Posted by Daryl Rinaldi on Mon, Mar 29, 2010 @ 02:00 PM
So you've heard some vague notions about "improved security" in Microsoft Windows 7. As a leading Boston IT support company we get asked this question all the time. The short answer is YES! But let me give you a few more details so you can understand exactly what Microsoft Windows 7 brings to the table at least from the perspective of a Boston are IT Support company who is responsible for the security of our customers' networks.
As always if you have any questions please feel free to email me at drinaldi at gizmofish.com or call me at 866-MY-GIZMO (866-694-4966) ext. 4.
PS. Don't forget about our Free Windows 7 Seminar on April 22nd at the Microsoft offices in Waltham. Click here to register.
More secure, more easily - Microsoft Windows 7 has many security enhancements that not only improve security but also make enhanced security easier to manage (and easier to live with!)
- Internet Explorer 8 in Microsoft Windows 7 has several new features to make web browsing safer. Here are a few:
- InPrivate Browsing lets you surf the web without leaving a trail in Internet Explorer so other can see where you have been surfing.
- SmartScreen filter protects users against evolving web and social engineering threats by automatically blocking access to malicious websites.
- XSS filter - The IE8 Cross Site Scripting Filter protects you against a certain type of malicious website content that has become one of the leading online threats.
- Domain highlighting highlights the root domain of any website your are visiting so you can easily see if the site is a phony phishing site setup to look like a legitimate site such as PayPal, or eBay, or Bank of America
- Windows Vista introduced BitLocker Drive Encryption. Some versions of Microsoft Windows 7 have an enhanced version of BitLocker that enables you to easily encrypt portable storage devices like USB flash drives and external hard drives.
- Windows Defender which protects against Spyware is now built-in to Microsoft Windows 7. Plus Microsoft Security Essentials, which is a full-featured anti-malware program that protects against viruses, spyware, worms, Trojan horses, and other malware, is available as a free download.
- Microsoft Windows 7 offers better control over security. You can adjust how often the computer interrupts you to warn of changes to your computer. And Windows 7 makes it easier for users to run as non-administrators without hindering their ability to accomplish tasks on the PC.
- Microsoft Windows 7 has improved backup and restore capabilities. In addition to a user-friendly user interface, the Microsoft Windows 7 Backup and Restore tool allows you to create complete system image backups so you can restore your entire PC in the event of a catastrophic system crash.
There are other security enhangements Microsoft Windows 7 that help justify an upgrade but for now I'll leave you with these. Come to our Microsoft Windows 7 seminar on April 22 in Waltham and take a look. I think you'll agree that Microsoft Windows 7 really does provide better security, while being less intrusive about it that previous versions of Windows.
Posted by Daryl Rinaldi on Mon, Jan 18, 2010 @ 06:18 PM
Data privacy is a hot topic these days. The new privacy regulations (201 CMR 17:00) by the Massachussetts Office of Consumer Affairs and Business Regulation are going into effect March 1st, 2010. These regulations cover any business that stores personal information about Massachusetts residents. Your Boston-area IT Support firm or IT Department should be knowledgeable on the specific requirements of the regulations. Some important things to consider:
- Even if you don't collect customer personal information, if you keep your employees' Social Security Numbers then you are covered by these regulations.
- There is no technological silver bullet. These regulations require you to adopt certain business practices now.
- You have to create a Written Information Security Program (WISP).
- You have to appoint an Information Security Manager to maintain the WISP.
- As part of the WISP you must inventory reasonably foreseeable security risks and the WISP should address those risks.
- The first step is to actually inventory the personal information (see our white paper for the definition of "personal information") your company keeps. You may be surprised at all the places this information resides.
- These regulations apply to personal information on paper as well as in electronic form. If you don't already have locking filing cabinets you should get them now.
- The regulations have some specific requirements about your computer systems, your password security, and data encyption. Download our white paper for a more detailed discussion of the computer system requirements.
GizmoFish has prepared a helpful White Paper called "10 Things You Must Know About the New Massachusetts Data Privacy Regulations." Click -> here to download this paper
Posted by Daryl Rinaldi on Mon, Dec 28, 2009 @ 05:12 PM
The previous post told you about a cool little tool called Roboform that allows you to not have to remember a bunch of different passwords. As an IT Support company, we at GizmoFish advise our customers on IT Security best practices. Part of that discussion is often providing advice on creating passwords that are longer, more complex, and therefore more secure. Here are some tips:
1. Think pass-phrase, not pass-word. A long phrase of strung together words can be just as easy to remember but much harder to crack. Ex."TheBostonCelticsbeatLA".
2. Use an absolute minimum of 8 characters (more is better.) Using an easy to remember phrase makes it much easier to add length.
3. Replace letters with numbers or symbols in words. 1 for i or l, 0 for o, @ for a or e, 5 or $ for s are just a few examples. Ex. TheB0st0nCelt1c$be@tLA"
4. Use the first letters of the 1st line of your favorite song. Ex. There's a lady who's sure all that glitters is gold = talwsatgig. Easy to remember (sing to yourself), hard to guess.
5. Never use your name or initials in any passphrase. C'mon, how easy do you want to make it for the bad guys? Ditto your birthdate. Think that info is hard to get?
Posted by Daryl Rinaldi on Sun, Dec 27, 2009 @ 04:37 PM
I know, I know; You have too many passwords to remember so the easiest thing to do is make them all the same and all short and easy to remember - right? -- Wrong! I hope your IT Support firm has told you that while that may save you frustration it also leaves you easy prey to password guessers and crackers. Fortunately there is a better solution -- use Roboform. Roboform is a great little product that adds a toolbar to your internet browser with all of your website user names and passwords. You only have to remember 1 password -- the password to open Roboform (Please please please make THAT a complex password). Every other password is in the Roboform software. In fact even the links to the login pages for your saved websites are in the Roboform toolbar so you don't have to remember the URL or add it to your favorites.
So just click on the Roboform toolbar and select, for example, the GizmoFish Customer Login and your browser will go to the GizmoFish site that allows customers to create tickets and view and edit existing tickets, Roboform will fill in your user name and password and click the login button for you. And Roboform is smart enough to recognize if you change your password to a site and ask you if you want to update the information in Roboform. Roboform saves the information in a strongly encrypted format for security.
I must say that some people in the IT industry think that Roboform is a security problem because access to all your sites is protected by only 1 password. While we recognize that concern, in our experience people have too many sites to create and remember complex passwords for so they end up just using either the same password (or almost the same one) or very short and easy-to-remember (and thus easy to crack) passwords. We think the risk is much higher that people will use simple, easy-to-crack passwords than the risk that someone with nefarious intent will obtain your PC and crack your roboform password. With roboform you can use more complex and random passwords than you ever would if you had to remember them yourself. In fact Roboform will even generate random complex passwords for you!
Roboform is well known and respected in the industry. It was was named PC Magazine Editor's Choice, and CNET Download.com's Software of the Year.Roboform works with Internet Explorer and Mozilla. The best $29.95 you ever spent! Click on the image below to to to the Roboform home page to learn more or to purchase.
PS. And to you cynics out there -- No we do NOT resell or get a commission on Roboform. We just think it is a great product that you should know about.
Posted by Daryl Rinaldi on Sun, Dec 20, 2009 @ 12:47 PM
Did you know according to a recent study by Dell and the Poneman Institute that:
- Up to 12,000 laptops are lost or stolen in U.S. airports each week.
- Between 65 and 70 percent of lost laptops are never reclaimed.
Think any important, sensitive business data could be on those laptops? Yea, me too. OK even though I'm sure this could never happen to you (ahem) here are 4 quick tips from our friends at Sunbelt Software makers of our absolute favorite Anti-Virus/Anti-Spyware Program VIPRE, about how to protect yourself just in case...
- Computrace: If you are familiar with LoJack for your car there is one available for your laptop as well. Computrace LoJack for Laptops by Absolute Software is a software-based theft recovery service. It tracks and locates stolen computers and lets you remotely wipe all data from the hard drive.
- Passwords, Passwords, Passwords: Pretty commonsense advice here: Don't make them short and simple (Think pass-phrase, not pass-word); change them regularly, and don't share them with strangers. Be sure your laptop requires a password or a fingerprint scan to log on. We strongly suggest you automate and secure the many passwords you use with my personal #1 favorite piece of software ever: RoboForm. RoboForm encrypts and stores all your passwords for you so you only have to remember 1 password and it remembers all the rest. Cool huh?
- Be Watchful: Observe your surroundings. I don't mean to sound paranoid but there are serious thieves who specialize in stealing laptops (especially when going through airport security). Watch for those watching you. You don't have to be weird about it, just stay alert.
- Not All Wi-Fi Is Created Equal: Look for legitimate hotspots and not fall prey to some nefarious doings. It is better to pay a fee and be safe than try to log in where you don't belong. Better yet get an aircard for your PC that lets you get online using the cell phone network anywhere that gets reception -no more hunting around for a wi-fi hotspot!
Posted by Daryl Rinaldi on Tue, Dec 15, 2009 @ 12:40 PM
Scam Alert!
Be careful about scam emails offering urgent security updates from Microsoft. These emails try to trick you into downloading dangerous malware (viruses or spyware). Microsoft does NOT send unsolicited emails and they do NOT send attachments. If you have automatic updates turned on your PC will download them automatically. You won't get an email from Microsoft about it.
Your IT Support Vendor should have you well-protected with:
1. A fully-monitored anti-virus and antispyware system
2. 24/7 monitoring of your network for unusual activity
3. A fully-monitored complete backup system so that you can recover even if a virus wipes out your critical business data.
With these 3 layers of protection in place you are well-protected even if you inadvertently download something you shouldn't.