What makes a strong password

Sadly, we have spent 20 years having people come up with passwords that are difficult to remember (and get attached via a sticky note to the monitor) but are easy for computer programs to guess. Four random words linked together are a much better solution for passwords.

Source: xkcd.com


Systems Patching Remains a Top Concern

Systems Patching Woes

Can’t keep up with system patching? – You are not alone.

Keeping systems up-to-date is a continuous challenge for firms of all sizes. This is particularly true of smaller firms that may have limited or no dedicated IT staff. These concerns are supported in the latest Shavlik 2015 Security Survey. The summary can be found here:Shavlik Summary

Here are the major takeaways:

• 86 per cent of respondents agree that Microsoft operating systems present the most consistent patching challenge to their organisations
• 41 per cent deem on-demand patching as a key pain point
• 58 per cent of respondents see Java as providing the biggest application patching worry
• 53 per cent of IT professionals expect to be more worried about system security one year from now

How we can help:

The Atteberry Group has the tools to support your entire organization and eliminate the head ache of patching. Our solution ensures that not only is Windows automatically patched on all of your workstations but as host of other key applications as well including Adobe, Java, Chrome, Firefox and iTunes. We monitor your servers and provide manual or automatic patching on a scheduled basis to ensure that you are kept up-to-date without causing downtime.

Updates are released constantly and you don’t have the time to manage it. Let us manage your systems for you and help you focus on your business.

Contact us today

DHL Delivery Receipt Scam – Oldie but goodie

DHL Delivery Receipt Scam – Oldie but goodie

Recently a few of my clients have received emails that purport to be from DHL regarding delivery attempts. I thought this would be a good time to remind everyone onhow to spot email scams.

The email information is a good give away that this is not legitimate.

DHL Phising Email

Clearly,DHL (or any company) would not be sending email from a gmail account.

The attachment contains a link that will take you to the scan site.

As always, ask yourself if this makes sense? Are you expecting a package via DHL? Would DHL use this email address as its sending email address? Take a moment and confirm that the email is legitimate.

A quick Internet search provided me with the following statement from DHL’s web sitehttp://www.dhl.com/en/legal/fraud_awareness.html#spam_viruses

Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist and the attachment may be a computer virus.

Please do not open the attachment. This email and attachment does not originate from DHL.

Using Cloud Services? How are You Managing Risk?

Using Cloud Services? How are You Managing Risk?

Most organizations are “in the cloud” to some degree. You may be running Office 365 for Email or you may be using a cloud based Enterprise Resource Planning or Accounting package. If you think that moving your systems to the cloud has eliminated risk, you should make sure you have considered these controls and know what your vendors are doing to protect your data:

1) What is being backed up and how frequently
2) What access controls are in place to prevent unauthorized access
3) What is the service level agreement (SLA) that is in place (i.e. what does your vendor guarantee for availability) and what happens if that SLA is breached

If you have questions using the cloud or your vendors, give The Atteberry Group a call today.

SMB Relay Attacks and How to Prevent the Attack from Occurring

SMB Relay Attacks and How to Prevent the Attack from Occurring:

Last week it was revealed that there is a known flaw in Windows that can allow domain credentials to be compromised. Using the aptly named SMB relay, it is possible to leak your credentials when performing normal operations including visiting a web site, using Outlook to read your email or using Windows Media Player. The attack is carried out by the attacker positioning himself between a Windows computer and a server and intercepting the traffic between the two and relaying the traffic back.

Those credentials can then be used by the attacker to authenticate as the user on any Windows servers where the user has an account, including those hosted in the cloud.

Fortunately, there is very easy fix to this problem… Prevent SMB traffic from leaving your Local Area Network through the use of firewalls. That’s all it takes, proper configuration on your firewall to prevent SMB traffic outbound.

Contact The Atteberry Group today for a security evaluation. Let us manage your security so that you can focus on your business.

Why Security Patches are Important

Why Security Patches are Important

Today is patch day for Microsoft. This time around, Microsoft is releasing four critical patches: one for Internet Explorer, one for Office, one for VBScript and one for Windows. All could allow a hacker to remotely execute code on your systems. There is also a patch to fix issues with Remote Desktop. Almost everyone is using remote desktop (often for server management) and this is a big deal.
As you can see, there are constantly evolving security threats and the only way to prevent a security incident (which is a nice way of saying someone hacked us and stole …) is to ensure that your systems are constantly up-to-date.
So, are your systems being patched? If you don’t know, or are losing sleep because you know your systems are not being kept up-to-date call The Atteberry Group at 213.393.5060 or email us info@atteberrygroup.com. For a complete list of our services, please visit our website at http://www.atteberrygroup.com