Link: http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

In response to the security flaws discovered and reported on March 9, 2010, as well as other cumulative fixes for nine other severe vulnerabilities, Microsoft has issued a critical security update for all supported versions of Internet Explorer. This includes IE 5, IE 6, IE 7 and IE 8. If you are using Internet Explorer, Centrend recommends that you make sure that you have run this important update.

[Cumulative Security Update for Internet Explorer (980182)]

As always, if you have any questions, please contact us for help!

- Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135

Link: http://www.centrend.com

You probably have a long list of computer passwords, for when starting up your PC, to accessing your bank account online, or perhaps when checking your e-mail. Passwords are an important barrier to accessing private, sensitive or proprietary information. An electronic password is much like a key, in the physical world, that unlocks a file cabinet. Whoever possesses the key to that cabinet will have unhindered access to its contents. But, what are the situations where computer passwords are just not secure enough?

With the physical key and file cabinet, the concerns we have are that the key could be misplaced or stolen and fall into the wrong hands. It could be surreptitiously duplicated and distributed to unauthorized people. The lock on the cabinet itself can be tampered with or simply broken with brute force. All of these concerns are the same as what we have for computer passwords. All of these scenarios do occur, even with electronic data protected with passwords that are considered strong, and therefore not easily figured out.

Once access to the file cabinet has been achieved, all the information the key was protecting is exposed. But, what if there were a way, even if the lock were to be broken open, to make it so that the contents would be worthless? It would be great if the person who breaks into the file cabinet only finds a mass of unrecognizable shredded up paper. In effect, that is what encryption helps you achieve for your protected electronic data.

Encryption is nothing new, having been around since the ancient Egyptian times in the form of non-standard hieroglyphs, which was a method of symbolic substitution for words and phrases. With encryption, there is a key which enables the data to be deciphered. Modern electronic encryption is capable of encoding data in such a way that it renders it completely unrecognizable, and there are different levels of encryption available to suit the security demand. Encryption technology today also provides us with strong key methods that make unauthenticated use of keys impossible.

So, unlike password protection, an encrypted data file has been altered, so that the key is required not only to access it, but to make it readable as well. This is very important for data that rests on a portable device, such as a laptop computer or smart phone, and media such as CD-ROMs, or plug-in USB drives, because these devices and media can be easily lost or stolen. According to the Federal Trade Commission, 49% of all reported unauthorized data breaches were the result of lost laptops or other devices.

For the protection of its residents, the Commonwealth of Massachusetts has now made it mandatory that portable devices and media are protected with data encryption technology, when personal information is present. Other requirements are that we safeguard and protect our passwords. The keys to the encrypted files, or any other protected files, still must be of adequate strength, kept safe and not duplicated, distributed or left out in the open. For most organizations, encryption technology is a matter of policy for the sensitive, personal or proprietary data that requires the greatest degree of protection.

- Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135

Traditionally, the IT staff or outsourced IT provider of any small business has been in command and control of the technology choices that are developed for the business. Careful selection and implementation of hardware, software and critical business systems is paramount to maintaining security, business continuity and information protection. Today, however, consumers often have better, faster, or more productive technology than the average small business. This presents an interesting dilemma for the business entrenched in a tough economy, which can now trade the umbrella of control for increased productivity.

Consumer devices continually become available that would traditionally be handled by the IT experts. Once high-end devices affordable only to businesses are now lower in cost, simpler to use, and owned by individual consumers. However, sometimes a little availability can be dangerous. The underlying reasons for not allowing a device onto your network may be lost in the anticipation of the increased productivity.

For example, a worker’s personal smart phone may give him the ability to answer e-mails on the run, while this technology may have been considered by the business decision-makers to be too risky or expensive to deploy company-wide. When making this decision about whether to relinquish control, the business leaders of the organization must consider the risk factors. Let’s say, for continuing the example, that the aforementioned business is a mortgage company, and the user of the smart phone receives confidential e-mail referencing the personal financial information of his customers. What is the risk if the smart phone were to be lost or stolen? Is the device handled with proper security methodology in order to prevent a data breach?

Personal laptop computers and netbooks are wildly popular and more and more workers wish to use them for working on business projects, connecting with business services and checking and keeping e-mail, contacts and other data. Not all businesses can afford to issue netbooks to its staff. Some employees will go so far as to bring in and install their own wireless access points off the company network to use their own laptop computer. All of this presents security risks, not only for data protection, but for controlling access by outsiders to your business network.

Very common is the case of the home-worker. In years past, it was not only most likely the office workstation would provide the best productivity, but it was the only workstation available that could run whatever business productivity software was in use at the time. However, today it’s not uncommon for a home computer to be newer and faster than the machine the worker has on his desktop in the office, and he has a business productivity suite, like Microsoft Office, that equals the one in the office.

Once the business has allowed its data to be taken off of its own network, all control is lost. Of course, technology is available to make remote workstations safer and more secure to a business. The deployment of Virtual Private Networks (VPN) has greatly increased over the years to accommodate the growing number of home workers. A VPN is a secure Internet connection to a remote location, where the remote user has access to the Local Area Network (LAN) as if they are right there in the same physical location. There are still issues of data use control that can’t be resolved even with a secure connection. The employee must be trusted.

Not all businesses are safeguarding personal information, and not all business need complete control over the devices used by the employees. The approach that many organizations could take is one that allows for opportunistic advantage. Embrace the idea that some of these devices may improve productivity, and then decidedly take control of their usage. Simply issue a list of approved devices to the employees. Before creating the list, examine the risk factors of the various hardware and software that workers wish to bring in to enhance their productivity and user experience. Does it pose a security risk? Will it jeopardize data integrity? Does is compromise any regulatory compliance guidelines? Only choose the devices or software that would be approved and could be controlled by your IT staff or provider.

Make the list of approved devices available to the employees, along with policies for registration and use. If you currently have devices in use in your organization that you are unsure about, consult an IT expert like Centrend.

- Bill
 
***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135
 

You will find out in the next couple days or so that a new vulnerability has been found in an Internet Explorer IEPEERS.DLL file that effects computers running every version of Internet Explorer except the latest Version 8.

If you visit a site that has been infected with the malicious code, your computer can be caused to crash (freeze requiring reboot but fail to restart) or a program of any nature can be downloaded and run on your computer.

Microsoft is testing patches right now and a fix will be available soon. Meanwhile, if you are running Internet Explorer 7 on any platform besides Windows 7, you are vulnerable.

Actions you could take:

1. Upgrade your Internet Explorer to Version 8x
2. Upgrade your computer to Windows 7
3. Browse very conservatively for the next couple days.

If you’re concerned about how to keep your computer up to date and whether you are computing as safely as you can be, please contact us for a free security audit of your environment.

-Paul
***
Paul LaFlamme
President & CEO
Centrend, Inc.
508-347-9550 x115

Link: http://www.centrend.com/erp_lessons.html

More often than not, in our experience, huge benefits are realized by the sharing of data. Keeping each team within an organization responsible for their own contribution to the data “warehouse” avoids conflict and problems between staff and systems. On the other hand, separate “silos” of information within an organization can lead to sudden issues that hinder decision-making.

For example, when operating under separate silos of data, an operations department may be compiling data all month long, and the accounting department is also, but at the end of the month, the two departments come up with conflicting reports. Had their been one central data location, such as an ERP system’s database, then both departments would be working harmoniously from the same data set, which would lead to appropriate corrective action throughout the month instead of reacting to it at the end of the month. It’s like steering your ship along the way, instead waiting until your already at the wrong spot - when it’s already too late to make course corrections.

Find out more about ERP systems by attending one of the free web sessions presented by Paul LaFlamme.

- Bill

***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135