Between the discovery of the Heartbleed SSL exploit and then remote execution exploit discovered in Microsoft’s Internet Explorer, you would be excused if you felt a little uneasy about your security online.
Just to recap, Heartbleed was a fault discovered in the OpenSSL software which is responsible for creating securely encrypted connections between your computer and a secure website (the ones with HTTPS / padlock symbol). This exploit allowed hackers to decrypt the conversation between your computer and a secure website. Lots of common websites were discovered to be susceptible, as well as a lot of hardware devices that rely on the SSL technology.
If you haven’t changed your passwords – HURRY UP AND DO IT!
Then there was a bug found in Microsoft’s bundled web browser, Internet Explorer, which allowed an infected website to run software on your computer without your permission! This little creep was patched by Microsoft in under a week after it was discovered, however the potential damage to un-patched computers is catastrophic!
So what can you do to try and safeguard yourself and your business from potential threats? I’m glad you asked!
#1. Keep Your Software Up To Date
I’ve said this before, and I’ll say it again, make sure you keep your computer software up to date. Ensure that all system patches for Windows, Mac, iOS, Android, whatever, are run frequently (minimum once per week).
Don’t run old versions of software to “save money”. Within reason, if there’s a new version of the product your business relies on, make sure you upgrade to it as soon as feasible. (Upgrading MYOB just before end of month, or end of financial year processing is a no-no, but after your accountant has closed the books for the year, it’s a good time to roll the file forward and upgrade to the recent version.)
#2. Install a Good Anti Virus and Anti Malware product
Even if you’re a Mac user, you need to protect yourself. It’s a load of rubbish that Mac’s don’t get viruses. In fact, as a result of this little myth, virus writers are working hard to target all you unprotected Mac users – so don’t be caught out!
According to www.av-comparatives.org, Kaspersky’s anti-virus products have been top ranking for both Mac and PC most recently, with BitDefender, AVIRA and ESET all highly regarded.
Two great anti-malware products for PC are MalwareBytes and HitMan Pro – both of which can be run in free/trial mode (though you should purchase if using commercially!).
#3. Install a “Unified Threat Management” (UTM) Firewall
The modem/router your internet provider supplied you, or you picked up from Harvey Norman, is what we consider a ‘dumb’ device. Yes it blocks traffic from the internet, but that’s about the most it does.
Modern UTM firewalls intelligently scan every piece of data that goes through it for viruses, malware and known exploits. We use and recommend Cyberoam’s devices, but there are plenty of good, affordable devices out there that won’t cost you an arm and a leg – and will definitely help you add that ‘extra layer’ of protection to your business network.
As a matter of interest, within hours of both the Heartbleed and Internet Explorer security holes being announced, Cyberoam had updated their ‘Intrusion Detection System’ (IDS) filters to detect this problem and block connections to compromised websites and devices.
Of course it’s one thing to install one of these devices – they need to be properly setup and maintained to ensure they are actually protecting you!
#4. Backup!
Disasters can and will happen, irrespective of how much protection you put in place.
Make sure you implement at the least a daily backup regime where your business critical files are stored at an offsite location. And make sure you perform a monthly ‘fire drill’ to make sure you can actually recover those files in an emergency!
#5. Don’t be an Internet n00b!
A “n00b” (pronounced new-b) is a newby, or someone who exhibits uninformed behaviour or skillsets.
The Internet is a powerful tool, but it’s also a world full of people trying to infect your computer, hack into your network, and generally cause you unnecessary pain and heartache.
Be careful what you click. Use your work computer for “business purposes” only. Keep personal “surfing” to your home computer or tablet. If you take your laptop home, don’t let other members of the family use it (get a dedicated ‘home’ computer – it doesn’t have to be expensive!).
When you’re travelling, don’t sign on to “free WiFi” services without scrutinizing the legitimacy of the service first. Hackers can, and do, setup copy-cat wireless services in an attempt to trick people in to signing onto their services, allowing them to then capture your account details, or infect your computer, whilst you sit there unknowingly use the ‘free’ service.
Have a technology related question? Either post in the comments box below or drop me a line.
First published in the Gold Coast Medical Association’s “Medical Link” magazine, June/July 2014 issue.
Discussion
No comments yet.