We found this list of questions (and their answers) on Entrepreneur.com and felt it would be useful for our clients.

Cybercriminals are increasingly preying on small businesses, which often lack the expertise and resources to adequately protect themselves. Last year, companies with one to 250 employees were the victims of more than 30 percent of all cyber attacks, according toSymantec’s 2013 Internet Security Threat Report. That’s a threefold increase since 2011.

But your company doesn’t have to be vulnerable if you simply take some basic protective measures. Here are 10 key questions to ask when securing your company from cybercriminals:

Read more: http://www.entrepreneur.com/article/226456#ixzz2U5BoG1Vt

1. Should I install antivirus software?
2. How should I handle suspicious emails from known and unknown senders?
3. Whom should I allow access to my company’s critical data?
4. Should I use a firewall to protect my company’s internet connection?
5. How often should I back up essential company information?
6. Should I use data encryption?
7. How should I communicate company cybersecurity policies to employees?
8. How can I secure my Wi-Fi network?
9. How can I secure company mobile devices?

(The article headline says “10 Questions” but actually skips #3 completely…)

-wim

If you are in the habit of using passwords like 'password', 'qwerty' or '123456', you may be helping hackers and online thieves steal your data. Security experts have compiled a list of the 25 most common passwords – passwords that you should avoid.

If you think using 'password' as your password is no big deal, then it's time to rethink.

Security experts have recently compiled a list of the worst passwords users can choose, and 'password' is at the very top of the list. Weak passwords make your information more vulnerable simply because hackers can guess them. It may be easier to pick a password that you don't have to think about, but it's a choice that you may come to regret.

To help you avoid common password choice mistakes that users make, management application provider SplashData has compiled a list of the 25 worst passwords to use:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Make a smart password choice Experts advise using a combination of letters and numbers when creating your passwords, and to avoid things that anyone might be able to guess, such as birthdays and anniversary dates. Passwords with eight characters or more are safer and it's best to use different passwords for different accounts and websites. Use a password manager to help you keep track of all of your passwords if you're finding it difficult to remember them all..

No matter how sophisticated your security system is, a weak password gives hackers and online thieves an advantage. Helping all the users in your organization understand the importance of password strength will help you secure the IT systems in your organization.

If you're interested in learning more, please contact us so we can develop a comprehensive and custom security blueprint that meets your specific needs.

Reference: Worst Internet Passwords

A joint operation between the United States Federal Bureau of Investigation (FBI), authorities in Estonia, and IT security firm Trend Micro recently put down a massive bot network that victimized an estimated 4-5 million users around the globe.

Four million is a big number – which makes four million bots, in security terms, a staggering and frightening number as well.

It is a good thing, then, that four million is also the number of bots taken down in a recent bust by the United States Federal Bureau of Investigation, the Estonian Police, and security firm Trend Micro. Data centers in New York City, Chicago, and Estonia were raided by authorities, shutting down hundreds of servers used to create a network of bots that spanned some 100 countries.

The said bust, dubbed “Operation Ghost Click”, is one of – if not THE – largest cybercriminal bust in history, putting to sleep a sophisticated scamming operation that victimized 4 to 5 million users and was said to have generated at least $14 million in illegal revenue.

The scam mainly involved hijacking Domain Name Server (DNS) settings in infected computers, which can be used not only to introduce more malware into an IT system, but also to hijack search results and replace advertisements loaded on websites visited through an infected computer.

While this bust does bode well for all IT users everywhere in the world, it also illustrates the scope of influence and level of organization behind security threats. Since this is probably not the only scam / fraud / botnet operation in the world, it is always best to have a comprehensive security policy for your IT infrastructure to minimize the risk of compromising your company’s data and information.

For more details on the bust, check out Trend Micro’s blog post here.

With mobile devices becoming more accessible, many are finding it more comfortable and more productive to use these devices not only for personal purposes, but also for work. This may seem to be a good thing initially, but it also means that you have less control over the way these devices access your IT system. The best thing to do is to have a good IT security policy in place to make sure that important company data is not compromised.

As technology continues to become more affordable and accessible to consumers, it's an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company's IT system.

This can be a dangerous thing. Since these devices aren't company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It's important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data's security. Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don't forget that while Android seems to have a bigger problem with malicious software, Apple isn't exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data. If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don't hesitate to give us a call so we can sit down with you and discuss a custom security blueprint that's just right for you.