Simple IT Security Tactics for Small Businesses

Adam Kujawa is the lead person on the Malwarebytes Malware Intelligence Team, but he's not here to sell software. In fact, he says that buying this or that software package is not a magic bullet that will stop all attacks on your systems. Instead, he stresses coworker education. Repeatedly. Adam says phishing and other social engineering schemes are now the main way attackers get access to your company's information goodies. Hacking your firewall? Far less likely than it used to be, not only because firewalls are more sophisticated than ever, but also because even the least computer-hip managers know they should have one.

Re:I'm sure that

[BarbaraHudson]

Some people do - it's made by Apple.

Re:I'm sure that

[mlts]

I've had phish attempts back in 1993 on Solaris and IRIX... Not good ones, but people fakemailing, pretending to be from "root", asking to run a shell script that would send the /etc/passwd file off to an anonymizer address... well before abuse forced Julf to shut down penet's remailer for good.

Easily detected, because I was the only person with root access, but I'm sure college students probably follow directions and kicked the university's passwd files there (although with NIS/NIS+, as well as the real password hashes stashed in /etc/shadow ) there wasn't much to attack, even back then.

NO AUTOPLAY!

[Roblimo]

Be still my heart.... I was getting ready to quit over autoplay. Those of us who actually work on the site have been begging management to get rid of it since the moment it raised it's ugly head. Success at last! Now all we need is a volume control in the player and we'll be golden. Yay.

And yeah, beta. I think it's gone, too. Haven't seen it lately, anyway. Another Yay.

Re: NO AUTOPLAY!

[Roblimo]

I'm retired and only work on Slashdot part-time as a freelancer. No authority, and I'm sick enough (heart problems and diabetes) that I don't really want any.

First Line of Defense

[TubeSteak]

Don't use your fucking Point of Sale systems to browse the internet. Or check your E-mail. Or for anything other than inventory & payment.

This goes double for any computer that is used to access customer or patient records.

I see this all the time and it makes me cringe.
If you can't afford separate systems for you or your employees to dick around on,
then you sure as hell can't afford the fallout from getting pwned.

Re:First Line of Defense

"Don't use your fucking Point of Sale systems to browse the internet."

THIS!

I can't stand it when I see cashiers browsing the Internet with an outdated version of IE using running on XP PoS (or any other, for that matter). It's nothing but calling for trouble. I've come by some smaller stores where they did this and ever so often the computer was so stuck due to the aforementioned that they couldn't even accept any card payments. Heck, I wouldn't even paid them using a card after seeing how irresponsibly they use their point-of-sale systems. The risks are just too great and people in charge have no clue about them.

Re:Content owner?

[Soulskill]

Ooyala is the company that does the video hosting/serving for our video content. A whois chain is probably less helpful than going to their public website.

Taboola is the company that handles the sponsored links between stories and comment sections.

Re:Content owner?

[s.petry]

I actually did go to their web site, you may have missed my last paragraph. "Unlock the Revenue Potential of Digital TV" is their leading add.

Step 1: Don't be stupid

[TheDarkener]

The biggest issue with malware is that people don't understand the scope of the network their computer is hooked up to. If people just realized for a second that connecting your computer to the Internet is the equivelant of walking into a room with about 3 billion other people in it, then you'd be a wee-bit more conscious about what you do and who you trust.