Headaches using printers usually don't have anything to do with hacking, but now they do. Recent research done by experts from Columbia University have discovered a flaw in many printer systems that are connected to the Internet – a flaw that allows easy entry by hackers into the networks printers serve.

When it comes to printers, we usually think about ink, paper jams and minor irritations – but certainly NOT getting hacked. But recent research suggests that printers can be used by hackers to infiltrate computer systems.

According to researchers at Columbia University, printers that are connected to the are the weakest (and almost always unnoticed) link that can compromise an otherwise secure system. Details are emerging, as the research was done under government and corporate grants. The Federal Bureau of Investigation got the first look at the research results, followed by people from Hewlett-Packard. What is clear is that this new research reveals that printers CAN be used by hackers or online thieves not only to infiltrate networks, but also to steal personal information and even identities.

The security flaw involves the printer software used to run "embedded systems" which enables both advanced functions and connects the printer directly the Internet. Alarmingly, researchers were able to hack into a printer, and give it instructions to continuously heat up the part of the device that dried the ink after it’s applied to the paper. The resulting heat caused the paper to turn brown and smoke.

The implications of this type of security flaw are concerning, but can be addressed properly and promptly with the right planning. HP is looking into the study for their own line of printers and business owners should also take precautionary steps to protect already installed devices on their networks.

If you want to know more about how you can ensure that your systems are secure, give us a call so we can sit down with you and discuss a security blueprint that meets your specific needs.

If you are in the habit of using passwords like 'password', 'qwerty' or '123456', you may be helping hackers and online thieves steal your data. Security experts have compiled a list of the 25 most common passwords – passwords that you should avoid.

If you think using 'password' as your password is no big deal, then it's time to rethink.

Security experts have recently compiled a list of the worst passwords users can choose, and 'password' is at the very top of the list. Weak passwords make your information more vulnerable simply because hackers can guess them. It may be easier to pick a password that you don't have to think about, but it's a choice that you may come to regret.

To help you avoid common password choice mistakes that users make, management application provider SplashData has compiled a list of the 25 worst passwords to use:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Make a smart password choice Experts advise using a combination of letters and numbers when creating your passwords, and to avoid things that anyone might be able to guess, such as birthdays and anniversary dates. Passwords with eight characters or more are safer and it's best to use different passwords for different accounts and websites. Use a password manager to help you keep track of all of your passwords if you're finding it difficult to remember them all..

No matter how sophisticated your security system is, a weak password gives hackers and online thieves an advantage. Helping all the users in your organization understand the importance of password strength will help you secure the IT systems in your organization.

If you're interested in learning more, please contact us so we can develop a comprehensive and custom security blueprint that meets your specific needs.

Reference: Worst Internet Passwords

A joint operation between the United States Federal Bureau of Investigation (FBI), authorities in Estonia, and IT security firm Trend Micro recently put down a massive bot network that victimized an estimated 4-5 million users around the globe.

Four million is a big number – which makes four million bots, in security terms, a staggering and frightening number as well.

It is a good thing, then, that four million is also the number of bots taken down in a recent bust by the United States Federal Bureau of Investigation, the Estonian Police, and security firm Trend Micro. Data centers in New York City, Chicago, and Estonia were raided by authorities, shutting down hundreds of servers used to create a network of bots that spanned some 100 countries.

The said bust, dubbed “Operation Ghost Click”, is one of – if not THE – largest cybercriminal bust in history, putting to sleep a sophisticated scamming operation that victimized 4 to 5 million users and was said to have generated at least $14 million in illegal revenue.

The scam mainly involved hijacking Domain Name Server (DNS) settings in infected computers, which can be used not only to introduce more malware into an IT system, but also to hijack search results and replace advertisements loaded on websites visited through an infected computer.

While this bust does bode well for all IT users everywhere in the world, it also illustrates the scope of influence and level of organization behind security threats. Since this is probably not the only scam / fraud / botnet operation in the world, it is always best to have a comprehensive security policy for your IT infrastructure to minimize the risk of compromising your company’s data and information.

For more details on the bust, check out Trend Micro’s blog post here.

Disaster: it could be as small as deleting a critical file or as big as the natural disasters that have been striking with more intensity in the past few years. Any way you look at it, disaster will strike eventually, in some form, leaving you with a problem to solve. It’s important to have a plan for when something happens. Do you?

Most companies have at least basic protection from emergencies and disasters in place. The most common forms of protection are insurance, server and computer backup, and basic preparations as required by law. While these protective measures are considered adequate for most companies, there is still a chance a disaster will strike, leaving your company in the lurch.

In the recent months and years an increasing number of occurrences, such as the earthquake in Japan and flooding in Thailand, have caused widespread disruption to businesses. To counter this, two business initiatives have risen to the forefront: Disaster Recovery (DR) and Business Continuity Planning (BCP). In fact, these two terms have become common buzzwords, a quick internet search returns over 53 million hits on business continuity alone. The problem is that many professionals are unclear on what each really is. It’s important to be clear on each topic and the basic steps to take to be prepared for any disaster.

What is a Business Continuity Plan (BCP)? BCP, first seen during the Y2K scare of the late 90s, is a plan that covers the way an organization prepares for and maintains all critical business functions. BC planning is comprised of activities that ensure maintenance, stability, and recoverability of service before, during, and after a disaster. The plan is typically set up on a day-to-day basis, and covers the whole organization.

It’s important to have a BCP for your organization because if something happens and you can’t deliver to your customers, they will go to another company.

What is Disaster Recovery? Disaster Recovery is considered a part of the overall continuity plan that focuses on the technical side of the business, including components such as data backup and recovery. Think of BCP as an umbrella and DR is under the umbrella — if you don’t have a disaster recovery plan, the overall umbrella is more or less useless.

What Should be in Your DR and BCP Plans? These plans both share a number of similarities, generally following the same steps involving the same elements. Both plans should include:

1. An operational plan for a number of disasters that could happen in your geographical area. The plans should cover occurrences as small as computer hardware errors and as large as massive natural disasters.
2. A succession plan for you or your top management.
3. Training for substitute employees on important tasks.
4. Cross training of your employees on the basics of different roles so they will be able to take over if need be.
5. A communication plan focused on different crises, including ways of communicating if networks are down.
6. Off-site meeting places for staff and managers.
7. A focus on safety. Foster partnerships and communication with local and emergency response services: Fire, Police, National Guard, Search and Rescue. Ideally, all employees should at least know basic first aid. If you have employees who are volunteer members of local Emergency Response Services, ask them to be responsible for teams.
8. Daily plans to backup your Enterprise systems, along with training and testing of recovery of systems.
9. Training and testing of all employees to practice recovery activities in situations as realistic as possible.

It’s important that you conduct regular tests of your systems and processes, and make changes as needed. Be aware that your business is always changing and so should your Business Continuity and Disaster Recover Plans.

With a carefully prepared and practiced plan, your business should be ready to face a variety of disasters with minimal downtime. If you would like to know more about Business Continuity and Disaster Recovery please contact us.