Posts Tagged ‘malware’

Keep Your Business Safe From Security Attacks

Thursday, February 10th, 2011 by jrajani

95,000—that’s the number of malware pieces analyzed by SophosLabs every day in 2010, nearly doubling the number of malware pieces we tracked in 2009. This accounts for one unique file every 0.9 seconds, 24 hours per day, each day of the year. It’s a clear sign that the malware threat continues to grow at an alarming rate.

To defend against these attacks, organizations and users must strengthen their defenses and get proper malware protection in place.

Cyber attacks can happen to anyone. Our job is to make it as difficult as possible for someone to attack you and your company. With your help, we can become much less attractive targets.

Follow these rules to help you and us prevent any nasties from getting in:

1. Don’t be tricked into giving away confidential information
Don’t respond to emails or phone calls requesting company confidential information – including employee information, financial results or company secrets. There is nothing easier for someone who wants unauthorised information than to call us up and pretend to be an employee or a legitimate user of this information. Keep on guard about these types of tricks to avoid falling for a scam, and report any suspicious activity to IT.

2. Avoid using an unprotected computer – is the computer you are using secure?
If you access sensitive information from a non-secure computer, like one in an internet café or a shared machine at home, your might put the information you are viewing at risk. Ensure your company is running the latest approved security patches, anti-virus and firewall. Also be sure to work in user mode, rather than administrator mode, where possible.

3. Don’t leave sensitive info lying around the office
Don’t leave print-outs containing private information on your desk. Lock it in a drawer or shred it. It is very easy for a visitor to glance down at your desk and see sensitive documents. Keeping your desk tidy and documents locked away not only makes the office look more organised, but reduces the chance of an information leak.

4. Lock your computer and mobile phone when not in use
Always lock your computer and mobile phone when they are not in use. You work on important things, and we want to make sure they stay safe and secure. Locking your phone and computer ensures that your data and contacts stay safe from prying eyes.

5. Stay alert and report suspicious activity
Always report any suspicious activity to your IT team. Part of their job is to stop an attack from infiltrating the company. In the horrible situation that something does go wrong, the faster IT know about it, the faster they can deal with it and close down the leak.

6. Password-protect and encrypt sensitive files and devices
Always password protect and encrypt sensitive files on your computer, USB, smart phone, etc. Losing items like phones, USB keys and laptops can happen to anyone. While we all want to look after our belongings, things sometimes get stolen or misplaced. Protecting the data on the system with encryption and passwords means you make it incredibly difficult for anyone to break in and steal data.

7. Always use difficult-to-guess passwords
Many people use obvious passwords, such as “password”, “cat”, or obvious character sequences on the Qwerty keyboard, like “asdfg” and “12345″. It is much wiser to use difficult-to-guess passwords. Include different letter cases, numbers, and even punctuation. Try to use different passwords for different sites and computers, which means that if one gets hacked, your other accounts are not compromised.

8. Be cautious of suspicious emails and dodgy links
Don’t let curiosity get the better of you. Suspicious emails and links should be deleted. Even opening or viewing these emails and links can compromise your computer and invite in an unwanted problem without you even noticing it happening.

9. Don’t plug in personal devices without the nod from IT
Don’t plug in personal devices like USBs, MP3 players and smart phones without permission. These devices can be compromised with code waiting to launch as soon as they are plugged into a computer. Talk to IT about your devices and let them make the call to keep you and your computer safe.

10. Avoid installing unauthorised programs on your work computer
Don’t install unauthorised programs on your work computer without permission. Malicious applications often pose as legitimate programs, like a game, a tool and even anti-virus! They aim to fool the person into infecting their computer or network. If you like an application and think it will be useful, contact IT to look into it for you.

Source: Sophos

Tags: , , , ,
Posted in Security, internet | No Comments »

Web Security Threats and Solutions For Combating Them

Thursday, September 16th, 2010 by jrajani

Included below are the most common form of attacks that have been identified by webroot that both individuals and businesses should be aware of followed by solutions to thwart such viruses and malware from infecting your IT infrastructure.

Threats:
Malware, viruses and spyware.  Email viruses and malicious code continue to be a potential problem, but more of a risk today is that of spyware downloaded from the Web, which can be used to track the activities of the user to act as a host for sending out Spam emails or denial of service attacks on Web sites, or to serve as a relay point to infect other computers.

Web page drive-by infections. Malicious content can be picked up even from legitimate sites, if these have in some way been hacked. Such code can then infect a desktop computer without any indication, just by visiting the site.

Social engineering and fraud. In these attacks, a Web user is duped into doing something that will open them up to risks. Social
networking has made this easier than ever, bringing many more people into potential conversations with Web-based strangers.

Misdirection and phishing. This is where fake Web sites are set up to look like the real thing in an effort to get financial account information, social security info, credit card numbers, and so on. A user may be directed to a phishing site via email, another site and other avenues.

Denial of service and botnets. A denial of service attack may be launched on a corporate or governmental Web site, either for
extortion, or simply because of a difference in beliefs: the goal is simply to shut the site down, at least for a period of time.
 

Potential Solutions to Threats:

Gateway Security. While desktop protection is an absolute necessity, utilizing edge- or gateway-security threat protection prevents malware attacks at the network perimeter. The perimeter is also a logical place to check for confidential company data leaving the organization.

Endpoint Security. Securing a corporate network with industry-leading corporate antivirus, antispyware & malware protection is vital. Compare endpoint security software and find a solution that fits your needs

(SaaS). Software-as-a-service-based security applications offer protection by blocking threats “in the cloud,” away from your network. There are no software or hardware purchases, no single-point-of-failure risks, and no unexpected outages and
replacements.

Tags: , , , , ,
Posted in Security | No Comments »

Web Threats? There’s an app for that

Thursday, June 3rd, 2010 by jrajani
Threat Watch App

Threat Watch App

Threat Watch app

Threat Watch app


Trend Micro has released a free app for the iPhone, iPod touch and the iPad in the Apple app store. The app gives users access to breaking news about newest viruses, cybercrime information and related topics. The app gives a link to the Trend Micro resource center and provides tips on online safety and threat prevention.

Key features include:

Access to Trend Micro blogs, including the Trend Micro Malware Blog with information on the latest threats.
Access to TrendWatch, the Trend Micro threat-resource center that keeps users informed on the current threat activity and provides
free security tools.
Breaking threat news delivered right to the user’s device; a small, on-screen banner alerts the user when there is a new threat or vulnerability.
Direct access to educational videos on Internet threats and the threat landscape.

Lastly, Trend Micro also offers the Trend Smart Surfing for iPhone and iPod touch, which was first introduced in 2009. This app is part of the smart protection network infrastructure which blocks malicious websites which can potentially steal confidential and personally identifiable information. The network is designed to work in the cloud and provides real time protection from malware and related melicious attacks.

Tags: , , ,
Posted in Security | No Comments »