4 Steps to Better Email Security

I was reflecting over the weekend of the mid and late 90’s when the internet was rolled out in mass around Australia.  How wonderful and innocent it was. Email was amazing with the ability to send messages around the planet in real time from the comfort of your home, and security was a word in the fine print and certainly not something the end user need worry about.

A few of us dared to examine the depths of what is possible and we quickly realised the internet will quickly become a playground for anyone wanting to mess with it.  Today there is no escaping it.  The threats are increasingly real and sophisticated and a company’s only real defence is a vigilant usage policy coupled with technology, design and education.  I tell my small business clients that being vigilant is half the battle so finding a balance between security and the ability to conduct business freely is essential.  This short guide is about finding that balance.

STEP 1.  PROMOTE A ROBUST EMAIL POLICY
Computers don’t send email, people do therefore it is important that everyone in your organisation understand exactly what is acceptable when using email.
A good policy should be:

  • Clear and concise to understand with no room for interpretation
  • Realistic based on all areas of your business to reflect the way you work
  • Flexible to change as your business changes
  • Up-to-date covering all new threats
  • In-your-face, an effective policy is seen on induction or bulletin boards or newsletters within your business

Step 2.  BE CLEAR ABOUT THAT YOU’RE DEFENDING AGAINST
Your email security strategy should cover everyone of these threats

  • Virus, Trojan and Bots
  • Spam and Phishing Attacks
  • Spyware
  • Denial of Service Attacks
  • Confidential Data Leaks
  • Hatemail and Pornography
  • Illegal Material and Stolen Files
  • Regulatory Breaches

STEP 3.  MAKE YOUR DEFENCE SUITABLE

Your email security strategy needs to be suitable for the rest of your business process. No point deploying a robust security system that gets bypassed when users work from home or on the road.  An email security strategy needs to be easy to deploy, monitor and manage, automatically update and span departments.  You need to choose the right deployment options such as Software, Applications and Managed Services. Only you can decide on the right method or which combination.

STEP 4.  MONITOR, CHECK AND REPORTING

So now you have a security policies in place and a robust security system, what’s next.  Who is monitoring it?  Regular checks from a qualified professional still need completing and tweaks, updates and refining need attention.  For small business who do not have full time IT staff, this may be as simple as employing IT professionals such as Networkz to check systems.

  • Regular computer scanning and monitoring
  • Email server updates and refinement
  • Company policy updates
  • Staff education

 

Help your PC survive storm season

Summer time is great in Australia, back yard barbecues, relaxing weekends on the deck and swimming in the pool.  Afternoons we often get a storm which cap off a great day and terrify our pets, but what about our PC’s and equipment.

Power surge is enemy number one for computers, they can render a PC scrap material is milliseconds (Well at the speed of light actually) and turn your modem into a smoking, melted mess,  so protecting them and the data they contain is essential to a stress free summer.  On top of this we have sticky hot days, another enemy of technology is heat and I’ve had a PC’s cook from excess heat once again rendering it scrap for the most part.

Here is a list of computer survival tips to survive this summer season specifically aimed at heat and power issues.

  • Get a decent surge protected power board or UPS and plug all equipment into them (See earlier story on UPS)
  • If you are going out for the entire day, try unplugging your PC from the wall, it saves power and you can do this with many devices around the home.  DVR, TV to name a few
  • If you don’t have air conditioning or a cool place for the PC.  in the heat of the day it might be best to switch it off. Especially if you hear the internal fans spinning up hard.
  • All new homes have built in surge protection however this is no guarantee of protection, sudden loss of power can destroy data on PC’s hence the first tip,  it pays to have your home checked by a licensed electrician if you have never done it before.
  • Laptops have a built in battery similar to a UPS, if your laptop battery doesn’t last long, consider getting it replaced, especially if you often work at night, during the height of a storm you can run on battery
  • Consider removing the dust buildup from inside your PC,  dust gathers around the fans and clog up the cooling capacity, the safest method is with compressed air or a soft paint brush and vacuum

Disaster Recovery and Contingency Planning

Have you got published plans in place?  Consider if you would truly know where to start if your business was disabled by a disaster.

922-300x210On the 27th of September 2013 fire destroyed a business in Slacks Creek after an accident inside the factory. Staff barely had time to escape before the blaze engulfed the premises destroying it and the adjacent building. The intense fire ensured the two factories were flattened and fire crews could do nothing but save surrounding premises. While these type of events are rare it shows that sometimes the responsibility is out of our hands and companies need to take steps to prepare for disasters on any level. For many companies this means preparing disaster recovery and business continuity plans. You don’t have to be a large corporation to develop these plans, you just need to analyze the risk.

In every business disaster recovery and contingency plans always involve computer systems and more important data. Some simple planning now can save you and your business headaches should a major event occur. I always try to talk to business owners about this subject because every business is different and therefore every plan needs to address different needs. Some will simply backup data while others have redundant systems and comprehensive procedures in place

Example: A real estate company I work with in Brisbane has two Brisbane offices north and south of the city. Both premises are free standing, fairly old offices locations in the suburbs. We perceive one of the high risks to this business is fire and to a greater extent natural disaster be it cyclones or storms.  Many factors for the risk are out of their control as they do not own the buildings, however we have limited risk through clever planning, simple design, devices and body corporate cooperation.  Simple ideas and a small level of planning can benefit small business greatly.   But the risk remains so the plans put in place clearly action a number of protocols aimed at all business processors if needed.  These plans will be business saving ideas and should get the business back to near capacity running within hours of major events

For many of the small and medium business I often talk to owners about

Contingency plan – one for each core unit of the business
Procedures – includes staff, systems, materials
Mitigation, preparation, response recovery arrangements
What are the critical business functions
Impact Analysis
Action Plans
Recovery time objectives
Communication
Coordination

Basic stuff really, there is plenty of information freely available on the internet with easy downloadable forms to help with planning and allot of information about how to go about creating plans and the needs to be considered.   It all starts with a little brain storming.

Increase battery life – iOS7 (iPhone, iPad, iPod)

iphone_5_ios_6_battery_life_hero2-161x300

iOS7 is the latest operating system version launched by Apple for their mobile devices (iPhone, iPad, iPod). This update was pushed to almost all newer devices and brought with it some pretty big changes. Now that it has been out for a while, there are reports of reduced battery life, with some devices not even lasting a day.

If you have noticed that the recent update to iOS 7 has caused a drop in how long your iPad’s battery lasts, here are five things you can try to improve the time between charges.

1. Turn off AirDrop AirDrop for mobile devices was introduced with the iOS 7 update and allows users to share files with others without using an Internet connection. Like other file sharing systems, when AirDrop is activated it is actively searching for other devices and therefore draining your battery.

If you don’t use this feature, or only use it occasionally turn it off to increase battery life. You can do this by swiping up from the bottom of the screen to open the Control Center and tapping on AirDrop. The text will be white to indicate AirDrop is on, and should turn to black when it is off.

Tip: Tapping the Bluetooth button (middle button in the top row of Control Center) will automatically turn off AirDrop and all Bluetooth connections which will further increase battery life.

2. Check your Wi-Fi settings Many users connect to trusted Wi-Fi connections at work or at home in order to save data or simply go online. When they are out of range of these devices however, they leave their iPad’s Wi-Fi radio on. When you do this, the device constantly searches for open connections to connect to.

This constant searching is actually a huge drain on the battery, so it is best to turn it off when you are not near a trusted network. This can be done by swiping up from the bottom of the screen to open the C

ontrol Center and tapping on the Wi-Fi button (second button from the left on the top row). The Wi-Fi symbol should turn black to indicate it is off.

Tip: To really conserve battery life, try turning Airplane Mode on. This will turn all communication – Wi-Fi, Data, Bluetooth, notifications, etc. off and will drastically increase battery life. On the downside, you won’t be able to connect to the Internet or receive notifications.

3. Change your Location Services settings Many apps request that your device provide them with location information on a regular basis. Some, like Maps actually require your location, but many more don’t. If you have multiple apps open that constantly require location updates, you will likely see an increased drain on your battery.

The solution is to change what apps are allowed to receive location information. This can be done by tapping on the Settings app, selecting Privacy, followed by Location Services. From there you can select which apps can use your device’s GPS, Wi-Fi or mobile connection to detect location. Chances are high, you can turn off at least half of the apps.

Tip: Turning off Location Services completely (slide the tab beside Location Services to Off) will also conserve battery life.

4. Check what’s running in the background Multitasking received a big overhaul in iOS 7. Sure, it can still be accessed by double tapping the home button, but now the open apps are presented in cards with a screenshot of their last state. Tapping on the screenshot opens the app. The thing is, it takes battery power to keep all of these apps open and updated.

What’s more, some of these apps will actually refresh in the background which could further increase battery drain. If you aren’t too worried about having constantly open apps, why not close those you aren’t using. Simply open the multitasking menu and swipe up to close apps.

Tip: You can completely tu

rn off background app refreshing (the service which keeps the information shown in the multitasking screenshots current) by opening the Settings app and selecting General, followed by Background App Refresh and sliding the button from On to Off.

5. Turn off parallax Parallax is a new effect introduced in iOS 7 where the apps on your homescreen appear to float above the wallpaper and look almost 3-D. They will also move a bit when you tilt the tablet. While this is a cool effect, it isn’t overly useful for many business owners. Powering this movement and near 3-D rendering does put more strain on the battery, causing a drop in how long it will last.

You can turn this effect off by going to Settings, tapping on General, followed by Accessibility and Parallax. Slide the button from On to Off.

Tip: Almost all modern mobile devices, the iPad included, use lithium-ion batteries. These batteries work their best when they are constantly topped off, or charged. In order to get the most out of your iPad’s battery, you should be charging it on a regular basis and not letting it get below 50%.

If you are looking to get more out of your iPad, or to learn about iOS 7, please contact us today to see how we can help.

Error opening an attachment in Outlook

OutlookAttachment01-300x55

When opening an attachment directly from within Outlook you could get an error message saying that it can’t create the file and to that you need check the permissions on the folder you want to save it in.
In most cases the permissions on the folder isn’t the issue but the fact that the folder is “full”. When you open an attachment directly from within Outlook it will first save a copy to a subfolder of the Temporary Internet Files folder.
Cleaning out the folder will solve the issue.

Outlook Secure Temp folder

Unfortunately this is easier said than done. The subfolder name Outlook creates (on installation of Outlook) in the Temporary Internet Files folder is quite random.

In Outlook 2003 and previous, the name starts with OLK and is followed by up to 4 random numbers or letters. In Outlook 2007, 2010 and 2013, this folder is called Content. Outlook and then has a subfolder which is named with with 8 random numbers and letters.

In addition, by default, you cannot simply browse to the folder to clean it out. Getting to the Temporary Outlook Folder can still be accomplished in 2 easy steps though.

Step 1: Locate the folder

The folder location is stored in the registry in the following key;
Outlook 97- HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Outlook\Security
Outlook 98- HKEY_CURRENT_USER\Software\Microsoft\Office\8.5\Outlook\Security
Outlook 2000- HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security
Outlook 2002/XP- HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security
Outlook 2003- HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
Outlook 2007- HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
Outlook 2010- HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
Outlook 2013- HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security

Step 2: Get to the folder

  1. Open the OutlookSecureTempFolder registry key from the location provided in Step 1.
  2. Copy the path from the key.
  3. Open Explorer
  4. Paste the address in the Address Bar and press Enter

Cryptolocker – Randsomware

First-Irish-language-Ransomware-Malware-300x2832

Malware comes in many different forms and some of the more common are viruses are those that infect systems when they are downloaded and opened by the user. Combating any malware can be a never ending battle. It seems as if there is always some new security threat you need to be aware of. One of the latest is CryptoLocker – a new form of ransomware.

Knowledge is power so finding out more about CryptoLocker is recommended, as well as how you can take steps to protect your systems.

What is CryptoLocker? Ransomware is a virus that locks important files or systems and requests that users pay a ransom to unlock them. This is not a new form of malware, but there has been a recent resurgence and CryptoLocker is leading the way.

This particularly nasty piece of malware infects user systems and locks files, threatening to delete them unless the hacker is paid. It is being spread four different ways:

  1. As an email sent to company addresses pretending to be from customer support from FedEx, UPS, DHL, etc. The virus is attached to the email, usually labeled as a tracking number.
  2. In PDF documents that are attached to emails.
  3. Via hacked websites that can exploit computer vulnerabilities to install the infection.
  4. Through trojans that pretend to be programs you need to download in order to watch videos online.

CryptoLocker installs itself to the Documents and Settings folder on your system and then proceeds to search for specific file types like Microsoft Word Docs or Adobe PDFs. It applies an asymmetric encryption which requires both a public and private key to unlock. The public key is stored in the virus itself and is used to encrypt the files. The private key is hosted on the hacker’s server.

What happens if I get infected? If your system is infected your files will be encrypted and a pop-up message displayed informing you that your personal files have been encrypted and that in order to get the key to unlock them (the private key) you need to pay up to USD$300, or a similar amount in another currency. This amount seems to change and has increased, with older versions asking for USD$100.

You will also see a timer counting down from 100 hours. If this reaches zero, your encrypted data will be deleted with a very slim chance of the files being recoverable. The preferred method of payment is in BitCoins – a digital currency. The pop-up window has instructions on how to submit the payment – usually through an online payment method like Green Dot – MoneyPak.

The good news is, once you submit the payment, you will receive a key you can enter to unlock your files. The hackers have said that they won’t re-infect systems, and network security companies have confirmed that so far, this has been the case.

While many up-to-date virus and security scanners will pick up CryptoLocker, most won’t be able to recover or decrypt files even if the malware itself is deleted. If you see the pop-up window, it’s probably too late.

How do I prevent CryptoLocker from infecting my systems? This is a serious piece of malware that should not be taken lightly. If you are worried about your systems being infected, here are five things you can do to prevent that from happening:

  1. Be proactive – It is a good idea to educate yourself and your staff about this piece of malware and even implement and reinforce a no installing your own software rule. Also, having a backup and disaster recovery plan in place and functioning will go a long way in limiting the damage this program can do.
  2. Check your emails closely – Closely look at every email that comes into your inbox. Pay attention to who sent it, the body text and even the subject line. If you see a slight spelling mistake in the name or even in the address e.g., customersupport@fedx.com, you should be careful or maybe just immediately delete the email.
  3. Beware of attachments – Always look at your attachments. If you get an email with an attachment from any sender you don’t personally know don’t open it. If you get an attachment from people you do know, but it isn’t something they would normally send, don’t open it. For all other attachments, try confirming that the file attached is in fact legitimate by asking the sender.
  4. Backup your data – Be sure to always backup your data on a regular basis. If you backup files on a daily or even weekly basis and are infected, you can easily wipe your hard drives and start again without losing much in the way of data.
  5. Know what to do if infected – If you are infected the first thing you should do is disconnect from the network to limit the chance of the virus spreading to other systems. If you have backed up your system and data, you can probably revert your system. If not, your best plan of attack would be to contact us to see if we can help, as we may be able to get around the encryption or even delete it.

Looking to learn more about CryptoLocker and how you can keep your systems safe from it? Contact us today.

Why I use an UPS

Why I use a UPS on all my computers

6537

I have a UPS (Uninterrupted Power Supply) on all of my computers, servers and networking equipment in my office and workshop for several reasons. If you’ve never heard of a UPS before, essentially it’s a battery device that conditions the power to your computer and protects it from surge, spike and total power loss from grid power. In addition many UPS devices have inputs and outputs for phone or modem equipment protecting them from lightning strikes on the grid.

It wasn’t until I had an electrician at my offfices one day that he plugged a metering device into my mains power to show the spiking of power through the wall plugs that I realized how much variation there is in power output from the grid.

It’s a fact that computer equipment does not like fluctuations to power like this and of course total loss of power can render computers and other items completely dead. The added bonus of using a decent quality UPS on your desktop PC is that during a blackout you can continue with what you are doing for sometimes hours without issue. The software that comes with the UPS is designed to shut the computer down in a normal manner once the battery is depleted to a pre-configured percentage.

I use a UPS on all my devices because summer in Queensland can see the grid act like a yoyo with surges and black outs, they are a good insurance policy for expensive technology such as PC’s and digital devices. Personally I have 3 Powerware 1500VA, 900 watt devices, my office device powers my PC, monitors and Modem and will last over an hour during total loss.

5110-800x700-300x262