Web Threats WeeklyHow To Improve IT Security For FreeAs all organizations are scrambling to cut costs, we're happy to help with some valuable IT security advice that you can implement for free. This week, we're taking a quick break from the usual format of offering web threats tips from other responsible organizations, and having our own PCIS experts offer advice that can help your business. Don't Store Sensitive Account Information in Your Browser. Clear your 'saved form' data regularly. The humble browser is a potentially critical point of web vulnerability. - PCIS Systems Analyst Paul Sabourin-Hertzog Don't Use the Default Password. When setting up your wifi network either at home or business, always change the default administrator password. Popular brand name routers sets a default password usually admin or administrator. - PCIS Systems Developer / Administrator Ernesto Cerezo Use Better Passwords. Remembering
long and complicated passwords with random variations is beyond the
capabilities of most human beings. The solution is for IT
people to teach employees how to create difficult-to-crack but
easy-to-remember passwords. This means teaching them how to use
patterns, such as putting
a series of numbers (eg. birthdate of your favorite aunt) between a
first and last name or replacing characters like "s" with "$".
Of course, the whole organization should not use the same
patterns, or it could actually create more vulnerability. - PCIS President Vaclav Vincalek For cost-effective network security and web security solutions, contact PCIS. Learn How To Protect Your Business Online at Vancouver Board of Trade Managers' Toolbox PresentationOnline protection will be even more important in 2009, as Gartner analysts estimate 80 per cent of all companies will suffer through a web application security incident, with potential security breach costs of $90 to $305 per compromised record. PCIS would like to invite you to the upcoming Vancouver Board of Trade Managers’ Toolbox session, Online Protection: How to secure your business and build consumer trust. It's happening on Tuesday, March 10. At this session, PCIS President Vaclav Vincalek will provide essential tips and practical steps you can take to protect your business and customers online. Register for the session at the Vancouver Board of Trade website. A True Story of a Web Security Breach and How It Was FixedIn every issue of Web Threats Weekly, we provide web security tips to help organizations be proactive. Here's a case to illustrate a real recent web security breach and how it was fixed. Problem: The website of a large non-profit organization was hacked. The organization discovered this when Internet search results displayed the URL for its website with a warning from Google reading “This site may harm your computer”. Significant web traffic that had taken years to develop decreased to a small trickle of visitors practically overnight. Solution: The
organization was advised to replace its hacked website with a single
secure web page as a temporary solution to avoid infecting their
website visitors’ computers with malware. In the meantime, the database
was checked for malicious code. Lesson: Web security breaches can be facilitated by vulnerabilties on the part of the organization, the web hosting company, or both. One area of vulnerability can open all other aspects of an organization's network infrastructure to exploitation by cyber criminals. For this organization, the cost of fixing the problems was four times higher than what proactive security measures would have cost. As well, the ability of the organization to retain its non-profit status, manage members and raise funds was put at great risk. Being proactive about security is far less costly than undertaking damage control after a security breach. |
February 18, 2009Web Threats Weekly is distributed by: Pacific Coast Information Systems Ltd. Toll-free 1.877.744.7558 In this issue:* How to Improve IT Security for Free * Learn How To Protect Your Business Online at Vancouver Board of Trade Managers' Toolbox Presentation * A True Story of a Web Security Breach and How It Was Fixed * Hacker Bait * Mythbusters Tip #13 * Spam-Alot Web Threats Weekly helps organizations protect themselves and their customers from known online threats. Contact Boonbox
|
 |
Hacker BaitThe latest Hacker Bait list contains websites of business, social networking sites and some popular Canadian organizations that have been found to have vulnerabilities that hackers and cyber criminals could exploit. This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry. If you would like more information on our data and why these sites are listed here, please contact PCIS Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days
|
Mythbusters Tip #13“We do a penetration test of our web applications and website once a year with an automated scanner, and that's enough to ensure security.”At least the people who repeat this myth admit they should be doing something to protect their customers and their organization. But a penetration test once a year to check for vulnerabilities is clearly not adequate. First of all, there are some vulnerabilities that simply can't be discovered by an automated scanner. A comprehensive assessment will necessarily include manual code checks. As well, given that new vulnerabilities are discovered on a daily basis, more frequent web security assessments are required to ensure a credible level of security. Spam-AlotSpammers are linking to blogs, profiles and other pages on these trusted sites to give victims a false sense of security that the links can be followed safely. These sites may not have been hacked, but following the spam links to these sites and clicking on links shown there can result in harm to your computer. If you would like more information on our data and why these sites are listed here, please contact PCIS Spam-Alot Websites Exploited Since Feb. 12, 2009
|
||||
Boonbox and Pacific Coast Information Systems Ltd.Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup. PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America. |
|||||
|
HOW TO SUBSCRIBE/UNSUBSCRIBE SUBSCRIBE: To subscribe to Web Threats Weekly, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com UNSUBSCRIBE: If you do not wish to receive future issues of Web Threats Weekly, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list. WE WANT YOUR FEEDBACK Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558 |
|||||
