ComTech: IT Support Stirling
TwitterFacebookGoogle

Is it possible to have too much security on your systems?

Just going to throw this one out there today. Yes we all know that having security on our systems is a good thing but is it possible to have too much?

The reason I ask is that I came across a situation recently where a client had so much security on their systems that it impacted on the daily running of their business and actually made them less secure.

Let me explain. The client in question has a server environment with multiple group policies running and no IT support. The office manager was the onsite “help”. These group policies cover everything from which wallpaper you can have on your desktop to how long your passwords must be and how complex. The problem was there were too many of them and they were conflicting which meant that some users could do one thing whilst others couldn’t. The allowed passwords were so complex that the users had to write them down to remember them (security breach waiting to happen) and when they forgot the manager would be called on to reset them which in some cases could be multiple times per week!!

The owner was obsessed with securing their data and systems to the point they had forgotten one major rule – if you tighten your security that much users won’t be able to do anything!!!

I am all for securing data and client systems but I won’t ever secure them to the point of where my clients are unable to use them effectively. If the client can’t use them to run their business efficiently whilst still being secure then I aren’t doing my job right. There has to be a compromise.

So what do you think dear reader? Can you have to much security on your systems?

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Cisco, Windows, OS X and Linux based IT Support to small businesses throughout Scotland.

Follow @Comtech247 on Twitter

Securing your data starts with the basics

How secure is it? Will anybody be able to get at my data? You would be surprised how many times I have heard these words over the last couple of years. I am finding people (and businesses) are beginning to think seriously about what might happen if they get hacked or someone gets full access to their data. Chances are most businesses will never get hit (aren’t statistics great!!) but more and more people are thinking about the consequences of it happening.

One problem though. Security starts with getting the basics right and most people simply don’t. Lets take a look at some of the basics.

Passwords

1. Use them!!

2. Don’t use easy passwords that people are likely to guess (eg Password123 is not very secure)

3. Store them in a safe place

4. Don’t give people login details to your accounts

OK number 1 should be obvious.  Over the last two weeks alone I have seen 5 systems with absolutely no passwords to login.  If the system gets stolen then all the thief needs to do is switch it on to gain access to all your documents.

If you do have a password then make sure it is not an easy one to guess. Pets, children’s names, birthdays etc are all no go areas and whatever you do don’t use the same one for all your accounts.

Where should you store them? A lot of people have a “bible” with all their passwords in which is stored in a safe place.  This is a good idea and much better than notes around the desk.  Better still is using an online password manager like Lastpass which allow you to access all your passwords from anywhere.

Lastly don’t give people login details for your accounts.  You share files not accounts!!

Giving people access to your documents

1. Only give people the access they need and no more

The less access people have to your files the better.  I know of a woman who gave a client full access to her Dropbox account which included personal pictures.  I know of a business who worked closely with another firm and decided to join their Office 365 account not realising that both firms now had access to their client files and emails.

Of course we all have to share files. A traditional server can be set up to only give people access to what they need and NOT WHAT THEY WANT. Cloud based services like OneDrive and Dropbox allow you to share individual folders which means you don’t have to give people the login details for the account.

Working while out and about

More and more of us are doing this and this brings with it it’s own set of challenges.  Be very careful what you decide to do using free wifi as these are very inscure.  For example I would always advise people never do your internet banking on free wifi.  Then there is the problem of securing the devices themselves.  All smartphones and tablets should have a pin set whilst all laptops should ideally have encryption.  Some apps like Dropbox allow you to set a pin on the individual app itself which adds another layer if security.

This is only a quick overview of some of the basic security considerations you should look at.  It is not meant to be a HOW TO guide as there are already loads of those on the internet.

Comments are welcome as always!!

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Cisco, Windows, OS X and Linux based IT Support to small businesses throughout Scotland.

Follow @Comtech247 on Twitter

Windows 10 Wi-Fi Sense is not Microsoft’s best idea

Been reading a couple of Windows 10 articles over the last couple of days to catch up on what to expect when it arrives later this month.  One of the things I came across is Wi-Fi Sense which in an ideal world would be very helpful but in the real world could be a security nightmare.

You see Wi-Fi Sense allows you to share your network key with your contacts – whether they are in Outlook or even Facebook!!! Now to me this is just plain stupid especially since Wi-Fi Sense is turned on by default. Microsoft has stated that your contact would only be able to use the internet connection and not access every other device on the network but I can’t see how they will enforce this.  A determined hacker once on a network will find a way to access anything they want.

Imagine the scenario where two people are Facebook friends but work for competing companies. You share the network key via Wi-Fi sense and the second person can sit in the corporate carpark and get onto your network without doing anything.  One silver lining is that your contact can’t share your network key with their contacts which is something I suppose.

There are two ways around this either turn Wi-Fi Sense off (it is on by default as mentioned earlier) or add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.

Remember this if you buy a nice shiny Windows 10 system.

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Cisco, Windows, OS X and Linux based IT Support to small businesses throughout Scotland.

Follow @Comtech247 on Twitter

 

Just how secure is secure?

Mention security these days and the response you will probably get is things take longer (getting through an airport for example). Everyone hates it but like it or not it has become part of our daily lives. But how secure can you actually make something?

This is the question I was asked by a client last week.  We were talking about possible upgrades to their network along with checking the measures they already had in place.  I did the usual – check password strength, permissions on the server, antivirus, firewalls etc and as is the norm they wanted security but not the hassle it brings.  “We need things to just work and not worry about these security things” to which I replied “You can have security or connivence but rarely can you have both”.

Lets start with good practice. Don’t use easy passwords and don’t write them on posit notes stuck to the PC either!!!! Use one vendor for antivirus on all the systems as this allows easier troubleshooting if something happens. I did read an article yesterday suggesting you use two as any holes found in one product is unlikely to be in the second.  I can understand this logic to a point but this makes troubleshooting a lot more difficult.  I try to explain to clients they are better to standardise their software across all their PC’s for this reason.  Finally only give users the permission they need not what they want.

Now onto Firewalls.  A good firewall will stop attackers getting onto your network in the first place (or at the very least telling you someone is trying) and there are endless vendors like SonicWall or Cisco who supply excellent products.  The problem is the cost, or more accurately the perception of cost. Most of the clients I deal with are small home businesses who can’t justify the cost of installing a third party firewall and instead rely on the BT Home HuB (or similar).  These type of routers contain a basic firewall which is robust for the most part (you can configure ssh access for example) but don’t have the feature set of the more expensive models from the likes of Cisco.

The biggest problem with security though is us.  Humans are well known for always being the weakest link in IT.  If we see security as getting in the way then we get annoyed and turn it off.  My antivirus is slowing down emails coming in – turn it off.  You want me to remember how many passwords – don’t think so!! You get the picture!!

So back to the the original question – how secure is secure? The answer is nothing is ever gong to be 100% secure (especially with humans involved) but we can get close.  The problem is where do you draw the line with regards to security affecting users ability to do their job?  Too much security and nothing gets done while too little and you will get serious issues.

I will leave answering that question upto you.

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Cisco, Windows, OS X and Linux based IT Support to small businesses throughout Scotland.

Follow @Comtech247 on Twitter

 

Security or convenience? You can’t have both

Why is this so difficult? Why can’t I just do this? These sentences , and many others, have been muttered since computers became mainstream.  Users want to just get on and “do stuff” while the tech guys want to make sure the network and all its systems are secure. It is an ongoing battle between the two which is never ending.  But which camp should get precedence?


Recently there has been a string of high profile announcements about viruses and attacks being carried out around the world. From Heartbleed to Cryptolocker the threats are very real, and should be taken very seriously, however a large number of businesses and individuals don’t seem to care.  They would rather just get on with their daily tasks and don’t want any additional security measures implemented as they might get in the way.

So what security measures should we all be using then? This will differ from from company to company but the general consensus is:

1. Use encryption.  If you have a laptop for work (or even a PC in a location which is not fully secure) then it should be encrypted because if they do get stolen all your data is then freely available.

2. Use antivirus and make sure you renew it. This is one I see a lot.  Clients have gone out and bought a new machine for their business and then don’t install antivirus after the initial trial has expired. You then leave yourself wide open to all the nasties on the internet.

3. Use proper passwords. Don’t use password, your name or anything else which is easily guessed.  These should be changed often and remember not to right them on postit notes!!

4. Dont open any email attachments unless you know what you are opening.  This goes for any files in general.  So for example if you are given a USB stick to copy a file onto your system make sure you know where the stick has come from and what is actually on it.

5. Put a passcode on your phone. A lot of us use our phones for work but what happens if you lose it? At the very minimum put a passcode on it. You can also add security locks to individual apps (eg Dropbox) so even if someone does get into the phone your data is still safe.

6. Be careful what you are downloading from the internet.  This is one of the majors issues I see (in business and also home users). One of the main advantages (and disadvantages) of Windows is that you can download software from virtually anywhere on the internet. Make sure you know which site you are downloading from but more importantly make sure you are only downloading the software you want to and no add ons (eg Ask toolbar etc).

These simple steps can be annoying for an average user who just wants things to work (I have been there and fully understand) however with so many threats going around at the moment it is crazy to not protect yourself and your systems from attack.

So next time you think all this security stuff gets in the way just ask yourself on question – do I want security or convenience?

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Windows, Mac and Linux based IT Support to small businesses in Stirling, Alloa and Falkirk.

Follow @Comtech247 on Twitter

 

 

 

 

What security should you have on your smartphone?

I remember growing up (boy do I feel old) when phones were the size of bricks and a PC in every house was a fantasy. Fast forward to the present and phones are now “smart” and PC’s are everywhere. Even more surprising is the amount of work we actually do on our phones but this in itself causes unforeseen problems. What happens when you lose it?


If you lose a phone today and it is not locked down (and most aren’t) you would give someone access to your contacts, emails and all your data. In a personal scenario that would be bad but in a business situation that could be devastating. With a few simple tricks though you can avoid that ever happening.

1. Use a passcode to access your phone

It is actually scary how many people don’t have this in place.  A lot of people use a swipe gesture, which is better than nothing, but compared to a passcode is easier to crack.

2. Use a passcode to access certain apps on your phone

I use Dropbox on my phone which accesses all my data (personal and work). The  Dropbox app allows me to configure security in the form of a 4 digit passcode so if anyone wants access to all my data they would have to enter the passcode. Even better is the ability to wipe the data off the phone if someone enters the passcode incorrectly 10 times.  There are numerous apps that allow this form of security in one form or another.  For example the PC Monitor app (which is great by the way) also allows a 4 digit passcode to be setup.

One thing to note is that you should configure different passcodes for individual apps rather than have the same one across all apps (and login). This way if someone does manage to break into the phone they would still have to break into individual apps to get at your data.

3. Use encryption

If you don’t store data in the cloud but on your phone then encryption is a must.  Encryption is also a must if you store other peoples information on your phone.  Encryption comes as standard on all Android phones (but is turned off by default) and also iPhones. Once turned on no one will be able to access anything on the phone without the decryption key (passcode).

4. Remote wipe

In a business environment I would strongly suggest you install an app which allows you to remotely wipe your smartphone if you ever lose it.  If you have implemented the above measures then chances are your data is secure but remotely wiping a lost phone makes sure.  Personally on my HTC Desire 500 (great phone) I use BitDefender Mobile Security which along with the usual virus scanner has Anti-Theft security built in.  This means I can go to a website and locate my phone by GPS but even better is the ability to remotely wipe it meaning all the data on the phone gets erased. If you use an iPhone a good choice would be to sign up to FindMyiPhone which allows the same thing.

One thing I would like to mention here is that although this article is aimed primarily at smartphones the same measures should also be taken with tablets. They can be just as easily lost as a smartphone with access to just as much data.

Stay safe!!

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Windows, Mac and Linux based IT Support to both business and personal clients in Stirling, Alloa and Falkirk.

Follow @Comtech247 on Twitter

 

 

 

Is public wifi a lifesaver or troublemaker?

Thanks to Laurence from the Forth Valley Chamber of Commerce who gave me the idea for writing this article.

Public wifi is fantastic.  You can get online for free (usually) and in seconds you are accessing websites, retrieving emails and generally getting work done. There is one major drawback though which most people never give a thought to – security.


You see most public wifi is unsecured and even those that do have encryption enabled are little better as the encryption key is given out to a customer when they buy a cup of coffee (in the case of coffee shops). By its very nature it is designed to be convenient but the big problem is you don’t know who else is on the network.

Lets take your business network as an example. You may have some PC’s or laptops that connect to the router using ethernet cables (very secure) whilst some may be connected via wifi (mostly secure). Either way every computer will be able to see every other computer and you know who is on your network at any one time.  On a public wifi network every computer can see any other computer but you don’t know who that computer belongs to.  It could be a genuine person doing some work or a hacker trying to get hold of your passwords.

Think I’m making this up? Go online and download a program called Wireshark.  Wireshark is a network protocol analyzer which is designed to monitor all traffic on a network.  It is a valuable tool for network administrators wanting to know what is happening on their networks.  If you run Wireshark on a public wifi network you will see all the traffic coming to and from each laptop. In the wrong hands Wireshark can be used to intercept emails, passwords or even credit card details.

Scary stuff hey?

So how do you minimise the risk?

1. If you are accessing a company network use a VPN like LogMein Hamachi which encrypts all information to and from the network.

2. Make sure that your email settings are set up use SSL encryption (in and out) so even if your emails are intercepted a hacker will not be able to read them.

3. Do not do online banking on a public wifi network!!

4. Be very wary of which websites you visit and if possible try to use sites which start with https rather than http.

Chances are that you will never get hacked on a public wifi network but personally I would make it as hard as possible for anyone to gain access to my data or systems.

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Windows, Mac and Linux based IT Support to both business and personal clients in Stirling, Alloa and Falkirk.

Follow @Comtech247 on Twitter

 

 

 

CyberChimps
Follow

Get every new post delivered to your Inbox

Join other followers

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera
WP Like Button Plugin by Free WordPress Templates