With mobile devices becoming more accessible, many are finding it more comfortable and more productive to use these devices not only for personal purposes, but also for work. This may seem to be a good thing initially, but it also means that you have less control over the way these devices access your IT system. The best thing to do is to have a good IT security policy in place to make sure that important company data is not compromised.

As technology continues to become more affordable and accessible to consumers, it's an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company's IT system.

This can be a dangerous thing. Since these devices aren't company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It's important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data's security. Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don't forget that while Android seems to have a bigger problem with malicious software, Apple isn't exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data. If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don't hesitate to give us a call so we can sit down with you and discuss a custom security blueprint that's just right for you.

Despite the real threat of hacking and online thievery, a lot of small businesses do not consider themselves affected by it, says a report by StaySafeOnline.org. While dependent on their computer systems for data storage, few realize that all it takes is one breach to destroy a cultivated relationship with clients and the company's own financial status.

StaySafeOnline.org, a website of the National Cyber Security Alliance, has recently released a study that chronicles the cyber security practices and attitudes of small businesses. Conducted in partnership with Visa, the study shows some interesting, if not disturbing, results.

It turns out that many small businesses (about 65% of the respondents) are highly dependent on their computer / IT / data systems, where they store important information, from sensitive company financial records to personal client information such as credit card info, addresses and phone numbers, and more. However, as many as 85% believe that they will not be targeted by hackers and online thieves, and less than half have data security systems in which they are confident. In general, small businesses have, at best, a mediocre security system.

Few realize, though, that it only takes one breach to compromise a company's finances and relationships with clients. And if you have less than stellar security, stealing from you is easier. You might not have as many online assets as big businesses, but hackers can make a hefty profit by victimizing several easy marks as opposed to bigger and riskier efforts with more secure systems of larger firms.

Don't take a risk with important data, and don't compromise the relationships and reputation you've built with your clients over the years. Good security is always worth it. If you're interested in knowing more about beefing up your security through company policies, software, and user education, please don't hesitate to contact us. We'd be happy to sit down with you and discuss a security blueprint that's cost effective and custom built to meet your specific needs.

Reference: National Small Business Study

It’s been doing the rounds for a couple of months now, but a scam offering fake ‘computer support’ has become so prolific in recent weeks it is now receiving mainstream media coverage. In summary, potential victims receive a phone call from someone introducing themselves as “IT Support”, “Computer Maintenance”, or something similar, then attempt to elicit payment to fix non-existent computer problems. Jump on over to ITNews for more coverage.

The bottom line is that common sense must apply. As a rule Microsoft, nor any other vendor will phone you directly offering support. If someone phones you offering this type of support, get their number and call them back. Or better yet, call Grassroots IT.

Further to David’s excellent opinion on the recent Internet Explorer vulnerability, I’d like to put forward some additional information for your consideration.

• The recent criticisms of IE were specifically prompted by version 6, although the underlying flaw was present in all subsequent versions as well. IE6 was released in 2001, which makes it a dead set dinosaur in internet years.
• Any windows based computers that have had any patching done in the last few years will have automatically been updated to newer versions of IE, most recently version 8.
• As David details, Microsoft has released an urgent out-of-band security update for IE6, 7 and 8
• All computers covered by a Grassroots IT support agreement will not only have been upgraded from IE6, but will also have had the recent targeted security fix pushed out to them.

For any business concerned about the efficient and secure functioning of their systems, a regular process of patching and updating software is, unfortunately, unavoidable. In this instance the peice of software that has gained the press coverage has been Microsoft IE, but is next time just as likely to be Firefox, MYOB, Adobe Reader, or any other piece of software in common use. Grassroots IT can certainly help with this, but an acceptance and understanding of this will help put the recent press regarding IE in perspective.

I agree that IE6 must be retired, and not before time. But I do suggest a pinch of salt with the recent hyped up press.

Update: Minor edits to clarify the relevance the security flaw to all versions of IE, not just IE6.

The French and German governments have recently announced that everyone should move away from Internet Explorer. A big call. This announcement has come about because there is a specific security flaw in Internet Explorer which, as highlighted by Google, was used in a very deliberate, highly sophisticated attack, originating from China, to try and access the Gmail accounts of Chinese human rights activists. (For more geeky details on the specifics of the security flaw, head down below to **)

Now, I don’t really like Internet Explorer. I don’t care whether it’s IE6, IE7 or IE8, I don’t like it. In fact, I even agree with the general sentiments put forward by France and Germany when they suggested that people use a different browser… but that’s just my personal opinion. It *is* an insecure browser and there *are* problems with it. Admittedly, Internet Explorer 8 is a significant improvement over earlier versions.

Unfortunately, it’s not as simple as switching to a different browser. As much as I want to say, “Switch to Google Chrome, Mozilla Firefox or even Opera”, a lot of the functionality of your company intranet and SharePoint specifically requires Internet Explorer. Without it, you’ll have a hard time doing anything other than simply looking at pages hosted by SharePoint etc.

Being fair, Internet Explorer isn’t the only web browser that has security issues. Over time, vulnerabilities and security flaws have been and will continue to be discovered in every single web browser available. Switching to a different web browser won’t suddenly make you impervious to attacks from the web. If it did, then there wouldn’t be any need for anti-virus solutions, firewalls or malware removal tools. The fact that these things all exist (and have billions of dollars spent on them annually) are a pretty good indicator that there is more to it than simply switching browsers.

To ensure that your computers are as safe as possible, we deploy and monitor a range of security products including anti-virus solutions, malware detection software, hardware and software firewalls, in addition to keeping all of your systems patched and up to date with Microsoft patches and hotfixes.

If you have any concerns or queries about your system security, please contact us on 1300 554 138 and we’ll be happy to have a chat with you.

**If you want to get your geek on, feel free to continue reading for a bit more of a breakdown of the issue that brought this to light and caused all the fuss. Be warned, it might get a little geeky.

Right, still with me?

Google announced on their blog at 3PM on 12/01/2010 that there had been a security attack originating from China. Within 48 hours, Microsoft had published a security advisory (http://www.microsoft.com/technet/security/advisory/979352.mspx), letting people know that they were aware of the flaw and that they were working on fixing it. Since then, they’ve kept that advisory updated and as of 21/01/2010, they had developed a fix, published it and made it available for download.

Now, you may not be aware of this, but Microsoft normally releases its updates and patches on a specific release schedule. Given the serious nature of this issue, Microsoft chose to release it “out of band”. Meaning that instead of waiting to release it with their next scheduled updates and patches, they released it as soon as it was ready. Now, let’s have a look at the timeline of events:

12/01/2010 – Google announce an attack on their systems using this exploit

14/01/2010 – Microsoft release security advisory acknowledging the problem

15/01/2010 – Microsoft update their advisory with more accurate information following developments in their investigation; The same day, the German Office for Information Security issued a press release advising people to switch to another browser

18/01/2010 – France echoes Germany’s advice that people switch to a different browser

20/01/2010 – Microsoft released details of a work around to avoid the problem until they had finished testing the patch to correct the problem

21/01/2010 – Microsoft released a fix for this security flaw (http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx)

Interestingly, most of the calls we received about this issue have come in since the 21^st. So, in essence, by the time people became aware of this and grew concerned enough to contact us, the fix had already been released and been pushed out to the systems under our management. If you currently don’t have a managed support agreement with us and you’re not sure if you have adequate security measures in place, drop us a line or shoot us an email and we’ll be happy to help.