Keyloggers monitor computer activity by capturing the keystrokes of the computer user.  The captured information is then sent to some individual(s) who should not have access to this information.  This should be a concern to all computer users who log into and access email accounts, online accounts, bank accounts, and other such information that should not be shared with others.  With a keylogger, someone else can capture this information and use it to gain access to any account or system that has been logged into.  Also, depending on the keylogger capabilities, all the information the user views can  be captured and sent to these individuals.  Keyloggers allow others to bypass security measures you have in place, and that is never a good thing.

Keylogger Types

Keyloggers are usually either a hardware device or a software application.   Hardware keyloggers are usually inserted somewhere between the computer and the keyboard.  Most of these devices are made to look like a computer adapter or extension to the computer keyboard.  Some hardware keyloggers have even been embedded in the keyboard itself.  Since hardware keyloggers must be physically installed by the attacker, attention to your business’ physical security, especially access control to your site, takes on an added importance.  Also, checking what is attached to your computer or computer keyboard should be done on a regular basis.  Unfortunately, very few people inspect their computer after the initial setup.

Software keyloggers are usually installed on your computer(s) when other malware or malicious code infects your system.  They can monitor your computer activity by capturing every key stroke you make on the keyboard, or they may actually capture the keystrokes before they are processed by the computer.  Either way, the information has been stolen.  Also, some software keyloggers are set up to infect and capture the information you enter when using your web browser.  This type is usually looking for on-line bank accounts or other financial information that you may be accessing or using on-line.

Dealing With Keyloggers

I would recommend that most small and medium-sized businesses consult an IT professional or security professional experienced in this issue for assistance in dealing with keyloggers.  Research and line up such a professional prior to needing their assistance so you are not rushed when you need their help.

To protect against software keyloggers, it is best to use the same or similar defenses you use to protect your computer against any type of malicious software.  If you prevent malicious software from infecting your system, you will usually also protect against the installation of a software keylogger.  Good anti-virus software and anti-spyware software are a good start.  We use AVG, Spybot Search and Destroy and Ad-Aware on our Window systems.  Make sure, as in most security issues, that you update and patch the operating system as well as applications and web browsers you have on your system.  Don’t have users run as administrators.

Preventing hardware keyloggers requires good physical security.  Users should also make it a habit to inspect their computers on a regular basis and ask about anything that appears to be unusual or out of the ordinary.  If you have IT personnel on-staff, have them also inspect computers as they are servicing and maintaining them.

I would love to hear about any experiences you may have had with keyloggers and how you or your company dealt with the issue.  Just leave a comment.

Post from: Business Security Information © 2010

Does Your Computer Have a Keylogger?

Related posts:

1. Rootkits
2. Is It Time To Change Web Browsers?
3. Malware

If you are using or plan to use Facebook or other social network for business, you should ask yourself some questions.  First, what is your purpose in using Facebook?  Is it a marketing tool to attract new customers, a way to stay in touch with current customers or employees, or some other business-related purpose?  If you do not have a strong reason for using Facebook or other social networking sites, then you can stop using Facebook and stop reading this article.  If you do have a compelling reason, there are four main ways to protect yourself, your privacy and your business when using Facebook.

Protecting Yourself on Facebook

Anytime you share some of yourself or your business on-line, there will be some risk, but you can still take some basic steps to protect yourself and your business when using a social networking site such as Facebook.  While the measures discussed here are specific to Facebook, the basic principle can still be applied to other social networking sites beyond Facebook.

1. Know and understand the security and privacy settings for any site you are using. Configure them in a way that best protects you and your business.  This is probably one of the most critical steps you can take to protect yourself and your business.  Use the built-in security and privacy settings to control what information is shared with others.  Understand that this  should be an ongoing task since many sites such as Facebook make continuous changes or improvements to their services.  In addition, you should only share your information with just your Facebook friends and not the general public.
2. Don’t be friends with everyone. Even if you are using it as a marketing tool to build your business, you should not accept everyone as your on-line friend. In the case of a business Facebook page, you probably want to attract more “friends” than on a personal account because you are trying to increase customers. Have the same mindset, though, as when you filter spam comments from a blog or emails.  You don’t have to accept everyone.
3. Only install add-on applications on Facebook if you really need them or will use them. Add-ons can often make your Facebook page more vulnerable and, depending what applications you use, may be giving others permission to access your information as well as any of your friends’ information.  Only use applications that you are familiar with and from sources that you trust.  Also, remove any unused applications.
4. Think before you share any information. Go by the old, government adage “Need-to-Know.” Limit the information your share and give to others.  Look at it like a criminal would and determine whether the information could harm you or your business.  This includes not listing your birth date, home address, children names, personal or home phone numbers and other related information.  Hopefully, I do not need to remind anyone not to list their social security number or credit card information.

These are a few basic things you should be aware of before you start using or continue using Facebook.  Grow and prosper your business using social networking sites such as Facebook, but always be aware there are those out there that are trying to take advantage of you and your business.  Leave a comment if you used any specific measures that were successful in protecting you and your business.

Post from: Business Security Information © 2010

Using Facebook For Business

Related posts:

1. Risk of Social Networking
2. Obfuscated What?
3. Be Careful What You Say

One of the keys forms of information that has been useful, but sometimes hard to get a hold of depending on where your business is located, is local crime data or information.  These statistics are important in determining what kinds of physical security a business needs.  Surprisingly,  not all police departments could be depended upon to supply local crime data.  Even 15 years ago or more some local police departments gave you crime data if you asked but others did not.  Today the internet has improved this situation and has allowed police departments to easily share this information with the public.  Below you will find some of the sources of crime data available on the internet.

Crime Information Resources

This is not an all-inclusive list but are ones that I feel provide valuable information which you need to make informed security decisions that will save you time and money.

1. Spot Crime – This site gathers information from news stations in the US, Canada and UK.  It then plots the crimes on the website map.  The site allows you to view the information for free (at this time) by clicking on the country, then the state, and then individual locations.  As with most of these sites, your location determines the scope of the information.  The one thing I really like about this site is that you can create an account on the site and receive local crime alerts via email or cell phone messaging.  When you sign up, you can select the radius around your business in which you would like to be notified.  In addition, this site provides crime data for some international locations as well as a page for user-submitted crimes.
2. CrimeReports – This site covers only the United States and Canada but has a very simple interface.  Simply clicking on a state on the map will show the locations that they currently receive and have crime data for.   This site also enables you to receive crime alerts via email and select a radius from a particular address to be notified when a crime occurs.  There is also an analysis page that allows you to visually see the breakdown of the crime information.  Additional tools can be found on the site as well.
3. CrimeMapping – This is very similar to the other sites already mentioned, but it does not provide crime data for a number of states.  If the data from your area is available, you can receive email alerts from this site as well as the option of choosing how many miles from your location and the type of crime(s) you wanted notified of.  This site is very user-friendly, and the only issue I had with it was the number of states not currently covered.

All three of these are very similar in the service and information they can provide you and your business, but from initial use I would currently recommend the first two, SpotCrime and CrimeReporting.  This is due to the coverage they provide for most states as well as additional tools they have available.  Don’t take my word for it, though.  Take a look at each one and see which will provide you with information that is most useful to securing your business.

One additional source that I have used quite frequently in the past is the CAP Index which is not a free site.  You will have to pay for these reports, but the quality of the information you get is quite good.  The CAP Index goes beyond just crime data and uses other indicators of future crime or security issues related to your location.  The information in these reports are especially useful when conducting an initial security assessment for your business.  You can view samples of their reports on the site to get a better idea if their reports may be beneficial.

By continually taking a look at this type of security information, you can adjust your physical security to protect against current crime trends in your area.  Leave a comment if you have other sources of security information that a business may find useful.

Post from: Business Security Information © 2010

Protecting Your Business With Superior Information

Related posts:

1. Physical Security Issues in the Hospitality Industry
2. Addressing the Most Important Business Security Issues
3. Disaster Planning For Your Business

Often times, businesses implement some type of security procedure only to find out later that it is not being followed by some of its staff or employees.  This is exactly what was occurring at this gas station.  There were two cashiers in the structure, but, I would presume for convenience sake, they had the deadbolt set to the closed position (meaning the deadbolt is sticking out of the door) while the door was open.  When the door shut, it stayed unlocked because the closed deadbolt hit the door frame and kept the door from latching.  All the time, money and effort put in to protect this gas station and its employees was for nothing because the door was kept unlocked.  It would have been bad enough to have the door left closed and unlocked, but with it basically being propped open with the deadbolt, it was visible to anyone outside of the cashier structure that the door was unlocked.  It would be easy for someone to get inside the cashier area to rob them of the money or to steal cartons of cigarettes or other products stored in this secured area.

There are probably similar situations in your own business where employees don’t follow the security procedures you set up to protect them and your business.  First, look at why the procedures are not being followed.  Is the procedure interfering with the business processes so that employees have to circumvent security to get their job done?  If this is the case, find ways to change the policy so work can be done but also in a secure manner.  If employees are circumventing security because they just don’t like following it, then you need to assign someone the responsibility to audit or review your security on a regular basis.  By doing this, you can correct the situation with your employee(s) before something bad happens.  Attention to the small details can prevent the defeat of your business security measures.

Post from: Business Security Information © 2010

Why is the Door Unlocked?

Related posts:

1. Security Door Plates
2. Door Security Solution
3. Bulletproof Enclosures

A survey came out this year covering the crimes that occur most often at hospitality businesses such as resorts, hotels, clubs, conferences, and other similar types of businesses.  It is always interesting to see what type of crime or security issues occur in general as well as to specific types of businesses.  Having this type of general and specific crime information makes it possible to better protect your business .

The following crimes and their percentage of occurrences were reported by the hospitality industry :

1. Larceny or Theft – 94%
2. Aggravated Assault – 39%
3. Burglary – 35%
4. Auto Theft – 32%
5. Robbery – 23%
6. Sexual Assault – 23%

Obviously, the hospitality industry experiences a number of crimes that could contribute to poor public relations and civil liability.

While the information from this survey is one possible source of data that you can use to protect your business, you should also include local crime statistics which can usually be gathered from your local police department.  Information contained in a survey such as this one applies to a whole industry while local crime rates will really narrow your focus as to what type of security issues your business may need to prepare for.  By combining the survey information and local crime data, you can really put your time and money resources to their best use when preparing for security issues.

Crimes statistics for the area surrounding your business can also be another good source of information.  If you live in an heavily populated area, the local police maybe be able to give you crime statistics broken out by a specific distance from your location.  If you don’t live in such an area or the local police cannot provide this type of information, make friends with other local business owners.  By befriending other businesses in the area, you can start sharing crime and security information with each other and gain another excellent source of information.

Use the information from this survey and other data you gather to guide your efforts in protecting your business.  Having the right information allows you to make good decisions that will build and protect your business.

Post from: Business Security Information © 2010

Physical Security Issues in the Hospitality Industry

Related posts:

1. Protecting Your Business With Superior Information
2. Addressing the Most Important Business Security Issues
3. One Key Ingredient To Good Security

ATM skimming involves criminals planting or installing fake card readers on ATM machines and other places you use your credit or debit card, including gas stations and other similar types of businesses.  Research data shows that approximately ten percent of fraud victims experience ATM cash withdrawals while nearly twenty percent have their PIN numbers also stolen.

Skimming Harder to Spot

ATM skimming has become harder to spot because those making these devices are making them to a much higher quality then they have in the past.  They may use the same types of paints, finishes and materials that the ATM makers are using which makes the skimming devices blend into the machine.  This makes them more difficult to detect just by looking.  Also, many of the newer skimming devices use either blue-tooth or GMS cell signal to transmit the information to the criminal which means they never really have to return to get the information from the skimming device.  With these improvements,  it makes it much harder to catch ATM skimming.

At the time of this writing, a good quality skimmer costs in the neighborhood of five to eight thousand dollars.  Some of these skimmers also come with not only the reader but also a keyboard overlay.  A keyboard overlay allows the criminal to capture the PIN information without installing  some type of hidden camera to capture the PIN information.

Securing the ATM

To protect yourself against ATM skimming, refer to the previous ATM Skimming article that I wrote.  Also, ask your bank or financial institution what measures they are taking to protect you from ATM skimming.

In an effort to prevent ATM skimming, many banks or financial institutions have added bevels to the reader and keyboard to make it harder to attach skimming devices.  Also, some ATM’s include a sensor that detects when another device is attached to the ATM, letting bank employees know that there may be a problem with an ATM.  Frequent physical inspection of the ATM should also be done on a regular basis.  Standard  ATM’s that are individualized by each bank would be easier to spot when even a quality skimmer device has been added.  This can be done by adding custom stickers or other visual clues that make the reader and keypad area unique so that any change to this area of the ATM would be more apparent to the customer and employees inspecting the ATM.  Lastly, if your bank or financial institution uses fraud detection software, make sure that you keep your contact information up-to-date so they can contact you quickly if they suspect any fraud.

The use of smart cards has been suggested to address ATM skimming.  Even if banks and financial institutions switch to this type of technology, though, be aware that a new method to beat the new technology will be developed.  Security is an arms race which requires you to stay up with new security threats and issues so you can adequately protect your business.  Business Security Information is one source you can use to keep up on security issues related to your business.

Post from: Business Security Information © 2010

ATM Skimming Hotter Than Ever!

Related posts:

1. ATM Skimming and Other Fraud Methods
2. Smishing
3. Does Your Computer Have a Keylogger?

One of the key components to this scenario is the doors that the robber(s) used to enter and exit the business.  When the police arrive, does it matter what door they are let in?

The answer to this question is that the police should be let in the door that the robber(s) entered from because any fingerprints from the robber(s) would be on the outside portion of the door  and would be of little value as far as evidence.  If the robber(s) fingerprints are on the inside of the door they exited,  the fingerprints would place the criminal(s) inside the business that was just robbed.

How to Respond After a Robbery

After a robbery, lock the doors to make sure the robber(s) do not come back and that no witnesses leave or new customers enter the business.  Once the police arrive, let them in the same door the robber(s) entered your business.  If the robber(s) exited the same door they entered, have the police enter through a different door for your business so that no evidence is compromised or destroyed as you are letting the police into your place of business.

Depending on the situation, you may use the phone to call the police or set off the holdup alarm if you had one installed for your business.  Develop procedures to follow after a robbery and train your employees in these procedures.  It is also a good idea to have laminated cards made up with the steps to follow after a robbery.  If the laminated cards are at each workstation and employees have access to grease pencils, they can easily mark off each item as it is completed.  With this type of setup, procedures are not forgotten by employees and the greatest amount of evidence can be preserved to catch and prosecute the criminal(s).

Attention to details makes a difference when trying to secure your business as well as dealing with a security incident such as a robbery.  It is the details that will allow the greatest amount of evidence to be preserved and your business to get back on track quickly.  Plan ahead now before you need it!

Post from: Business Security Information © 2010

You Survived a Robbery – Now What?

Related posts:

1. Robbery Security Measure
2. Greeters Help Improve Security?
3. Retail Security Cameras

A little over a week a go, Microsoft announced that Windows could be attacked using a shortcut vulnerability that would allow attackers to infect a Windows computer with the use of a drive-by download attack.  You can read details of it on the Microsoft’s Security Advisory webpage.

Basically, Windows contains a flaw in how it handles shortcut files.  If an attacker creates a malicious shortcut file, the attacker can automatically execute malware whenever a user views the contents of a folder that contains the malicious shortcut file.

The Shortcut Attack

According to the latest research, all versions of Windows are vulnerable,  including Windows 2000, Windows XP, and all newer version of Windows including Windows 7.  When an attacker sets up a web site or a remote network share containing the malicious shortcut file, a person simply has to browse the site using Internet Explorer browser or Windows Explorer for Windows to try and load the malicious shortcut file.  These are called drive-by attacks which are especially dangerous forms of attack since they do not require any action from the computer user other than to browse the malicious website or a legitimate website that has been compromised.

Right now, it does not appear that the attack works on Firefox or Google’s Chrome browser.  It does work on Internet Explorer 6 and newer versions of the browser.  On the newer version of Internet Explorer, however, it does require some user interaction before loading.  These drive-by attacks using the shortcut vulnerability work using Internet Explorer 6, 7, 8, and 9 with Windows XP but not on the newer Windows 7 operating system.  Windows 7 creates some pop-up warnings which might protect the computer user if they understand the pop-up warnings.

The Security Fix

At the present time, Microsoft does not have a patch for this shortcut vulnerability but they have come out with an automated “Fix It” tool that will allow users to automate the process of turning off shortcuts.  The problem with this is that icons on the desktop, taskbar and Start Menu are transformed into generic white icons when the “Fix It” tool is used.  This makes it impossible to tell at a glance what icons represent your browser, a Word document, or other files or applications.

Microsoft has also advised network administrators that they can defend against the attacks by blocking shortcut files at the perimeter of the network.  Until there is a patch from Microsoft, watch your browsing habits.  Also, use the “Fix It” tool if you can use Windows with all the icons looking the same, and block shortcut files, if you can, on the perimeter of the network.

Post from: Business Security Information © 2010

Microsoft’s Shortcut Vulnerability

Related posts:

1. Is It Time To Change Web Browsers?
2. Choosing a Secure Web Browser
3. Rootkits

Recently a security researcher, Thomas Ryan, set up accounts on these three main social networking sites using a fake person’s profile and purposely set out to “friend” the security, intelligence, government and military communities to see if they would fall for the scheme and to show the risks of social networking sites. Mr. Ryan made parts of the profile obviously fictitious. For example, he gave the fake 25 year-old female ten years work experience and other obvious clues. In the end, he still had over 200 friends on each one of the sites in a period of a month.

Having “friends” is not a big thing, but having people share personal information, photos, documents and other related information with someone they never met is risky. In this case, a number of people from security and intelligence communities, who should know the risk of sharing this kind of information, freely shared personal information with a total stranger. According to Mr. Ryan, through this fake female profile, he was able to have access to documents, email and even bank accounts. Also, LinkedIn profiles would show patterns of new business relationships and other similar types of “innocent” information.

There are a few take-aways I would glean from this security researcher’s experiment:

1. Look at your use of social networking sites. If it does not benefit your business by driving traffic or sales, I would not use the site(s) for business purposes.
2. Information that does not promote your business should not be shared with others outside your business. Make sure information is protected and cannot be shared with anyone you don’t really know.
3. Make sure any personal information that you share is not a risk to you or your family.
4. Be careful who you allow as friends! If you really don’t know the person, don’t make them a friend.

There is no perfect way to protect you and your business information, but a little caution goes a long way. I think in the case of this security researcher’s experiment, it helped that the fake profile was of a young attractive female, but I also think that even those in an intelligence or security profession who know better can get complacent. Don’t get complacent; stay on guard to protect yourself and your business.

Post from: Business Security Information © 2010

Risk of Social Networking

Related posts:

1. Using Facebook For Business
2. Social Engineering Means What?
3. Be Careful What You Say

At this point, physical security systems mainly consist of video or security camera systems along with access control systems.  Just as I wrote in a recent article on copier security issues, most of these systems have vulnerabilities and are subject to network attacks either from outside a business or from those within a business, such as employees and third-party contractors. Lately, there have been attack methods published on both networked video or security camera systems and access control systems.

Security Camera System

At the last DEFCON conference, a security research firm showed that a brand-name security camera system was vulnerable to attack.  In the demonstration, the firm simply captured some video footage of an object and replayed it so that when the object was removed, it still appeared to be in the same location.  It reminds me of some older action movies and TV shows which portrayed this kind of event as fiction.  Now this type of capability is reality for those with the necessary technical skills.

You can download and read more about this type of attack from the DEFCON site or listen to audio of the presentation along with other resources on this DEFCON resource page.  Make sure you scroll down to the “Advancing Video Application Attacks with Video Interception, Recording and Replay”, which is a little over half way down on the page.  The audio and PDF versions of this information are available on this page.

Access Control System

At another security conference, a security researcher showed how a networked access control system could be attacked.  The researcher showed how he was able to gain access to the system as well as how to search the internet to find access control systems which are vulnerable to attack.

You can view and download the security researcher’s presentation of the access control system attack .  It will help you gain a better understanding of the vulnerabilities you might face if you are currently using a networked access control system or are considering one in the future for your business.  The video is quite lengthy but does provide some good information if you are considering using a networked access control system.

While no computer or networked device is a hundred percent secure, make sure that you understand and know what security features the system has prior to purchasing and installing them on your network.  The capabilities and features of these types of networked physical security systems are constantly changing and improving so my best advice is to be aware of the issue and shop around before installing one on your network.  Also, you should do a web search for security vulnerabilities related to specific devices or systems.  Then, evaluate the security of your business network overall because poor network security or changing things on your network such as adding a networked physical security system can affect your overall security.  Lastly, make sure you change the default passwords on networked devices before deploying them on your network.  This is a simple but often forgotten security step.

Leave a comment if you can provide further insight regarding networked physical security systems or have installed such systems on your own business network.

Post from: Business Security Information © 2010

Physical Security Systems on the Network

Related posts:

1. Security Issues With Network Devices
2. Security Camera Systems
3. Should Your Business Use Security Cameras?