OST Kitchen

We all received the apologetic email when Zappos.com customer’s credit card information was hacked. (All of a sudden those boots you got for 50% off could have ended up costing a lot more than expected!) And again, another apology note when 6.5 million LinkedIn users’ encrypted passwords were leaked on a Russian hacker forum in June. The stories of corporations who’s IT security was compromised are unfortunately a dime a dozen. But by working with trusted companies such as OST who focus specifically on security is one simple step towards protecting your organization from a catastrophic breach. We have put together a basic list below of the top 10 security mistakes that a company can make. These common mistakes seem like a small slap on the wrist to some, but for those of us in the technology industry, the smallest insecurities can lead to the largest problems.

The 10 mistakes we chose were rated by analyzing the highest volume of protected data access, ability to cause the greatest “harm” to the organization, ease of which the mistake can be taken advantage of, ability to use that mistake to breach the entire organization, and the consistency of the mistake. With this in mind, let’s take a look at this list, shall we?

1. Reliance on Vendor or Installer to keep you secure. Just because they set up a network for you, doesn’t mean they locked the door on the way out. Certain IT firms may not feel it practical or necessary to consider security when setting up a network. I have seen many organizations who once thought their networks were built tough from the get-go because they hired the “best” IT Company to set it up. This false sense of security can most assuredly lead to a breach, and affects the industries of Healthcare, Financial and Retail.
2. Weak or Trivial Passwords. I hate to be the billionth person to say this, but “drowssap” or its less secure friend, “password” have never cut it, and will never cut it as secure passwords. I won’t spend much time going into other insecure passwords, you can see a great guide here, but the fact that trivial passwords are still being used is almost comical – until all of your company information is stolen. Half of the organizations I have worked with have had at least one account that is left blank or “password”, and this issue most affects healthcare organizations and small businesses.
3. Consistent Passwords. Your fine-tuned 8 character, lowercase, Twitter password would take just a few days computing time to be cracked by a brute force attack.  So what? It’s Twitter. But what if you used that same password for your corporate mail server? How long would it take to crack that? About 2 seconds. If you used the same password for your social media, email, webmail, phone and everything else, those passwords have already been broken and can be used to gain access to the entire company’s network.
4. Missing Security Updates/ Patches. Hackers are always looking to stay ahead of the curve. Whenever they invent some new way of breaking into a computer, the security programs will find a way to defend against it, and send out an update to their users. These updates must be installed immediately and correctly to ensure your network is up to date on all the latest exploits.  What’s more: these threats are universal they affect all operating systems, in all industries at all different threat levels.
5. Scanned documents on “Multi-function devices”  Those balance sheets you scanned on your Multi-function device (That printer in the copy room) are still sitting in that machines’ memory, and hackers know it. Finding and instantly deleting files that contain protected data is one way to avoid these leasing concerns, or keeping the files to send to other machines. This exploit also affects all organizations, and has a special taste for financial documents.
6. Not changing default login credentials.  All new wireless devices come with an admin username “Admin” and an admin password “Password”. These credentials are publicly known, (See what we mean?) and if a hacker can get into your network, he or she can change these credentials to lock you out, and your data in. Ensuring your IT department has changed the default logins on all of your wireless devices is one more hurdle for hackers to jump to gain access to your data.
7. Open Network Shares. This mistake is usually user based. Employees sometimes take computers home, and want to share media with other computers or devices. This is fine if there weren’t also financial and protected information. This exploit not only provides access to data, but an easy way for them to distribute viruses and malware to the entire network.
8. Not planning for lost, stolen, discarded or sold computers. These computers all have access to your organizations network, and sometimes these computers are lost, stolen, discarded or sold. Work out a plan to recover data or prohibit that machine from re-accessing the network before they are lost, to ensure maximum security. These simple means are rarely addressed, and for the greatest threat to loss of “consumer information”.All industries are affected by this.
9. Improperly configured Wi-Fi or improper use of Wi-Fi. What was secure a year ago has a greater risk today, because of the pace at which these methods advance. Open Wi-Fi, or unsecured Wi-Fi, can be a large threat to an organization, and can offer a “hidden” way to gain access to the organization. New techniques outline ways for hackers to piggyback their internet activities through your network, so you get blamed for their seedy downloads and web history.
10. Antivirus not installed or out-of-date. This issue is likely the most costly of them all. A computer without antivirus is like rolling out the red carpet for hackers, just pleading them to come on in. All industries are affected by this, and a simple install of antivirus or updates can clear this problem.

If you find yourself with questions around your organization’s security, don’t hesitate to call us. Click here for more information.

Listen to this information on WGVU’s “Tech Talk”  with Shelley Irwin, broadcast Thursday, October 11.

—–

W. Scott Montgomery

W. Scott Montgomery joined OST in the spring of 2009 as the Manager of the OST Security Practice. Scott comes to OST with over 30 years of IT and IT Security related experience.  Scott has personally performed more than 700 Security Assessments for several hundred organizations. Using a proprietary and unique assessment approach, developed by Scott and used since 1998, the OST Security Team has the ability to gather, analyze and assess the security of any organization. The Montgomery Method ™ guarantees comprehensive security results for even the most complex of computing environm

This summer, OST challenged companies to THINK BIG – and award the top 4 ideas with $5000 worth of technology services.

The top four winners include:

• Doorganics, a farm-to-front door food delivery service located in Grand Rapids, Michigan.
• FoodCircles, a local start up encouraging those dining out to ‘BOFO’ (buy one, feed one) through their mobile application that has been created in collaboration with local restaurants in West Michigan.
• VN Barr from Humility Publishing LLC, a publishing company in Minneapolis, Minnesota which is interested in digitizing company’s historic documents and data in order to create an accessible web library.
• 911 Family Alert System  from Brad Spurlin. Real-time updates and GPS coordinates of family members who dial 911.

One of the winners, Doorganics, was thrilled about the business growth that they are anticipating from OST’s contribution. After their launch in August of 2011 they have continued to expand and are at a critical stage where optimization of their operations is imperative to support further expansion. Mike Hughes, owner of Doorganics stated,

“We [Doorganics] are a small company at the brink of very fast growth. With support from the expert minds and talent at OST, Doorganics will be positioned to accommodate many new customers in a very streamlined fashion. We are grateful to have companies like OST in the community that support and encourage entrepreneurship and innovation.”

In Grand Rapids, Foodcircles will be receiving some OST love.  ”We want to repurpose the way that people dine out,”  says Foodcircles founder, Jonathan Kumar. FoodCircles reaches for this goal by donating a meal to a child living below the poverty line every time a person dines out using their web-based or mobile app. Called the BOFO (Buy One, Feed One) movement, this one-for-one concept is powered by an array of innovative technology; everything from a highly interactive mobile app for Android and Apple to a unique call-ahead program that creates reservations at restaurants with the touch of a button.

We will also be assisting VN Barr, out of Minneapolis, Minnesota, with business process solutions as he explores ways for companies and universities to digitize their collections of data and turn them into web libraries. “Would you believe the Frank and Lillian Gilbreth collection and the Randy Shilts collection, as well as many other donations that are sitting around unable to be used because no one has the time to digitalize and index them?” asks Barr while explaining the importance of the accessibility of knowledge through technology.

Last but definitely not least, 911 Family Alert system will allow real-time updates and GPS coordinates of family members who dial 911. The application will be coordinated between family devices. If a family member were to dial out to 911, a GPS tag and real-time alert would notify the family. These alerts can shorten the time parents and family members have to respond in emergency situations where the caller will be busy speaking with the Emergency Responder.

We are excited to share their expertise with these four forward thinking organizations. “There are so many potential opportunities for companies to leverage technology which can dramatically improve business,” said Dan Behm  “and here at OST, we want to continue encouraging companies to be creative, think bigger, and explore what possibilities exist within their business.”

A crew of approximately thirty OST people gutted it out in ninety degree heat on Friday to make a difference in our community.  Some of the projects they completed included building a new fence in the back yard, weeding and rototilling the back yard, building a block wall in the front yard, painting the base of the house, siding and roofing a shed, and laying sod.  Pictures can be found at OST Habitat Pictures on the OST Facebook page.

If you’re interested in learning more about Habitat for Humanity of Kent County or would like to volunteer, visit their website at www.habitatkent.org. We had a remarkable experience working with their skilled staff and dedicated volunteers!