, work, pager, cell) and e-mail addresses that can be accessed by employees from several locations (home, Internet, etc.)
  • Devise an emergency communications plan that outlines how your business will communicate with employees, customers, vendors and other key external contacts in the days following a disaster. Keep duplicates of personnel, payroll, payables and receivables and other essential records at an off-site location
  • Determine who will manage the company if key leaders are unavailable
What other checklist items do you recommend?

Thursday, April 3, 2014

Guest Blog: Disaster Recovery for Businesses

For small to medium sized businesses a solid disaster recovery plan unfortunately doesn't get much attention and for good reason, it can be expensive However, it’s just as important for a small business to have a plan as it is a large business. 

Disaster recovery is basically a plan to bring your business back up in the event that everything is lost. This plan would detail every action the business would need to take including a location to temporarily move to. The backup and replication methods available to protect the data in your environment range from Tape Backup to High Availability services. 

To break it down here are the different scenarios available to you: 
  • Tape backup: Tape is a dying breed, I still have clients who do tape backups but most have transitioned to some other form of media. Tape is slow and in the event that everything was lost you’d normally lose a days worth of work depending on timing, and that time includes getting the tape that is stored off site. The standard backup model here is backing up your data to a tape such as an LTO or other type of tape. 
  • Disk Based Backups: Disk based backups are quickly becoming the media of choice. An example of a device would be a SAN (Storage Area Network). You’d backup your data to an array of disks which then could be replicated off site to another SAN. This is the ideal situation. Advantages are increased capacity, quick restores and replication capabilities.
  • High Availability: High availability is the replication of your live environment in real time. An example of this type of scenario would consist of 2 servers, one production server that’s in use and one recovery server located typically at a another location. Data is replicated in real time to the recovery server and in the event of a disaster business could resume at the chosen location. This is the ultimate in disaster recovery. Products such as Double Take software can be used to accomplish this. 
The method you chose to use depends on your budget but consider the sales that would be lost due to unfortunate down time as the result of a disaster. Disaster Recovery is a topic your business should implement and continually review.

Daniel Doucette is the owner of IT Link Maine, LLC, a BBB Accredited Business since 2014.