Slashdot Mirror

← Back to Stories (view on slashdot.org)

Simple IT Security Tactics for Small Businesses (Video)

Posted by Roblimo on from the worry-more-about-criminal-attacks-than-government-intrusions dept.

Adam Kujawa is the lead person on the Malwarebytes Malware Intelligence Team, but he's not here to sell software. In fact, he says that buying this or that software package is not a magic bullet that will stop all attacks on your systems. Instead, he stresses coworker education. Repeatedly. Adam says phishing and other social engineering schemes are now the main way attackers get access to your company's information goodies. Hacking your firewall? Far less likely than it used to be, not only because firewalls are more sophisticated than ever, but also because even the least computer-hip managers know they should have one.

20 of 32 comments (clear)

  1. I'm sure that by invictusvoyd · · Score: 1

    its relatively difficult to Phish/malware on *nix systems . Why not start by adopting a *nix desktop ?

    1. Re:I'm sure that by BarbaraHudson · · Score: 2

      Some people do - it's made by Apple.

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    2. Re:I'm sure that by mlts · · Score: 2

      I've had phish attempts back in 1993 on Solaris and IRIX... Not good ones, but people fakemailing, pretending to be from "root", asking to run a shell script that would send the /etc/passwd file off to an anonymizer address... well before abuse forced Julf to shut down penet's remailer for good.

      Easily detected, because I was the only person with root access, but I'm sure college students probably follow directions and kicked the university's passwd files there (although with NIS/NIS+, as well as the real password hashes stashed in /etc/shadow ) there wasn't much to attack, even back then.

  2. NO AUTOPLAY! by Roblimo · · Score: 2

    Be still my heart.... I was getting ready to quit over autoplay. Those of us who actually work on the site have been begging management to get rid of it since the moment it raised it's ugly head. Success at last! Now all we need is a volume control in the player and we'll be golden. Yay.

    And yeah, beta. I think it's gone, too. Haven't seen it lately, anyway. Another Yay.

    1. Re: NO AUTOPLAY! by Roblimo · · Score: 2

      I'm retired and only work on Slashdot part-time as a freelancer. No authority, and I'm sick enough (heart problems and diabetes) that I don't really want any.

  3. First Line of Defense by TubeSteak · · Score: 3, Insightful

    Don't use your fucking Point of Sale systems to browse the internet. Or check your E-mail. Or for anything other than inventory & payment.

    This goes double for any computer that is used to access customer or patient records.

    I see this all the time and it makes me cringe.
    If you can't afford separate systems for you or your employees to dick around on,
    then you sure as hell can't afford the fallout from getting pwned.

    --
    [Fuck Beta]
    o0t!
    1. Re:First Line of Defense by Roblimo · · Score: 1

      Ummm... You may want to change your sig. Beta seems to have disappeared into the void along with the late, unlamented autoplay.

    2. Re:First Line of Defense by Anonymous Coward · · Score: 2, Informative

      "Don't use your fucking Point of Sale systems to browse the internet."

      THIS!

      I can't stand it when I see cashiers browsing the Internet with an outdated version of IE using running on XP PoS (or any other, for that matter). It's nothing but calling for trouble. I've come by some smaller stores where they did this and ever so often the computer was so stuck due to the aforementioned that they couldn't even accept any card payments. Heck, I wouldn't even paid them using a card after seeing how irresponsibly they use their point-of-sale systems. The risks are just too great and people in charge have no clue about them.

  4. Dept of DUH by DigiShaman · · Score: 1

    IT 101 for SMB (or any business)

    1. Get a business class Next-Generation firewall.
    2. Don't install JRE or Flash if you can at all avoid it; they're vector for web drive-by-download malware
    3. Installed managed AV for all workstations.
    4. Block outbound port 25 (SMTP) so as to not be black-listed and fart SPAM from an infected machine to others out in the world.
    5. Block TOR at FW level. Unfortunately. it's how bot-nets communicate these days.
    6. Limit share access by department and roles.
    7. Educate users of cons online.

    --
    Life is not for the lazy.
    1. Re:Dept of DUH by DigiShaman · · Score: 1

      8. Install Windows Updates each month. No excuse. Also get rid of XP and go with Windows 7 or newer.

      --
      Life is not for the lazy.
    2. Re:Dept of DUH by Anonymous Coward · · Score: 1

      9. Don't install Windows.

      Jesus, with EComStation, Linux, and *BSD still around why would anybody design a POS station based on the most hackable platform out there?

  5. Content owner? by s.petry · · Score: 1

    Screw auto-play, I'm trying to figure out who "ooyala"and "taboola" are, and why their content is being linked (by default on every Slashdot page). Whois data seems to link them to tucows, who I have not seen since they were found to be spreading malware through their download wrappers.

    Yeah, you have to follow the whois chain down the road to get to tucows but it's obvious 2 steps away.

    FWIW, taboola and ooyala seem to be both tracking companies (for marketing purposes *wink* *wink*). No thanks, I won't let their video play.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Content owner? by Soulskill · · Score: 3, Informative

      Ooyala is the company that does the video hosting/serving for our video content. A whois chain is probably less helpful than going to their public website.

      Taboola is the company that handles the sponsored links between stories and comment sections.

    2. Re:Content owner? by s.petry · · Score: 2

      I actually did go to their web site, you may have missed my last paragraph. "Unlock the Revenue Potential of Digital TV" is their leading add.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    3. Re:Content owner? by ShaunC · · Score: 1

      Taboola is an advertising and user-tracking company whose CEO says the company looks for "unorthodox solutions to monetize and engage consumers."

      "Prior to founding Taboola, [CEO] Adam [Singolda] developed his analytical skills while serving as an officer in an elite mathematical unit of the Israeli National Security Agency. Adam is an honored alum of the [IDF's] elite Mamram computer science training program, graduated first in his class at the Officers Academy of the IDF." Right from the source.

      In other words, block that shit at the edge of your network.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  6. Step 1: Don't be stupid by TheDarkener · · Score: 2

    The biggest issue with malware is that people don't understand the scope of the network their computer is hooked up to. If people just realized for a second that connecting your computer to the Internet is the equivelant of walking into a room with about 3 billion other people in it, then you'd be a wee-bit more conscious about what you do and who you trust.

    --
    It is pitch black. You are likely to be eaten by a grue.
  7. Re:Who falls for that? by CaptainDork · · Score: 1

    Proofread, you illiterate asshat.

    --
    It little behooves the best of us to comment on the rest of us.
  8. Simple Security by Bent+Spoke · · Score: 1

    Surely this has got to be the biggest oxymoron of them all.

  9. Thanks for the security message by Anonymous Coward · · Score: 1

    DOMException [SecurityError: "The operation is insecure."
    code: 18
    nsresult: 0x80530012
    location: http://player.ooyala.com/v3/85d52cbb9c924733934b1880e9cde580?platform=html5-priority:12572] "@http://player.ooyala.com/v3/85d52cbb9c924733934b1880e9cde580?platform=html5-priority:12572:4
    @http://player.ooyala.com/v3/85d52cbb9c924733934b1880e9cde580?platform=html5-priority:12338:0
    @http://player.ooyala.com/v3/85d52cbb9c924733934b1880e9cde580?platform=html5-priority:2:1
    " 85d52cbb9c924733934b1880e9cde580:20600

  10. let's secure your windows pc by onepoint · · Score: 1

    Sorry I've re-posted this because it's making me an AC.

    Lately I've been getting hit with well crafted emails that would get most people.
    so I wrote a simple step by step for basic security for the average person.

    I kept in mind that most people don't have spare cash, so I choose freeware
    and I've included the above product into the set up.

    What I have enjoyed is most people have sent me emails saying thanks.

    What I would like, if someone knows other products that could be used,
    for the average layperson.

    While it's not much, here is what I wrote.

    https://www.linkedin.com/pulse...

    --
    if you see me, smile and say hello.