Simple IT Security Tactics for Small Businesses (Video)

← Back to Stories (view on slashdot.org)

Simple IT Security Tactics for Small Businesses (Video)

Posted by Roblimo on Friday February 27, 2015 @09:14AM from the worry-more-about-criminal-attacks-than-government-intrusions dept.

Adam Kujawa is the lead person on the Malwarebytes Malware Intelligence Team, but he's not here to sell software. In fact, he says that buying this or that software package is not a magic bullet that will stop all attacks on your systems. Instead, he stresses coworker education. Repeatedly. Adam says phishing and other social engineering schemes are now the main way attackers get access to your company's information goodies. Hacking your firewall? Far less likely than it used to be, not only because firewalls are more sophisticated than ever, but also because even the least computer-hip managers know they should have one.

32 comments

Min score:

Reason:

Sort:

I'm sure that by invictusvoyd · 2015-02-27 09:17 · Score: 1

its relatively difficult to Phish/malware on *nix systems . Why not start by adopting a *nix desktop ?
1. Re:I'm sure that by BarbaraHudson · 2015-02-27 09:29 · Score: 2
  
  Some people do - it's made by Apple.
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
2. Re:I'm sure that by mlts · 2015-02-27 09:30 · Score: 2
  
  I've had phish attempts back in 1993 on Solaris and IRIX... Not good ones, but people fakemailing, pretending to be from "root", asking to run a shell script that would send the /etc/passwd file off to an anonymizer address... well before abuse forced Julf to shut down penet's remailer for good.
  Easily detected, because I was the only person with root access, but I'm sure college students probably follow directions and kicked the university's passwd files there (although with NIS/NIS+, as well as the real password hashes stashed in /etc/shadow ) there wasn't much to attack, even back then.
Who falls for that? by Anonymous Coward · 2015-02-27 09:28 · Score: 0

If you are anyone but a grandma / grandpa / completely computer illiterate, then I can understand someone out there selling you Koobface.
But if you have even the slightest knowledge of computers, your first lesson is to not fall for social engineering attacks.
Otherwise, you what you need is a good paddling
1. Re:Who falls for that? by CaptainDork · 2015-02-27 12:52 · Score: 1
  
  Proofread, you illiterate asshat.
  
  --
  It little behooves the best of us to comment on the rest of us.
Hey, it's Glenn Beck! by Anonymous Coward · 2015-02-27 09:29 · Score: 0

Dude looks just like a younger Glenn Beck. Power to the people bro!
1. Re:Hey, it's Glenn Beck! by Anonymous Coward · 2015-02-27 10:53 · Score: 0
  
  The only thing worse than Slashdot posting videos that start automatically is losers making videos while wearing headsets.
  WFT dude?
NO AUTOPLAY! by Roblimo · 2015-02-27 09:46 · Score: 2

Be still my heart.... I was getting ready to quit over autoplay. Those of us who actually work on the site have been begging management to get rid of it since the moment it raised it's ugly head. Success at last! Now all we need is a volume control in the player and we'll be golden. Yay.
And yeah, beta. I think it's gone, too. Haven't seen it lately, anyway. Another Yay.
1. Re:NO AUTOPLAY! by Anonymous Coward · 2015-02-27 10:09 · Score: 0
  
  Since when do you, Roblimo, have to beg management about how to run the site? Something is not right. This isn't the Slashdot that used to be.
2. Re: NO AUTOPLAY! by Roblimo · 2015-02-27 10:41 · Score: 2
  
  I'm retired and only work on Slashdot part-time as a freelancer. No authority, and I'm sick enough (heart problems and diabetes) that I don't really want any.
3. Re: NO AUTOPLAY! by Anonymous Coward · 2015-02-27 10:53 · Score: 0
  
  Well, thanks for sticking around anyways. Your efforts are appreciated, even though it sometimes seems like they aren't.
First Line of Defense by TubeSteak · 2015-02-27 09:52 · Score: 3, Insightful

Don't use your fucking Point of Sale systems to browse the internet. Or check your E-mail. Or for anything other than inventory & payment.
This goes double for any computer that is used to access customer or patient records.
I see this all the time and it makes me cringe.
If you can't afford separate systems for you or your employees to dick around on,
then you sure as hell can't afford the fallout from getting pwned.

--
[Fuck Beta]
o0t!
1. Re:First Line of Defense by Roblimo · 2015-02-27 09:58 · Score: 1
  
  Ummm... You may want to change your sig. Beta seems to have disappeared into the void along with the late, unlamented autoplay.
2. Re:First Line of Defense by Anonymous Coward · 2015-02-27 12:13 · Score: 2, Informative
  
  "Don't use your fucking Point of Sale systems to browse the internet."
  THIS!
  I can't stand it when I see cashiers browsing the Internet with an outdated version of IE using running on XP PoS (or any other, for that matter). It's nothing but calling for trouble. I've come by some smaller stores where they did this and ever so often the computer was so stuck due to the aforementioned that they couldn't even accept any card payments. Heck, I wouldn't even paid them using a card after seeing how irresponsibly they use their point-of-sale systems. The risks are just too great and people in charge have no clue about them.
Dept of DUH by DigiShaman · 2015-02-27 09:58 · Score: 1

IT 101 for SMB (or any business)
1. Get a business class Next-Generation firewall.
2. Don't install JRE or Flash if you can at all avoid it; they're vector for web drive-by-download malware
3. Installed managed AV for all workstations.
4. Block outbound port 25 (SMTP) so as to not be black-listed and fart SPAM from an infected machine to others out in the world.
5. Block TOR at FW level. Unfortunately. it's how bot-nets communicate these days.
6. Limit share access by department and roles.
7. Educate users of cons online.

--
Life is not for the lazy.
1. Re:Dept of DUH by DigiShaman · 2015-02-27 10:08 · Score: 1
  
  8. Install Windows Updates each month. No excuse. Also get rid of XP and go with Windows 7 or newer.
  
  --
  Life is not for the lazy.
2. Re:Dept of DUH by Anonymous Coward · 2015-02-28 05:05 · Score: 1
  
  9. Don't install Windows.
  Jesus, with EComStation, Linux, and *BSD still around why would anybody design a POS station based on the most hackable platform out there?
rcording in bedroom by Anonymous Coward · 2015-02-27 10:10 · Score: 0

Is this guy recording in his bedroom?
This is utter tripe.
The content sucks, It might as well be a "five ways you can protect your small busniess on teh interwebs"
This is actually inane.
Dice's CEO Mike Durney and his board are going to try to "Make /. more accessable" and orient it twoard their cash cow, selling people shite jobs.
another small step twoard the complete vertical integration on Slashdot.
He's going to totally dilute it.
-Captain Deerface
Content owner? by s.petry · 2015-02-27 10:27 · Score: 1

Screw auto-play, I'm trying to figure out who "ooyala"and "taboola" are, and why their content is being linked (by default on every Slashdot page). Whois data seems to link them to tucows, who I have not seen since they were found to be spreading malware through their download wrappers.
Yeah, you have to follow the whois chain down the road to get to tucows but it's obvious 2 steps away.
FWIW, taboola and ooyala seem to be both tracking companies (for marketing purposes *wink* *wink*). No thanks, I won't let their video play.

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
1. Re:Content owner? by Soulskill · 2015-02-27 10:33 · Score: 3, Informative
  
  Ooyala is the company that does the video hosting/serving for our video content. A whois chain is probably less helpful than going to their public website.
  Taboola is the company that handles the sponsored links between stories and comment sections.
2. Re:Content owner? by s.petry · 2015-02-27 10:49 · Score: 2
  
  I actually did go to their web site, you may have missed my last paragraph. "Unlock the Revenue Potential of Digital TV" is their leading add.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
3. Re:Content owner? by ShaunC · 2015-02-27 14:56 · Score: 1
  
  Taboola is an advertising and user-tracking company whose CEO says the company looks for "unorthodox solutions to monetize and engage consumers."
  "Prior to founding Taboola, [CEO] Adam [Singolda] developed his analytical skills while serving as an officer in an elite mathematical unit of the Israeli National Security Agency. Adam is an honored alum of the [IDF's] elite Mamram computer science training program, graduated first in his class at the Officers Academy of the IDF." Right from the source.
  In other words, block that shit at the edge of your network.
  
  --
  Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
4. Re:Content owner? by Anonymous Coward · 2015-02-28 04:33 · Score: 0
  
  > Mossad
  I guess it is no surprise the name makes me think of tabouli.
But What About The Internet of Things? by Anonymous Coward · 2015-02-27 10:53 · Score: 0

I mean, isn't EVERYTHING supposed to be connected now? It seems like Microsoft, Apple, Cisco, Intel and others are assuring is this is The Way To Go!
I'm waiting for my damned toaster to join Skynet. And come with an ominous glowing red eye.
Step 1: Don't be stupid by TheDarkener · 2015-02-27 11:32 · Score: 2

The biggest issue with malware is that people don't understand the scope of the network their computer is hooked up to. If people just realized for a second that connecting your computer to the Internet is the equivelant of walking into a room with about 3 billion other people in it, then you'd be a wee-bit more conscious about what you do and who you trust.

--
It is pitch black. You are likely to be eaten by a grue.
"even the least computer-hip managers know... by Anonymous Coward · 2015-02-27 13:00 · Score: 0

...to have [a firewall]"
And how do you know the firewall is secure?
Maybe it has a backdoor not published yet.
Stalin's software was right by Anonymous Coward · 2015-02-27 15:23 · Score: 0

...“When there's a person, there's a problem.
When there's no person, there's no problem."
Simple Security by Bent+Spoke · 2015-02-27 17:03 · Score: 1

Surely this has got to be the biggest oxymoron of them all.
Thanks for the security message by Anonymous Coward · 2015-02-27 20:49 · Score: 1

DOMException [SecurityError: "The operation is insecure."
code: 18
nsresult: 0x80530012
location: http://player.ooyala.com/v3/85d52cbb9c924733934b1880e9cde580?platform=html5-priority:12572] "@http://player.ooyala.com/v3/85d52cbb9c924733934b1880e9cde580?platform=html5-priority:12572:4
@http://player.ooyala.com/v3/85d52cbb9c924733934b1880e9cde580?platform=html5-priority:12338:0
@http://player.ooyala.com/v3/85d52cbb9c924733934b1880e9cde580?platform=html5-priority:2:1
" 85d52cbb9c924733934b1880e9cde580:20600
how to secure your windows pc by Anonymous Coward · 2015-02-28 03:36 · Score: 0

Lately I've been getting hit with well crafted emails that would get most people.
so I wrote a simple step by step for basic security for the average person.
I kept in mind that most people don't have spare cash, so I choose freeware
and I've included the above product into the set up.
What I have enjoyed is most people have sent me emails saying thanks.
What I would like, if someone knows other products that could be used,
for the average layperson.
While it's not much, here is what I wrote.
https://www.linkedin.com/pulse/securing-your-windows-platform-michael-rasch
let's secure your windows pc by onepoint · 2015-02-28 03:42 · Score: 1

Sorry I've re-posted this because it's making me an AC.
Lately I've been getting hit with well crafted emails that would get most people.
so I wrote a simple step by step for basic security for the average person.
I kept in mind that most people don't have spare cash, so I choose freeware
and I've included the above product into the set up.
What I have enjoyed is most people have sent me emails saying thanks.
What I would like, if someone knows other products that could be used,
for the average layperson.
While it's not much, here is what I wrote.
https://www.linkedin.com/pulse...

--
if you see me, smile and say hello.
Where does he say that? by adyroman · 2015-03-04 17:52 · Score: 0

I looked through the site and I can't find any article making this point. Last post by Adam was in January.