kdr ebusiness

If your PC has become very slow you may have unwittingly allowed a Browser Hijack to take control of your internet connection. Browser Hijacking is a common type of on-line attack in which hackers attempt to take control of your internet browser to change how and what it displays when you’re using the internet.

the following are indicators of a Browser Hijack:

• The home page changes on your PC.
• Links are added to websites that you would usually avoid
• you cannot navigate to some websites, particularly microsoft update, or security software sites.
• Ad popups appear on your screen with annoying regularity
• Links or popups to gaming, pornography or other unsavoury sites appear.

Preventing Hijacks

Hijacks are relatively easy to defend against and providing you take reasonable precautions your PC should remain free from problems. We would advise the following approach.

• keep your PC up to date with the latest operating system patches
• Use a good anti-virus product, such as AVG
• Load Anti Spyware software, like Lavasoft’s Ad-Aware or Microsoft’s freely available Defender
• Don’t download or allow unknown ActiveX components to be loaded onto your PC.
• Look out for Social Engineering tactics.
• Don’t download or install any software that is not approved.

any website that asks you to install a program should be treated with appropriate levels of suspicion. If in doubt, use Google to pull up some background about the website or product. Also be aware that many popular programs such as screensavers, smileys, registry checkers and PC tuneup applications have been used as methods for Browser Hijacks

If you suspect your PC is infected you should seek professional advice. Unless you are very familiar with the workings of your PC’s operating system and with the methods used by Spyware and Malware programmers, it is unlikely that you will be able to solve the problem yourself.

Bookmark to:
         

Our experience as IT Consultants has shown that Disaster Recovery (DR) plans are often inadequate to effect full recovery of critical business systems. The frequency of testing is also low and these two factors combine to create an unnecessarily high risk for business. This fact, coupled with the increased requirements for reporting on DR in the forthcoming Isle of Man Financial Services Act 2008 has placed disaster recovery back on the agenda for many Isle of Man company directors and business leaders. A recent Institute of Directors survey of SME’s also places DR and Security high on the priority list for action.
In the event of a disaster situation, you need to be certain that you can recover your critical business data and continue to run your business. So in order to help companies improve their Business Continuity planning, I would like to share with you a simple seven step framework for designing, implementing and maintaining your own Disaster Recovery plan.

1. DR Policy

The policy details why you have a plan, who is responsible for it and how is is to be resourced. Legal and Statutory obligations usually feature at key points within your policy statement. It is also important to remember that your policy should encompass people, process and technology.

2. Risk Analysis

Identify failure risks and categorise these by impact - where possible these should be expressed in financial terms. Look out for cascade effects and dependencies between systems - where the failure of one single step has a knock on effect on many others. Performing Risk Analysis (also known as Business Impact Analysis or BIA), allows you to concentrate your resources where they can create the greatest impact.

3. Controls and Preventative Measures

Many simple and cost effective methods can be employed to reduce the risk of failure. Look for single points of failure and balance the cost of implementation against the risk of failure.

4. Recovery Strategy

This is your high level document that should specify Disaster Scenarios and how you will respond to them. Typical scenarios might include: Pandemic Flu, Building Lockout, Server Failure, Power failure. The strategy document sets the targets for the DR team to meet. You must skip the detail at this stage and concentrate on objectives. In Disaster recovery parlance, the most useful here are Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). You should also consider here how you will communicate with your staff, customers, press and other stakeholders and how you will decide to invoke your DR plan. You should also consider creating a core DR team made up from representatives of each area of the business.

5. Detailed Recovery Planning

For each of the scenarios specified in the Recovery Strategy, a detailed recovery plan is drawn up. The outputs from this step are comprehensive plans for how you will achieve the strategic objectives. All areas of the business need to contribute and show that they have plans in place and that your staff are aware of how these will work in practice. Typical things to consider are data backup, telephone and telecommunications arrangements, office space, insurance. You will need to be able to demonstrate compliance with the legal and statutory requirements of your particular industry sector. All of these arrangements must be documented and lastly and most importantly, be made available off-site. You do not want your recovery plans to be locked in a building you no longer have access to!

6. Test the Plan

Once you have created your DR plan, you must test it. In some industry sectors this is a requirement that must be met annually. If you can arrange for independent testing then do so, as it can be difficult for those closely associated with the creation of the plan to remain objective when testing it. If your business is large enough you can form two DR teams, one to create and one to test. Tests can be desk-based, partial recovery or full recovery.

7. Maintaining the Plan

Change happens! As a result, disaster recovery plans must change too. Because you keep a copy of your disaster recovery plan in multiple locations, you need to make sure each copy remains current. Too often we find that planning for DR is something we do after a new business project is implemented. Embedding DR planning into your project management process will mean that new projects will trigger the requirement to maintain the plan.

If you require any assistance with your own disaster recovery planning and testing, KDR Ebusiness can help. Our experience can help you to meet your statutory requirements and reduce the business risks you face. If you already have an in-house team, we can provide an independent, external audit and test of your existing plan.

Bookmark to:
         

Because security should run through your IT like the lettering on a stick of blackpool rock, a security audit may reveal plenty of areas for improvement in your IT infrastructure. There are several frameworks you can choose to perform your IT audit. One of the most popular is the ISO 27002 standard (previously known as ISO 17799). This is a code of practice that covers the following areas:

• Structure
• Risk Assessment and Treatment
• Security Policy
• Organization of Information Security
• Asset Management
• Human Resources Security
• Physical Security
• Communications and Operations Management
• Access Control
• Information Systems Acquisition, Development, Maintenance
• Information Security Incident management
• Business Continuity
• Compliance

By assessing each of these areas in turn and by measuring your own arrangements against the code of practice, deficiencies in your IT infrastructure are revealed. Fixing those deficiencies will result in a more efficient, stable IT platform for your business.

If you would like to arrange an audit of your own IT infrastructure, please get in touch.

Tags: IT, audit, ISO 27002, ISO 17799

Bookmark to:
         

Consulting with people outside of the IT bubble reveals a lack of knowledge of many of the cornerstones of Web 2.0. With many businesses not yet making the most of the original Web 1.0 internet technologies, the hype seems to be missing the target. Sure it’s always exciting to play with new toys, but there needs to be a business reason for choosing something new. Start with a clear idea of what it is you are trying to achieve. Only then should you move on to deciding which technologies can help you to achieve your aims.

Bookmark to:
         

If your company uses Information Technology, you need an IT Operations Schedule. The purpose of the schedule is to ensure that the most important tasks are not forgotten. Another reason you need a written schedule it that it helps you to understand what you need to manage. Writing down tasks also clears up areas of doubt when deciding who should be responsible for the activities.

If your IT is really complicated then you might wish to consider a dedicated scheduling package. However for many small and medium sized companies this would be overkill. Most email programs have a very good calendar with the ability to set recurring appointments and tasks with reminders. These are ideal to create and manage an IT operations schedule.

KDR EBusiness Limited offer IT Management Services designed to reduce complexity, improve costs and ensure that your Information Technology services support your business goals.

Bookmark to:
         

The cost of a gigabyte of computer memory, over time.

1956 | 10 million
1980 | 233,000
1990 | 7,700
2000 | 13.30
2006 | 1

These figures are astonishing and demonstrates the progress that computer technology has made since 1956. Do I think that memory will ever be free? Well no, but only because we need more and more of it. For an example of what the storage requirements of the future may be, take a look at the rest of this article about MyLifeBits, a Microsoft research project.

Bookmark to:
         

Everyone with an email address will be familiar with the term SPAM. This nuisance shows no real signs of going away and those responsible for it continue to work out new ways of getting through SPAM filters.
Netriplex have this Return on Investment calculator for deciding whether to purchase a SPAM blocker. This just covers the monetary costs, as it is hard to place a value on the nuisance factor. There is also the fact that some SPAM can be offensive in nature and there may be risks to your organisation for allowing your staff to come into contact with this type of material.

Bookmark to:
         

I came across this essay from renowned security guru Bruce Schneier entitled The Psychology of Security. There are some excellent insights into why we often make the wrong decisions when assessing risks and into the huge differences that exist between the reality and the feeling of security. For those of you who are involved in risk management, health and safety or security management I recommend that you take a look. Warning: Set aside some time, this is not a five minute read, the article is 13,500 words long.

Tags: Bruce Schneier, risk management, health and safety, security management

Bookmark to:
         

Before the Internet, companies used press clipping services to understand what the market thought about them. The rise of social media means that it has become increasingly important for companies to understand what is being said about them on the Internet. Now with the re-release of Google Alerts it’s become possible for anybody to track what is being said about their favorite subject.

You can set up Google Alerts to e-mail you whenever your company name is used. Alternatively you might like to track keywords or phrases that are relevant to your businesses marketplace. It’s an important contribution to understanding how your business is seen by the outside world.

Bookmark to:
         

A recent article in the New York Times demonstrated just how insecure it can be to use a WiFi ‘hotspot’ - just like the ones you might find in Ronaldsway Airport or Strand Streets’ Java Coffee lounge.

First the bad news:

…Jon sat a few feet
away with his PowerBook; I fired up my Fujitsu laptop and began doing
some e-mail and Web surfing.

That’s all it took. He turned his laptop around to reveal all of this:

* Every copy of every e-mail message I sent *and* received.

* A list of the Web sites I visited.

* Even, incredibly, the graphics that had appeared on the Web sites I had visited…

Jon used a program called a “packet sniffer” to capture the data being broadcast by the laptop - these programs are widely available and can be very sophisticated.

The good news is that by taking some basic precautions, you can use WiFi hotspots in a reasonably secure manner and the full article lists these in some detail.

Bookmark to: