‘Tis the season for reflection of the past year and planning for the new year.
To help you with your business resolutions we’ve reached out to multiple professionals, in various fields to chime in on what we believe to be very important areas of interest for you and your company.
This next blog covers areas of internet security- something that we all should be taking very seriously given how fast technology is moving and how clever some scams have become! When we asked George Gojmerac, web developer and technology tutor for his company ‘Mr. Tutor-Tech’, to guest write for us on the topic- here is what he shared:
“ When you see articles about stolen account information from some of the biggest companies in the world (Facebook, Twitter, Adobe), the ones that pay huge amounts of dollars on security, have the best equipment and some of the top minds, you should stop and ask yourself how important is my information and what can I do to keep it safe?
Using things like firewalls, anti-virus and intrusion prevention software are a very good start. The easiest way you can compare all this to an adult is through sex. You try to avoid catching some type of STD, what do you do? You can only say no so often (intrusion prevention), eventually it’ll happen and you’ll need a condom (firewall) and then if you do catch something you’ll need a shot (anti-virus) and hope it’s curable otherwise you’re infected.
Some of these methods like the firewall try to keep things out but users end up inviting things in as well, kind of like not wearing a condom, you’re taking a chance. Clicking on an emails Excel attachment (watch out for macros) for example could put you into a world of hurt, it would be nice if there was an “Easy Button” for this but there’s not, just like schools have adopted Sex Education so should people today be Computer/Technically Educated.
If you need internet for your company provide only access to what people need, don’t allow them to just visit pages aimlessly not only will this reduce them from wasting time surfing but it’ll keep your network safer. You should also consider locking down things like USB ports and CD drives so they can’t be accessed and prevent users from being able to make changes to these settings as well by password protecting it. I’d recommend doing this through the BIOS so that they can’t boot the system up using something like a Linux boot and bypassing any Windows security you have in place, this can still be circumvented but not without opening up the computer and getting inside of it. Not all company security breaches come from the internet though- someone simply placing a CD on a company desk with a company logo and having something like “top secret” written on it will do the trick if someone wants to swipe information. Also anytime somebody leaves their computer they should lock it, it doesn’t even hurt to have it automatically lock after a few minutes just in case they forget.
Another way to get someone infected is through Social Engineering. This requires hackers collecting and building information on a target then tricking the user into doing something. Simple versions of this are easy to spot, like that email from your dead Uncle in some country you’ve never been too or don’t even have a single relative near, others might involve them posing as a friend and using their email which is noticeable but sometimes a little harder to spot. Other tricks include emails from someone pretending to be a bank for example; they trick you into clicking on a link that takes you to a fake page that looks just like your banking page (phishing). Then you enter your information not noticing a tiny detail in the address bar that would have made you think twice about doing it! But now it’s too late….
Back to our firewall for a second, sometimes you might need something like a connection to a Remote Desktop on your computer so now you need to provide a hole in your firewall to do this. If you’re thinking about putting holes in a condom now, get your head back in the game that analogy stopped a few paragraphs ago. So now you have this hole in your firewall, one thing you can do to improve its security is create a VPN (Virtual Private Network) this would require you to know certain settings so that you can connect through the internet using an encrypted network so that anybody listening in won’t be able to read what you’re transmitting.
Thought I’d save the best for last, encryption is when you take a signal and mix it all up in a particular way where only the other party knows how to put it back together properly. This is done occasionally on some web sites, typically login pages to get onto things like email accounts which are usually encrypted as well. You can tell if a web page is encrypted or not by looking at the address bar, if there is an “https” like what we use for our site “https://mr.tutor-tech.com” then you’re safer, if you see “http” or neither of these then it’s unencrypted. To encrypt information the site needs to obtain a certificate, they can issue this themselves possibly to trick you so if you see the “https” being highlighted with a red colour or an x through it then this means the place that issued the certificate wasn’t registered and might not be trusted. Basically you’re using it at your own risk, even if it’s green (legit) doesn’t really ensure your safety just means they purchased a legal certificate from a reputable site and the traffic is encrypted. Technically the site that issued it to them knows it exists but that doesn’t mean the site should be trusted, if you’re unsure of the company or more specifically the URL, research it and don’t just assume it’s not some type of scam because it has a legal certificate.
Now back to regular web pages and regular email, they are transmitted in plain text and can be read by anybody with a computer and a little bit of knowledge. This means you should be very careful with the information you put or send forward, things like your credit card information, account user name and passwords are a big no, no and a surprise gift for any hacker listening in. Some email clients allow you to send encrypted mail, use this if you absolutely must transmit private information.
As you can see there any many considerations to take into account when addressing internet/network security and although there are no guarantees on the subject staying informed/educated about your options is your strongest asset, especially since you the user are usually the weakest link.
“My name is George and I created Mr.Tutor-Tech with you in mind! We provide flexible inexpensive tutorials designed just for you! Our courses are intended for those over the age of 14. Our hours vary and we do our best to accommodate your schedule 7 days a week. It’s recommended you call and make an appointment before just stopping by as we may have a class in progress.”