Malware On The Rise
Reuters recently published an article claiming that malware has hit an all time high. They state that McAfee, the number two security software provider, found that malware reached a new record in the first half of 2010. Malware is software code that, when introduced into a system, can hack the computer, steal passwords and identities, and reap havoc on system performance.
McAfee says that 10 million new pieces of malicious code have been catalogued. What is most noteworthy of these findings is that Mac systems are becoming increasingly vulnerable to attacks. Apple users tout that Macs are virtually “insusceptible to viruses,” however as Macs continue to increase their market share, their vulnerability is also rising.
Android Antivirus
In similar news, the first Trojan has been reported on the Android Operating System for smartphones. The malware poses as a media player and once installed on the phone, sends text messages to premium text numbers inadvertently charging the user. Hackers are usually on the receiving end of the text messages, and thus profit from the rouge SMS messages.
According to the article, posted on Mashable.com, Kaspersky Labs is in the process of developing a mobile antivirus application for Android phones, due to be released next year.
The Bottom Line
You need to take precautions. Whether you are dealing with your personal computer or your organization’s infrastructure, steps need to be made to make sure your system(s) are secured.
Basic necessities include using a firewall, password protecting your WiFi, and having an up to date antivirus system installed (including Mac systems).
Additional steps, such as security assessments and security audits can be performed to make sure your organization isn’t vulnerable to outside attacks.
Most importantly, self monitoring is the key. Be sure to stay away from sketchy websites (including those not suitable for the workplace) and making sure you only download files from people or websites you know and trust.
Protecting Your "Social" Security
Your organization's cloud (whether it is private, public, or hybrid) is safeguarded by intruders through the use of firewalls, VPNs, SSL encryptions, and other security measures. However, what does a company do if proprietary information is used or misconstrued - that is information that was voluntarily released onto the world-wide-web? I'm talking about social media, where the world is a conversation.
In this day and age when everyone and their grandmother (literally) are hopping on the social media bandwagon, privacy regarding personal data on these websites is becoming an increasing issue. With super-platforms such as YouTube, Facebook, and Twitter, everyone is buzzing - but forgetting that what they are talking about not only is broadcast globally, but if in the wrong hands, can be dangerous.
Recently, Facebook has come under fire due to an application vulnerability that would allow hackers to link users to malicious websites. A recent article from PC World noted that the flaw could make users private data public domain. Then again, how strict can privacy settings be for information that users are willingly posting to the web?
The solution - make sure your organization has a social media policy in effect. It doesn't have to be anything fancy (i.e. written by an attorney, notarized, and framed in the office). Rather just a few bullet points added to the employee manual or posted to the organization's wiki or work server.
Some common areas employees should be notified of are:
- Tweeting about projects not yet publically announced.
- If the company hasn't officially announced it, don't talk about it.
- Complaining about a co-worker or boss in your Facebook status.
- Not only is it disrespectful (save it for when you are home and want to vent to a significant other), but it is bad PR for your organization if employees are updating their news feeds with slander.
Another safeguard employees can use is to check their privacy settings on their personal Facebook pages to make sure they aren't letting their personal information outside of their own networks.
Here is another great article from PC World that instructs users on how to scan their own Facebook profiles for vulnerabilities.
Employees are allowed to have social lives, they just have to make sure their personal and professional Tweets/Posts/Blogs are thought out before they are released into the cloud that is the internet.
IT Security Tips for Computer Applications
Update your software:
All current Microsoft operating systems come configured to perform automated updates. However, most of the applications that are installed on your computer do not. Keep in mind that every application you use poses a potential risk that could allow an attacker to gain access to your system or information. So, configure your software to check for updates frequently. If it can’t be automated, make sure you check for updates to your software. Whether it’s Adobe Reader, Apple iTunes, Sun Java, Mozilla Firefox, or the latest video game, new vulnerabilities are constantly being discovered and patches are routinely being released. Update everything and update frequently.
If you don’t need it, uninstall it:
Every application you have on your computer represents a potential vulnerability, or a way for an attacker to gain access. Consider your computer to be like a house and every application is like a window. When an application is vulnerable, it’s as if the window is open, allowing attackers easy entrance. Even when the window is close, i.e., the application is patched, the attacker can clearly see the window and can work to find a vulnerability that will open it up. If you don’t need an application, you should uninstall it. This is like removing the window and walling it in; there’s nothing there through which an attacker can even try to gain access.
Written by:
Ben Howard - MCSE, Security+, CCNA Security, NSA 4011
Senior IT Associate
NSK Inc.