Entries in Password Security (7)

Tuesday
Mar262013

What do I do if I think my computer has a virus?

There are many schools of thought on what to do if you computer gets a virus, here are the steps that I suggest you follow.

1) Stop all network access.  This means, disconnect form any network connection, including the internet.   This means disconnect any network cables, wireless, or other network connections.   This ensures that if there are any viruses that are dependent on network connections, their capabilities are restricted.   Furthermore you then prevent propagation to other networked computers. 

2) Document what you saw that made you suspect that you have a virus.   This includes the way the computer operated, any screen warnings, pop ups, or any antivirius warnings.   The better the detail, the more effective the response to the virus based on researching the root cause 

3) Shut your computer down.   Depending on the type of virus, the longer you leave your computer on, the more severe the damage. Shut down as soon as possible.

4) Verify your back up, have your system restore disks, and software installation disks.   Again depending on the type and severity of the virus, the system might not be able to be recovered without formatting and reinstalling the operating system.   If you do not have back ups, system restore disks, or software installation disks, a different strategy, more costly,  might have to be used in order to recover your system and its files. 

5) Attempt a virus removal on your own, or contact Collaboration Lab for virus removal.   We offer a free 15 min. estimate, so if you are hesitant about cost we can give you not to exceed estimate before starting. 

One other point, it is a good idea to change your passwords that were used on that computer.   Again, dependent on the type of virus on the computer there is a possibility that you passwords have been compromised.  Better safe than sorry. 

If you have any questions, feel free to comment or contact me. 

Thursday
Feb072013

Red Team USA Cyber Security Workshop for Lawyers

"Law firms are a very attractive target for cyber attacks by anyone seeking sensitive information," says Bradford A. Bleier, Unit Chief, Cyber National Security Section, FBI Cyber Division.

Today, Every Law Practice is “A Cyber Security Risk.” High Costs Can Result From Failure To Implement The Recent ABA Client Confidentiality Rules & Cyber Data Protection.

Today’s Cyber Criminal designs programs to attack and steal from specific business types. Law Firms are no exception, in fact, they are prime targets for a Cyber Security attack.

Data breaches, privacy infringements, and theft of intellectual property or other sensitive organizational data come at a tremendous cost. Some government reports estimate that cyber breaches cost the U.S. economy over $1 trillion annually. Businesses that are victimized by Cyber Intrusions risk significant liability in fines, penalties, and damages.

This workshop examines the potential legal liability for data breaches and not implementing state-of-the-art cyber security protection:

- In today's world what are "reasonable" efforts when it comes to preventing disclosure or access to client information.

- Do I notify all my clients that we've had a security breach of our network?

- One of our associates loses his USB thumbdrive - does that constitute a security breach?


Discussions: Are you using Cloud services or thinking about it? Do you use mobile devices? Who has access to your network? Do you and your clients send sensitive attorney-client privileged information back and forth over regular email? Do you know how easy it can be compromised? What are your ethical and legal duties to protect client-confidentiality when using technology?

 

Presenter: David Willson

JD, CISSP, Security+

Titan Info Security Group

(A Cyber Security Law Firm)

What You'll Learn:

- Overview of threats and vulnerabilities to data in 2013

- Ethics Rules for Lawyers and the Use Of Technology - Rule 1.6 (c)

- When does a breach of security fall under CRS 6-1-716

- How data is lost or stolen

- How to better protect client confidentiality and sensitive

- Ethics: 1 CLE hour

- Cyber Security General Education: 1 CLE hour

 

Presenter: Nick Krut

MSEE, CNE, CSSA

Cyber Security Scientist

Red Team USA

(A Cyber Security Firm)

CLE Cyber Security for Legal Professionals:

Join us for our Lunch & Learn Workshop February 12th

Presented by the Red Team USA Advisor Group

Click Here to Register February 12 - Limited Seating


Where: Red Team USA Conference rooms

4155 E. Jewell Ave, Denver 80222

When: Feb12, 11:00 – 1:00

Price: $75

Lite Lunch is served along with water, tea & coffee

Click Here to Register February 12 - Limited Seating

Monday
Jan282013

Parental Controls can help

If you are a Windows 7 user one of the great tools that you have access to is Parental Controls. Parental Controls is a tool built into Windows 7 that allows you to restrict program use, monitor time online, and limit the type of content that the child can view.

Now even if you do not believe in limitations, or monitoring, one good point to think about is the program access restriction.

Approximately 2 in 5 of all major virus infections that I work on are a result of a child, spouse, or friend downloading a program that hey should not have, thus resulting in a damaged computer. With the restrictions that Parental Controls imposes this stops this issue cold.  So, even if you are weary of keeping a close watch on your child's activities, you may still want to look at restricting program access, and the ability for users other than the Administrator to install programs.

To find out more, here is a link to Microsoft with more detail on Parental Controls, 

Parental Controls

And if you are not inclined to read, here is short video, 

Using Parental Controls

Monday
Dec032012

Avoid the tech support phone scam

If someone calls you and says you have a virus / malware on you computer, it is probably a scam.    A recent experience has led me to this blog post,  and the importance of pointing out that this scam becoming more common.   

This scam can be one of the most damaging, here are some great tips from the FTC, 

If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.

Keep these other tips in mind:

  • Don't give control of your computer to a third party who calls you out of the blue.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they're not even in the same country as you.
  • Online search results might not be the best way to find technical support or get a company's contact information. Scammers sometimes place online ads to convince you to call them. They pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company's contact information on their software package or on your receipt.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.
  • If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you're concerned about your computer, call your security software company directly and ask for help.
  • Never give your password on the phone. No legitimate organization calls you and asks for your password

Here is a direct link to the FTC article, Tech Support Scams

For further information, here is a good bulletin from Microsoft, Avoid tech support phone scams

As always if you have any questions, feel free to give me a call. 

Thursday
Nov152012

If your password is on this list...

Change it now!

 

Presenting SplashData’s “Worst Passwords of 2012”, including their current ranking and any changes from the 2011 list:
1. password (Unchanged) 
2, 123456 (Unchanged) 
3. 12345678 (Unchanged) 
4. abc123 (Up 1) 
5. qwerty (Down 1) 
6. monkey (Unchanged) 
7. letmein (Up 1) 
8. dragon (Up 2) 
9. 111111 (Up 3) 
10. baseball (Up 1) 
11. iloveyou (Up 2) 
12. trustno1 (Down 3) 
13. 1234567 (Down 6) 
14. sunshine (Up 1) 
15. master (Down 1) 
16. 123123 (Up 4) 
17. welcome (New) 
18. shadow (Up 1) 
19. ashley (Down 3) 
20. football (Up 5) 
21. jesus (New) 
22. michael (Up 2) 
23. ninja     (New) 
24. mustang (New) 
25. password1 (New)

 

Now with that being said, here is a link to a article that help you make better passwords.

How to Devise Passwords That Drive Hackers Away

I agree with the article with the exception of the discussion on Password Managers.   The major issues with passwords on devices has been addressed with furhter encryption and changing the way that they are stored on the device, but with this being said, be cautious.