eNable Business Solutions
 
 

eNable Business Solutions 5950 Crooked Creek Road
Suite 250
Norcross, GA 30092
678-341-2750
866-248-2913
 
 
 
Welcome to our newest customers:
Add your name to this list today!  Call 678-341-2750.
  
 
eNabling Your Business
March 31, 2009

Be Prepared for the Conflicker Worm
Many security experts are in a panic this week over concerns about the "supervirus" known as Conflicker (aka Downadup or Kido).  It has infected at least 10 million PCs, with an estimated 350 million PCs considered vulnerable. 
  
So far, its effects have been relatively tame - it disables anti-virus software and prevents Windows udates.  What has experts concerned is the fact that review of the code indicates that additional functionality will activate on April 1.
 
This virus has spread particularly well because it has three modes of infection: 1) Using a known vulnerability in Windows
(MS08-067); 2) It includes logic to crack administrator passwords; 3) It can spread via a USB thumb drive.
 
Nobody is quite sure if the consequences of the April 1 activation will be serious or not, but it makes sense to be safe rather than sorry.  Microsoft released the patch to address this issue in October of 2008, so make sure your updates are current.  Most virus companies released signatures to detect this virus in late 2008, so make sure you have the latest virus updates.  Finally, be cautious about connecting unknown USB devices to your PC.
 
And remember - there is no substitute for a good firewall that can detect and block malware, and which automatically gets updates pushed via the Internet.

Employee Security Training
As we quoted in a recent newsletter - "Nobody Washes a Rented Car".  Basically, this means that your employees are often not highly motivated to protect your business's network security.  One of the reasons for this is that they don't understand the impact, nor how to prevent it.
 
Regulators recognize the importance of regular employee security training.  That is why an increasing number of regulations include a requirement that employees be given documented security training.
 
Conducting such training is often a burden to small businesses, given that they don't have the resources to develop or present such training.
 
As a service to our customers, we are now offering security training for your employees, based on our expertise in conducting such training as part of SAS 70 audit compliance.  This training, which involves only a nominal fee, can be done at our facility, yours, or via the Internet.  We can present our standard comprehensive training program, or one taylored to your needs.
 
Employee security training information
 
10 Common Tech Mistakes, Part I
The following is the last 5 of a list of 10 Common Mistakes made by small businesses and organizations, from an article by Erik Eckel at Tech Republic.  The first 5 were covered in the prior newsletter:
 
6) Security Failures
Security failures can be very costly.  It is estimated that large organizations lose 2.2% of their annual income due to security attacks.  While they usually have enough capital to weather the storm, most small businesses do not.
 
One particular area of concern is the PCI standard for security related to the storage of customer credit card data.  Failure to follow the standards can expose customer credit data to theft, and can cause you to lose your credit card service.
 
7) Poor Backup Strategy
In my business, I constantly deal with customers whose hard drive has gone belly up, and for which they do not have a good backup.  At yet, the data that is the life blood of your business is probably on a hard drive.  Backups are comparatively cheap and easy, so why take the risk?
 
8) Virus Exposure
You only need to look as far as the first article in this newsletter to understand the threat.  With the Conflicker virus alone, it is estamated that 350 million PCs may be unprotected due to the falure to apply Windows and anti-virus updates.  Cleaning up a major infection is an expensive proposition, both in abatment costs and lost productivity.
 
9) Spyware Exposure
Spyware may in fact be lurking on your PC and capturing your business and personal information, in many cases leading to identity theft.  The real challange with most spyware programs is that they are designed to hide themselves.  Many people have been infected for months with spyware programs they were not aware of.
 
Spyware began as a comparatively innocent attempt to capture marketing data, but in recent years has become a major identity theft tool.
 
10) Unsolicited Email
I suspect that everyone reading this article is all too familiar with spam.  Many however fail to count the cost from consumption of computing resources and lost productivity.
 
One of the most common ways for a spammer to capture your email address is via program that automatically harvest them from web sites.  Thus, if your email address is listed in plain text on your web site, you are inviting spam.