Security Tips with Captain Security


I recently had a few people call me after they were hit with the Cryptolocker virus. I discovered that they were not backing up and lost some data. You should be backing up your data at least weekly, if not daily. This backup should be to some device or service that is not always attached to your machine. This will help you if the cryptolocker virus decides to visit you and cause harm. You don’t want to have sensitive or important files lost due to some malware. Don’t be cheap or lazy, get a good backup solution. If you need some help, I can recommend a few.


With the various threats and hackings going on these days, you should really enable your desktop firewall. While the desktop firewall will not protect you from everything, it is another layer of security to help better protect yourself. Computer security is much like protecting a castle – the more defenses you have, the better off you are. Enable your desktop firewall.


If you have a laptop that contains sensitive information, you should really encrypt your harddrive. With an encrypted harddrive, if you lose your laptop, it will make it very difficult for someone to access your sensitive data. Microsoft has a program called Bitlocker that works very well to encrypt harddrives. And the best part? Its free.


I have mentioned this tech tip before, but it is worth repeating. If you are going to do banking or anything with sensitive information, do not use public WIFI. Hackers/crackers will spoof SSID’s or do fancy tricks such as spoofing MAC addresses to capture all of your traffic. Bottom line: don’t be a fool, don’t use public WIFI for sensitive information.


The US-Cert site has a very good article located here that discusses how to avoid social engineering and phishing attacks. Since a majority of the attacks have shifted to phishing and social engineering, this is a good article to review.


Recently, I have seen a wave of emails that contain attachments with malware and spyware. The email is directed to me and it looks like a legitimate business email. For example, if your business does not do ACH payments, then you will not receive an email detailing issues about it. Think before you click.


With passwords being easily cracked, it might be time to look at two-factor authentication for important web facing systems. With two-factor authentication a compromised password becomes ineffective. This is an easy way to better protect your web facing system.


To get away from a single password that is shared with everyone, you should start using radius on your networking devices. This allows you to audit access by user accounts and also gives you the ability to audit changes. You can also setup a read-only group for users who only need read-only access.

This allows you to keep the local administrator password a secret and is a recommended best practice.


With shellshock and heartbleed threats, you might have some vulnerable security devices. You should update switches, routers, firewalls and security appliances such as RSA and SSL VPN devices. This is something you should be doing at least once, if not twice a year.


With the cryptowall and cryptoblocker virus running wild, I have had a few clients be affected by this. The easy answer is to block executables from being downloaded. This will prevent users from downloading them and infecting your network. Most modern firewalls can help with this task.