Security Bytes – Sept 2012 – BYOD to work
This month I am addressing the concept of BYOD (Bring Your Own Device) to work and how it can help / impact you daily life at work. Technological improvements and modern cloud based business solutions have spawned the need to frequently be in touch with the workplace and people around the world. Many companies have started allowing employees to bring their own phones, tablets and laptops to work with them to be used in a dual role of work and private use. Granted this model does not apply to all businesses, however those that can take advantage of this model can save substantial capital expenditure by leveraging employees own devices; However there is a double edge sword in this scenario.
The employee has to realize that by using their device at work they may be subject to the rules and regulations set forth buy the company’s security policy and that in come cases they may have to surrender their device to the company for “cleaning” before they bring it into the organization or when they change jobs. Also one must take note that many employer hiring contracts have specific writing pertaining to personal devices in the workplace and one must fully understand the implications of such use before they agree to use their own device in the workplace. It is important for an employee to keep regular backups of their device in a safe place to ensure that their personal data is not lost. Also one essentially gives up a layer of privacy when using a personal device at work. Many employers reserve the right to audit personal devices at random, so be careful of those private photos and private text messages! Also in some cases one may be limited to the amount and type of applications they are allowed to install and use on their private phone so that they don’t violate corporate policy.
Security Bytes – August 2012 – Dangers of Social Engineering.
This month I wish to revisit a topic I briefly covered a year ago in my July 2011 article, Social Engineering based attacks. Lately I have seen a dramatic increase in the number of clever attacks that attempt to lead one to click on a link or sometimes even call a number that supposedly “verifies” the source of the email and then instills a sense of trust so that the user will then complete the attack and click on a malicious link.
I will preface this by saying that this method of attacks will work on almost any operating system even if all the latest security patches are applied. These attacks count on the fact that people can be manipulated into trusting someone they would never normally trust. The most disturbing thing about such attacks is that usually once a machine is compromised it is very difficult to detect the attack and is also difficult to remove the cause of the intrusion. Most of the time the attack comes in the form of an Email or instant messaging link that asks you to click HERE to download or follow a link. The whole key to the process is clicking on the link to make something happen. In some cases there is an attachment with a .ZIP file that can be clicked on and opened. By doing so it actually starts the installation process of an application that is usually malicious in nature. I have seen carefully crafted emails and web links that actually impersonate websites that we frequent every day such as, Google web mail, Facebook, UPS, FedEx and to mention a few. Many times the falsified sites look the same as the real ones, which makes it easy for one to get fooled in to following the link and falling into the trap. Once the process has started it just takes a few seconds for the trap to be sprung.
Security Bytes – June 2012 – Device Security in the workplace
This month I wish to focus on the topic of bringing your device to work and the implications that has to your overall security. Many employers are changing their strategies to save costs and allowing employees to BYOD – Bring Your Own Device to work. While this will save costs, it also introduces a possible IT nightmare with regard to managing and securing these devices. Also in the past 2 months there have been increasing instances of new SMS based attacks that also have proven to be a new way to cause problems.
These new SMS based attacks count on the end user clicking on a link they receive as a text message from either someone they may know or addressed as coming from the wireless data provider they use. Once again I have to focus on the Social Engineering aspect of this. We all seem to “trust” our mobile device’s text messaging and rarely ever questions the
Security Bytes – July 2012 – Warning Signs of a slow computer!
This month I wish to focus on an issue that is a frequent complaint I encounter.
“ My computer is slow and I don’t understand why?”
This symptom can be the result of many issues ranging from innocuous causes over time to sudden changes where virus / malware can be to blame.
For Windows users, depending on the type of user there can be several reasons for the slowdowns. If you use your machine simply for Internet browsing and email you may have issues with tracking cookies and spyware slowing down your system. If you are a power user that frequently installs / uninstalls software, you may have issues from the system registry (windows way of keeping track of software) not being clean. Also another growing cause if issues are the deceptive emails that come in to your inbox and trick you into clicking on a link which can not only cause you to divulge information but may also install software that can compromise your machine.
“What can I do to fix these issues?”
Security Bytes – May 2012 – Tax Time Scams
In recent days, the news media has been talking about people getting scammed by people that manage compromise their personal information and thereby re-direct their tax return money to someone else. The criminals that execute these crimes know that people want to ensure they get their tax return on time and that people in general will do almost anything to get their hands on their return as soon as possible. This topic directly relates to my July 2011 article on Social Engineering and emphasizes why one must be vigilant about their private information.
So how does someone get his or her hands on your tax return money? In one case someone set up a job search site that asked applicants for their personal information in order to pass job-screening procedures. Once they harvested this personal information they would steal the identity of people that they thought may be ripe targets and then submit a change of address with the IRS. The problem here lies in the fact that once your personal information is given out it is very difficult to control how it is used or misused. Also many people were duped into believing that an email from the IRS asking them for personal information in order to expedite their tax returns was a legitimate email from the IRS.