Posted by on

used with permission from Tektonika (HP), by Karen Gilleland

Unlike fine wine, your cyber assets don’t get better with age. Any PC more than four years old is not only costly to keep, but it’s also hack-friendly tech that could pose serious office security risk. Old PCs lack the built-in security triggers needed to repel the thousands of malware threats discovered each hour. With new technology, you could avoid 70–80 percent of the top malware detected.

Down-level hardware could potentially jeopardize your business—and that risk carries a price tag far exceeding an investment in state-of-the-art technology. As Two River Community Bank put it, “The risk just isn’t worth it.” There’s no reason to stick with outdated hardware, especially when computing power is growing exponentially and faster than ever. Older hardware may be costing you precious time, and the longer you delay updating old equipment, the further behind you’ll fall in the skills, knowledge, and technology needed to compete with companies on top of the curve.  Read more...


Posted by on

used with permission from Norton by Symantec

Mention “cookies” and most people expect a chocolate chip treat to appear. When talking about computers, however, cookies aren’t on the dropdown menu. In fact, they’re not even physical objects. Yet they do a great deal of the work that makes it more convenient for you to browse the Internet — and they can be troublesome if you don’t know how to clear or delete cookies.

Meet the computer cookie

A computer “cookie” is more formally known as an HTTP cookie, a web cookie, an Internet cookie or a browser cookie. The name is a shorter version of “magic cookie,” which is a term for a packet of data that a computer receives and then sends back without changing or altering it.

No matter what it’s called, a computer cookie consists of information. When you visit a website, the website sends the cookie to your computer.  Read more...


Posted by on

used with permission from FTC.gov, by Lesley Fair

Engage, connect, protect was the theme of a series of Small Business Security Roundtables the FTC sponsored last summer. We listened to businesses talk about the challenges they face in securing sensitive information and fending off cyber threats. We also heard that they want concrete advice from the FTC. For example, how can a small company – especially one that may not have the in-house expertise to host its own website – get down to business while also addressing these concerns?

In search of a solution, many businesses turn to web hosting firms to set up their website and email systems. In a just-published Staff Perspective, Do Web Hosts Protect Their Small Business Customers with Secure Hosting and Anti-Phishing Technologies?, the FTC’s Office of Technology Research & Investigation (OTech) looked at 11 web hosts that market their services to small businesses. (The Staff Perspective explains OTech’s methodology.)  Read more...


Posted by on

What are they and can they affect you?

These are two computer security vulnerabilities that were publicly disclosed on January 3, 2018.  Due to technical issues involved with modern processors, each of these vulnerabilities pose a potential risk for theft of sensitive user and system data that had previously been believed to be secure.  Both vulnerabilities take advantage of a feature of modern Intel CPU’s called Speculative Execution, this allows the processor to speed up branching operations by starting to execute what it thinks is the most likely outcome before the results have returned. In modern Intel processors this technique is beneficial as it significantly increases execution speed in most workloads. However, Meltdown specifically allows an attacker to exploit Speculative Execution and see the contents of Kernel space memory.  Spectre allows programs to execute code they should not be able to, and view data within other user-space programs. Any system that allows arbitrary code to be executed is potentially vulnerable to these types of attacks including javascript executed within your web browser.  Read more...


Posted by on

Ask a business person where their office is located and the likely answer is “everywhere.” They’re working from home, staying in the loop while traveling, and catching up on email between sales calls. For productivity’s sake, many companies give their employees – and perhaps clients or service providers – remote access to their networks. Are you taking steps to ensure those outside entryways into your systems are sensibly defended?

If your business wants to start with security, it’s important to secure remote access to your network. Here are some examples based on FTC investigations, law enforcement actions, and questions that businesses have asked us.

Ensure Endpoint Security.

Your network is only as secure as the least safe device that connects to it – and there’s no guarantee that an employee’s home computer, a client’s laptop, or a service provider’s smartphone meets your standards for security. Before allowing them to access your network remotely, set security ground rules, communicate them clearly, and verify that the employee, client, or service provider is in compliance.  Read more...


Posted by on

2018 is right around the corner, and here are our top five tips for things you can do to improve your cybersecurity in the new year. Cybersecurity has been the most critical issue in 2017, and that’s not going to change. If you haven’t begun addressing your organization’s cybersecurity defense, let’s start now!

#1 Train Your Employees

The best way to improve your IT security is to train your employees on best security practices. Educate them so they can recognize and avoid cyber threats like phishing and scams. Teach them about protecting sensitive information. Humans are the weakest link in your security defense: with a single click in an email they can open the door for hackers. You should have a network firewall, but don’t forget your employees are a firewall too.

#2 Create Security Policies & Enforce Them

Do your employees know what they are expected to do and not do to protect your data?  Read more...


Posted by on

Managed IT services, or outsourced remote network management, can help your business in many ways. It’s a cost effective way of having your IT infrastructure monitored and maintained by experts instead of hiring an IT director. Or, it can free up your IT director and IT staff to work on more important projects than daily maintenance. But other than productivity and peace of mind, what are the security benefits of managed IT services?

Here are three security advantages you get with remote network management.

#1 You Stay Updated

Basic managed IT services include running software updates, patches, and upgrades for your servers and/or desktops. Any machines covered by your contract will automatically have updates run on schedule, so you never have to worry about the time it takes to check your update status and apply patches. Instead, updating happens automatically – heading off any cybersecurity attacks that target vulnerabilities between the times when a patch is released and then actually applied.  Read more...


Posted by on

used with permission from FTC.gov., by Thomas B. Pahl, Acting Director, FTC Bureau of Consumer Protection

Who’s coming in and what’s going out? Businesses that want to stick with security build commonsense monitoring into their brick-and-mortar operations. Whether it’s a key card reader at the door or a burglar alarm activated at night, careful companies keep an eye on entrances and exits.

Your computer systems deserve the same kind of watchful attention, which is why Start with Security advises you to segment your network and monitor who’s trying to get in and out. Based on FTC cases, closed investigations, and questions posed by businesses, here are examples illustrating the benefits of segmenting your network and monitoring the size and frequency of data transfers.

Segment Your Network.

Network technology gives companies the option to link every computer, laptop, smartphone, and other device together on the same network. Of course, there may be legitimate business reasons why you need some of your data transfers to be seamless.  Read more...


Posted by on

As you may be aware, the software company Kaspersky has recently been a heated topic of discussion in the media and amongst the IT security community.   Last month U.S. government agencies were told to use other security solutions.  SpireTech, as are most IT providers, is continuing to offer and support Kaspersky products.  However, we want to make sure all our customers are aware of additional security software alternatives we offer and support. Sophos is one that SpireTech has offered for the past several years, as many of our small to mid-size clients use Sophos as their primary Firewall solution.  Sophos Endpoint Advanced Security with Intercept X offers a more advanced feature set typically found only in enterprise level security suites at affordable prices.  As a Sophos partner, SpireTech can provide any of our clients with their full range of security solutions.

Contact your SpireTech representative today to learn more about the advantages Sophos products may give your company.  Read more...


Posted by on

Much has been said about data security practices and cybersecurity measures that businesses should follow. All the information and recommendations out there can be confusing and overwhelming. Large data breaches and multiple scary ransomware attacks have dominated the news for years now. Each time businesses have to ask, “Should we be worried? Are we a target? What can we do to defend ourselves?” So here’s a short beginner’s guide on keeping your data safe and your risks low.

#1 Don’t ask for information you don’t need

Don’t ask for and don’t hold confidential information “just because”. If you don’t store Personally Identifiable Information (PII) or collect other sensitive, confidential data, you don’t have to worry so much about protecting it. Do you really need to ask for Social Security numbers? Do you need a customer’s full birth date? Ask yourself what is truly appropriate and necessary for each situation. By reducing the amount of unnecessary sensitive information you ask for, you can reduce your risks and your liability in case of a data breach.  Read more...

1 2 3 5