[this post is from Scott Ledyard, a Nerd in Cincinnati, USA)

There seems to be a bit of concern that Google is recording search history. Now that Google is changing their privacy terms, this is becoming a new topic despite the fact that they’ve offered search history for some time.

It’s been my experience setting up Google Apps for Business that this service is turned off by default, but I suppose that could vary. My personal preference is to leave it on, as I find it useful for later research.

Anyway, it’s quite simple to turn this off for your Google Apps domain. Go into your domain management menu. Lately, this can be the biggest challenge as they’ve moved this around. It’s in the SECOND gear icon.

Then go to Organization & users, and finally the Services tab.

Scroll down, and you’ll see the Web History where you can turn it off, or on.

if you want to see what your Google Search history has been, visit https://www.google.com/history/

[this post is from Ben Wiper, a Nerd in Nova Scotia, Canada]

If you’ve been following the news lately, you have no doubt read about the ongoing legislative battles between internet users’ rights to privacy and protecting intellectual property being waged in Canada, USA, and other countries across the world.

Some of the recent attempts to diminish online privacy will affect you directly if passed. If these bills become law, many online activities that many of us take for granted will suddenly become illegal and you may not even be aware of it.

SOPA   PIPA   ACTA   Bill C-30 (Each link goes to corresponding Wikipedia page)

One side effect of a number of these bills – if they become law, is that you or your business can be held  liable for the content transmitted over your network.  For example, if you have a wireless network without a password and somebody uses it to share music illegally or to visit questionable websites, you or your business could potentially be liable for that act.  One way to guard effectively against unwanted traffic and content on your network is to use Content Filtering by OpenDNS.

OpenDNS allows you to filter up to 26 individual categories of web site content including alcohol, drugs,  pornography, social media and more.  The great part is that you can create a bypass code that allows people at your home or office to bypass the filter.  For example, you may filter out social media sites, but want to visit Twitter yourself.  Using your username and password, you can access blocked sites on an individual basis.

Anonymous Browsing
If you are concerned about your online privacy, Nerds can implement many solutions to allow you to surf the internet anonymously, and reduce the risks of being tracked by various websites. We can assist you in protecting your right to privacy and security online.

Do Not Track Plus
DNT+ is a free plugin for modern browsers.  It finds and blocks websites from leaking your information to partner sites, with Facebook being one of the biggest violators.  In less than 4 hours I had 117 DNT+ blocks for leaks of my browsing habits to Facebook.  Please note that websites may load a little slower when using DNT+, particularly those that “leak” a lot of your online activity, like Facebook.

Private Browsing
Most modern browsers support “In-Private” browsing which provides a decent level of privacy however you will probably have a number of your favourite web sites that either don’t work properly, or don’t load at all.  For more details: Internet Explorer Firefox Chrome Safari

What tools do you use to protect your privacy online or to browse the internet anonymously? We encourage you to share your thoughts in the comments, or send us a message on our Nerds on site Facebook fan page or our Nerds on Site Twitter!

[this post is from the SME section of our website.]

If you own and operate a small business, lowering costs is an important part of keeping your company in the black. Cutting costs on your IT budget could inadvertently compromise your company’s security. Even though small businesses may not have all of the resources that large corporations do, they are still just as vulnerable to the same security threats. Here are ways to help secure your small business:

Purchase Anti-virus Software

Every computer is vulnerable to the wide variety of viruses, trojans, and worms that are on the Internet. These malicious software programs can do anything from damage your computer and files to steal your password and other important information stored on your computer. Purchase a good anti-virus software program and make sure that it is always up to date. Also, check to see that your anti-virus software checks for spyware, adware, and any other type of malware that could be hiding on your computer.

Avoid Phishing Emails

It is important to discuss with your employees the importance of not opening spam email, attachments or forwards that could possibly contain viruses. Make sure that your email has a filtering system that helps to filter out spam and other malicious email. Responding to phishing emails can be another costly mistake. Phishing emails are disguised as legitimate emails that then request login and password information. Changing passwords monthly can help to lessen the damage should an employee accidentally respond to a phishing email.

Minimize Damage From Dishonest or Disgruntled Employees

It is often difficult to predict if one of your employees will become disgruntled or dishonest, but you can put some safeguards in place to help minimize the damage should you find that you have one. Thoroughly screen your employees before hiring them, especially if they will have access to any confidential or financial company information. Limiting the number of employees that have access to this confidential information and changing your company passwords often can help to prevent former employees from accessing company computers.

Secure Your Wireless Network

Make sure that your wireless router is encrypted, and that your business is using WPA2 wireless security. A firewall is another important key to protecting the security of your small business. A firewall will allow access only to authorized users while blocking unauthorized access to the computer.

Have An Internet Use Policy

Aside from the obvious lack of productivity that personal Internet use can cause for your business, it can often be too easy to click on websites that contain malicious software that could easily infect your company computer and shut your system down temporarily or even permanently.

Avoid Having Everything on One Computer

Purchasing computer equipment is costly, so many small businesses will try to get away with fewer computers in order to save money. If you have your financial information on the same computer that your employees are accessing their company emails, you could risk losing everything that is vital to running your business should an infected email slip through.

Have a Data Backup System

Be sure to have some type of data storage and backup system in place in the event that your current system goes down. Having all of your files readily available to you in case of an emergency can ensure that your business will retain customers and continue to run smoothly no matter what the disaster.

Minimize Damage From Stolen Equipment

It difficult to prevent break-ins or equipment from being stolen from your home or office building, but you can have some security by ensuring that all of the information on your computer is encrypted and password protected.

Trying to scrimp when it comes to your small business’s computer security can be a costly mistake. Arm yourself with the knowledge of what your business could be up against and take steps towards prevention. The investment will give your company the security necessary to keep your information secure

[this post is from Dennis Houseknecht, a Nerd in West Virgina]

According to a recent study from Cisco:

“After the 2010 cybercrime turning point, when spam levels started to decline for the first time, this trend continued throughout 2011, a trend, according to analysts, can be explained mainly by several key botnet takedowns throughout the last two years. However, the number of vulnerabilities increased; there are fewer widespread attacks but greater numbers of smaller, more focused attacks.”

- The “good news”: there has been a significant reduction in unsolicited bulk spam
- The “bad news”: because cyber criminals have figured out that the ROI on bulk spam has gone down as users, especially business users, become more aware. The trend is now TARGETED spam – which provides a greater ROI for criminals. Targeted attacks are more dangerous and are INCREASING.
- The “more bad news”: Younger employees have a more cavalier attitude toward IT policies – 7 out of 10 “frequently ignore IT policies”.
- The “the worse news”: 1 out of 4 of these young employees is a victim of identity theft before the age of 30. That is a stunning statistic, and one that should get the attention of employers.

You can read more in this Business Day article.

You can read the Business Day article at: http://www.businessdayonline.com/NG/index.php/markets/companies-and-market/32587-mass-spam-declines-targeted-attacks-on-the-rise-cisco-warns

If your business offers unfiltered access to the Internet, chances are there are minutes or hours in the day where non-work activity takes place. Some employers have a work environment where this unchecked and unfiltered state is actually part of a morale of trust and confidence that the staff will get the work done even efficiently and keep a high level of productivity.

Two weeks ago we offered a free trial of a Unified Threat Management appliance to this client of ours at an insurance brokerage of about 15 staff. They had operated without any filters for many years and wanted to at least know what was happening. So we followed these simple steps to allow for a smooth transition and to keep everyone aware of upcoming changes.

Step 1 – Have an Acceptable Use Policy written and signed off

An Acceptable Use Policy – AUP – serves the purpose of making sure all staff know what is acceptable at the workplace, and what isn’t.

Step 2 – Implement a Unified Threat Management Appliance in Monitoring mode

An appliance can be installed at your office premises without disrupting any exiting access, and simply give the employers insight into how the Internet is being used throughout the premises.

Step 3 – Apply appropriate filters

This final step should be in complete accordance to the Acceptable Use Policy.

Special case considerations

• Social Media use is often restricted as it is seen as personal and has no role during working hours. However, most businesses now have a legitimate reason and role to play on twitter and facebook to maintain their own business presence.
• Time of Day access. The complete filtering of all social media access may have a negative effect on morale, and some companies choose time-of-day rules to allow social media access during lunch hour, for example.
• Logs may be misleading. If it’s your first time implementing a UTM, you will likely notice log entries of websites being visited, and when confronting said employee/computer, you will encounter denial. This can be legitimate because millions of workplace computers are infected with malware that cause the computers to operate silently under the control of botnets. Protection from web-based viruses, malware and spyware is another strong reason to implement and keep a UTM at every office.

It’s also worth pointing out that 3G connectivity through mobile phones is ubiquitous in many areas of the world. So blocking facebook on the work computer may simply cause the employee to use their own mobile phone instead. This is why an acceptable use policy is important to have in place. Consistent use of a mobile phone also leaves an optic that is not hard to detect by fellow employees and supervisors.

Do you have any specific need you don’t see covered here? Chances are it can also be achieved with a UTM.

[this post is from Dennis Houseknecht, a Nerd in West Virginia, USA]

The Security Corner has been quite for some time. Lots of other things competing for time.

I want to change the focus a bit – to alerting you to the security news that crosses my desk pretty much every day.

For instance, here is one about how children are vulnerable to internet attacks that everyone should read.

Here is an article about “malware” (or “aggressive adware“, depending on who you want to believe) that is of interest to all Android users.

And here is one about personal data as the main commodity of cyber criminals.

Please share this post with your friends and family, as everyone can benefit with knowing about these issues.

[One of our company founders, David Redekop, found this online, and we feel it's important to share it with our readers.]

“A child can now be at greater risk sitting in a bedroom on a computer, than outside the school gates,” the Home Secretary has said.

Theresa May said cyber-crime was a serious problem which caused more losses than burglars stealing televisions and DVDs from homes.

The new National Crime Agency (NCA) would help tackle this and make people “feel safer”, she said.

In a key speech on police reform in central London, Mrs May outlined plans to give communities tougher protection from anti-social behaviour to put an end to the “horror stories” of victims being ignored despite making repeated complaints to the authorities about problem neighbours.

It comes after HM Inspectorate of Constabulary (HMIC) said last week that only a low number of crimes were recorded from anti-social behaviour cases and the identification of repeat, vulnerable and intimidated victims was “poor” at the first point of contact.

Mrs May said: “As well as growing, the threat from organised crime is also changing.

“Increasingly, the biggest criminal losses do not come from the burglar who breaks into houses to steal TVs or DVD players, but from the cyber criminal who raids bank accounts directly.

“A child can now be at greater risk sat in their bedroom on their computer than they are outside the school gates. And given the nature of the criminal threat, it is now no longer possible to keep communities safe through good local policing alone.

“Highly visible neighbourhood policing is vital, but it won’t deal with cyber crime. Arresting drug dealers is important, but it won’t stop the flow of drugs from overseas.”

She went on: “That’s why we need a powerful new crime-fighting force that works across different police forces and agencies, defending our borders, co-ordinating action on economic crime, protecting children and vulnerable people, and active in cyber space. That body will be the National Crime Agency.”

[this post is from Dennis Houseknecht, a Nerd in West Virginia)

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals.  Criminals and security researchers are constantly prodding and testing the code, looking for flaws that can allow a “computer hacker” to take control of a computer or steal valuable data.

When a flaw is discovered, the software vendor issues an “update” or a “patch” to fix the problem.  It is like a recall to replace a defective part for a car.  Failure to apply these updates leaves the system vulnerable to attack or to be compromised, as these cybercriminals use these same updates to reverse engineer ways to take advantage of these vulnerabilities.

Your organization may think “Why would they want to attack us?” We argue – why give them the opportunity, and put your organization at risk?

On rare occasions, an update will cause an unanticipated compatibility issue with a specific application, and the application vendor normally addresses the issue promptly.  The solution is NOT to stop updating the system indefinitely. This WILL leave the system vulnerable, making the entire network vulnerable if infected or attacked.  As a last resort, if  postponing updates is required, it should only be for as short of a time as possible, and the ideal approach would be to ensure that the system that is not updated is not used for other purposes (taken off the network) and not exposed to threats to which is may be vulnerable.

No application is permanently tied to an older version of JAVA, or any other application.  If a JAVA update does cause a problem, it is NOT wise to revert to an older and vulnerable version of JAVA. On very rare occasions, we have seen a situation where a JAVA update causes an application (typically one that is poorly written) to “break”.  In all such cases, the vendor responded by quickly updating THEIR software to be compatible with the new version of JAVA.

We do recognize that applying updates to systems that have not been properly maintained and updated properly may cause some frustrations, inconvenience, and perhaps even consternation, to users who were faced with changes in the “look and feel”, or a change in settings.  However, any problems beyond this are less related to the updates themselves, and more to the lack of proper maintenance or updates to the systems as a whole.

About two years ago, Nerds On Site implemented a strong password policy for all our email users.  Because of todays technology it’s become trivial to “crack” weak passwords, it’s too easy for malicious software and people to take control of email accounts – this means someone could send emails from your account without your knowledge. By strengthening your password, you’re reducing the risk.

It’s easy to reset your password – go to https://mail.nerdsisp.com and enter your email address and current password.  Once you’re logged in, the system will prompt you for a new, stronger password – the system will let you know if it’s a good password or not. Try to chose something that will be easy to remember, or maybe write it down in a safe place (Hint: don’t leave it taped to the side of your screen.)

If you use Outlook, or Mac Mail, or another email client on your computer, you will need to update it to use the new password you’ve just chosen.

To help you with this, here’s a step-by-step video to guide you.

For fun, do you wonder just how weak your current password is? Check out security guru, Steve Gibson’s password tester: https://www.grc.com/haystack.htm.

Remember, strong passwords don’t guarantee that your email won’t get hacked, but it is a big step towards better protection.

Here’s an amusing article about just how weak (and common) some password are: http://www.zdnet.com/blog/service-oriented/security-101-users-still-using-extremely-weak-passwords/8003.

According to a survey conducted by 8e6 Technologies (www.8e6.com), employees are using company computers and resources to conduct non-work related activities.  Some of these activities simply wasting time, but others are malicious, or threaten company security or data.

Here are some of the more extreme cases:

• One employee was caught running a gambling website and acting as a bookie for his co-workers.
• To bypass the company’s web filter, one employee was caught using his desktop computer as an FTP server for the other employees. He had downloaded and saved over 300G of material.
• One employee was busted for giving away confidential information such as price lists, contracts, and software code for application development.
• Another employee was busted for having a side business stealing and selling company inventory on eBay.
• One woman was caught running an online outcall service from her desk.
• One employee was caught renting the corporate IP address to hacker friends to generate DOS attacks.

Although these are extreme cases, many companies have fired employees for violating company policies. It’s much more common than people realize.

As an employer, if you have an Acceptable Use Policy, which is strongly recommended, it must be enforced. Simply having it may not deter employees from finding ways around it in hopes of not getting caught.

There are excellent solutions that ensure that your Acceptable Use Policy is not violated, intentionally or otherwise. these solutions offer web filtering (gaming sites, gambling, or downloading viruses), email filtering (keywords or inappropriate jokes, etc), and many other must-have features.

Give us a call and let’s talk about your network security and Acceptable Use Policy, and find ways to make sure your company’s resources aren’t being wasted by your employees.