We like to remind our clients to trust their gut as we know; offers that sound too good to be true often are.

Remember keep your documentation of online orders and especially during the holidays, check credit card statements often for suspicious any activity.

Also, always remember to ensure that the computer used for online shopping has the most recent updates installed for spam, antivirus and anti-spyware.

Federal law requires that orders made by mail, phone or online be shipped by the date promised — or within 30 days. If the goods aren’t shipped on time, the shopper can cancel and demand a refund.

Read this article of the the 12 Scams of Christmas! http://www.foxnews.com/story/0,2933,576358,00.html?test=latestnews

I am an optimistic person and I know that I am often more trusting than I should be with people. On another social network I became acquainted with this guy in Texas. LET ME STRESS THAT I MAKE NO BONES ABOUT BEING MARRIED AND NOT LOOKING FOR ANYTHING BUT FRIENDSHIP. I have not met him in person and really have little desire to go out of my way to meet him, unless I would be in Texas for some reason.

He found me on MySpace and I thought including him in my friend’s list was innocent enough. He was going through a divorce. He said was depressed and distraught. He send me messages he was thinking about ending his life. I felt sorry for him. After a while of communicating with him a few days he shared his email with me and asked me to email him so he “could just talk.” When I developed my Facebook profile he found me there. I thought OK, that it was still innocent enough.

We talked about innocent stuff. He is into the same hobbies also. I mentioned to him one time about a problem I had. The conversation continued off and on. One time I explained that I was cautious about a particular part of my hobby. His reply caught me off guard. He said, “Don’t do it unless I was there with you.” I immediately thought “What? There with me? What? He is in Texas. I am in Connecticut. I am married!”

That is when I backed off. I didn’t talk with him about it, I didn’t really talk with him about anything after that.

Whenever I signed on to Myspace or Facebook or the other social network, he was there. I would try to get me into chat. Finally, I had enough. I had explained to my husband all along what was happening. I am grateful I never shared a lot of contact information with him. I have no idea what the motivation is of this guy. It could be purely innocent. I don’t know and I don’t care. I have blocked him everywhere as of this morning, Myspace, Facebook, the other social network, and email.

His intentions may be innocent, I don’t know. However, I have no desire to find out at this point. I discussed what has happened with my husband and he is supporting my actions 100%.

Remember, if it smells like fish, it usually is fish.

http://www.readwriteweb.com/archives/fake_social_network_profiles_a.php

• Do not post personal information on social networking sites (MySpace, Facebook, etc.)
• Review your consumer credit reports annually.
• Shred and destroy unwanted documents that contain personal information.
• Don’t leave mail in your mailbox overnight or on weekends.
• Watch for people who “Shoulder Surf” when you’re at an ATM.
• Review your Social Security Earnings Statement.
• Photocopy what you carry in your wallet (besides money).
• Deposit mail in U.S. Postal Service collection boxes.

As we have blogged previously about security holes and data leakage, we wanted to alert everyone about the report by US-CERT about the malicious exploits of USB devices (which includes cameras, smartphones, and PDAs) and an earlier security tip of protecting USB devices (http://www.us-cert.gov/cas/tips/ST08-001.html).

Remember that a USB device is just as prone to malware, badware, and viruses just like any other hard drive on your system so taking the proper precautions to protect your USB device is just as critical as taking care of your company or personal PC.

A great podcast on data security issues can be found here: http://datasecuritypodcast.com, or on iTunes: http://itunes.datasecuritypodcast.com.

However, we believe they may also use a Security Certificate Trojan rather than a phishing attempt.

As always, avoid clicking on any links within emails from untrusted sources.

Even if you recognize the sender, if they are asking for any banking detail, always verify the email’s authenticity such as calling you bank directly.

In simplest terms, your identity depends on it.

Never believe that your business data isn’t of interest to people outside your business.

In today’s world of inexpensive thumb and pocket drives, data capable smart phones, iPods (Yes…iPods! An iPod can be set to hard drive mode – where you can use the iPod as a storage device for PCs and Macs.), and large storage web mail the ability to move data from point a-to-b is becoming simpler.

To truly have protection from data leakage, the detection tools have to be placed on the workstations as well as the server and network. Most large organizations have their networks setup to capture unauthorized data collection attempts, however the servers and workstations are typically left alone (or better said, left to the standard security of the operating system).

Businesses assume that the confidential information employees use daily is secure…through various means such as policies, system configurations, etc.

What is forgotten is that people will invariably find workarounds for the ability to have access to the data.

An example I’ll use is from a company I worked for in the past. The finance people started making and using spreadsheets that detailed sales commissions they could share amongst people in and out of the finance group because not everyone interested in sales commission data had access to it (the company’s procedure to get access to financial data was tedious at best). Later on, this spreadsheet got to our largest competitor who used the numbers in a campaign ad to show how we overcharged for the same services.

Another example was a client who wanted us to lock out an employee that was leaving because the reason the person was hired was that the person came to them with their competition’s information and the client did not want that happening to them now that that person was leaving their firm.

What value would you place on the above examples? How does a business prevent data getting away from the business to outsiders?

The hard truth is…securing against data leakage is not easy.

This TechRepublic article lists some simple data leakage protection strategies making it a good place to start: http://articles.techrepublic.com.com/5100-10878_11-5293877.html

Now what happens if you suffer a breach of information? The loss of large volumes of protected information has become a regular headline event, forcing companies to re-issue cards, notify customers, and mitigate loss of goodwill from negative publicity.

With these headlines, there are increasing regulatory compliance for business such as HIPAA in health and benefits, GLBA and Sarbanes-Oxley in finance, and Payment Card Industry DSS standards. Many of these regulations stipulate regular audits, which business can fail if they lack suitable security controls and due-care (processes) standards. These same regulations also have significant penalties in the event of a breach.

Your data is valuable to your business, and its safekeeping is vital to maintaining a good reputation. In addition, much data, such as personal healthcare information and financial information, is protected by federal or state legislation, and its exposure, whether intentional or not, can lead to significant fines.

Luckily, data leakage can be prevented through standard precautions such as strictly enforced authentication and authorization, and tools (beginning at the workstation level).

I’ll mention some classic ones here that will hopefully show areas that are needed to be looked at, if not closed outright.

• USB ports – Today a 4 gigabyte usb memory stick costs less that $50. Most people move their USB memory sticks from one PC to the next without concern for the fact that, as a recognized drive it is also vulnerable to viruses, malware and anything else you PC system is because it is recognized as a system disk just like the floppy days.
• CD/DVD – Again, as people move data from one point to the other many people believe that a CD/DVD is less susceptible to viruses and malware. Untrue, especially if it’s created buy another user.
• Internet - You’re probably saying “DUH” but many small companies do not monitor internet usage at their office, making them vulnerable to misuse by employees as they download programs, games or illegal software…
• Smart phones – Since 2004, there have been cell phone viruses! Really… Most smartphone users simply sync their phones constantly, potentially moving files that are secure to an unsecured device.

These examples are just that, examples. You should consult your IT professional(s) to ensure that appropriate safeguards are in place, anti-virus and patches are up to date.

Also have your IT professionals review IT security sites and publications to ensure that they are up to date on the latest threats to you organization

Well before you body slam your PC like a WWF wrestler, you may wat to utilize ComboFix, a handy little tool from our friends at bleepincomputer.com.

Their tool removes such die hards as: SurfSideKick, QooLogic, Look2Me or any combination of that group. It also does a nice job of removing those pesky Vundo infections.

One of its advanced capabilities is to identify and list recently created files which can give you clues to other infections. You can use it to unhook any dll in the system32 folder as well as delete up to 8 files using its command line functions.

Also it deletes a bunch of files related to the infections above automatically and stays updated fairly regularly (as a matter of fact, it even expires itself to ensure you have the latest version).

To use combofix, download the executable from bleepingcomputer.com to your system. There are detaled instruction located in the forums, but the simple way to run it is: to double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you which you can review.

(Note: Do not mouseclick combofix’s window while its running as it can cause the tool to lock up.)

Lastly, this is a serious tool so if you do not have a serious need for a tool like this then DO NOT USE IT! Consider it a “last resort” tool in your arsenal, as it is not discriminatory in what it will remove.

Utilize your existing tools first as they are more “user friendly” and tend to fall on themore cautious side.

As the developer himself states – “It is best deployed by those who are trained in what its findings reveal and different computers will have different infections and require different ways to remove some infections.”