Protecting yourself from the Facebook virus

Social Networking has taken the Internet by storm with hundreds of millions of people using sites such as Facebook, Twitter, and LinkedIn.  However, this also poses a favorite target for hackers, who have recently have flooded the Internet with virus-tainted spam that targets Facebook users in an effort to steal banking passwords and gather other sensitive information.

These emails, with subjects such as “Facebook password reset confirmation customer support,” tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials.  DO NOT OPEN THESE ATTACHMENTS.  For that matter, do not open ANY attachments that request you click on them for new login information.

If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords to websites, online banking, and other critical areas.  If you suspect your account has been compromised, you are better off visiting the site directly to change your credentials rather than following the instructions or clicking a link in any email.

Once the account has been compromised, the hackers can then use it to send links to questionable sites or other attachments from that user, so the recipient may click on the link thinking it comes from a trusted source.  If you click on one of these links by accident, DO NOT install or download any software or requested programs.  These sites are designed to trick the average user by using popups to tell the user that they need to download a special player to play the requested media, or a pop-up telling you that your system has a virus and you need to download an update to fix it.

While there is no magic bullet to defend yourself against these attacks, you can certainly mitigate the risk by using common sense and questioning any link or attachment BEFORE you open them.

For Facebook users we recommend that you become a FAN of the Facebook Security page at http://www.facebook.com/help/?page=1014#!/security - there is a lot of great information located here designed to help protect your personal information.

Are you driving your business with Social Media?

Have you been seeing these icons everywhere?

It seems like overnight social media has hit the business sector hard and fast.  I am both amazed and overwhelmed at the speed and quantity of information flooding us on a daily basis and am now challenged by how to properly leverage this technology for ourselves and our clients, most of whom rely on us for sound strategic advice.

Not too long ago, we were asked how to block such sites as Facebook and Myspace so that a business wouldn't lose countless hours of productivity to non-work related pages.  Now, it is apparent that social media is not becoming and integral part of communication; not just with friends and family but also with vendors, clients, partners, and colleagues.  In fact, many businesses have removed internal messaging and chat to publicly available sites.  This saves time and money in recreating a communication media that already exists and is leveraged by millions already.   I personally avoided Facebook and Twitter as long as possible, but now find them indispensible in day to day business.  In fact, it is widely agreed that social media will replace email as the primary means of technology communication.

Now for the million dollar question... How do you leverage Social Media to make money for your business?  If you think it is just a fad, watch this video.  And amazingly enough this is already almost a year old!  Imagine the exponential increase since then!  By avoiding social media as an integral part of your business, you are avoiding the quickest and most important paradigm shift in history, and to simply dismiss it could very well be an irreversible business mistake.

Simply embarking on a blind campaign into Twitter, Facebook, LinkedIn, YouTube, and Blogging is not enough.  You must use it to actively engage your clients, partners, and prospects and make yourself relevant.  While nobody may care much about where you were eating dinner that night, your clients may well be interested in your next event, new tax laws, a special you are running, or a new addition to your team.  How about recruiting new employees, providing an additional customer service avenue or viral marketing?  You can find out what is being said about your company, perform market research, and even find new markets.  The truth is that the limitation of leveraging this exciting technology is only bound by your imagination, but you must approach it with a plan.

To find out more about how IT4 can help you leverage Social Media, please give us a call at 888-IT4-USA1 or visit our website at www.it4yourbusiness.com to find out about our next social media learning session.  Of course, you can always follow us on Twitter, become a fan on Facebook, view my LinkedIn profile, and subscribe to our blog.

How are you using Social Media in your business?

What is 201 CMR 17.00 and should I be concerned?

MA 201 CMR 17.00 is widely considered the nation's most comprehensive data protection and privacy law. After multiple delays, it goes into full effect on March 1st, 2010. In short, the law mandates that businesses, non-profits and other non-government entities follow a set of "minimum standards" to protect the personal information of Massachusetts residents. This includes personal information in connection with the provision of goods and services OR for the purposes of employment. This law comes hard on the heels of several security breaches in Massachusetts from such companies as TJX Corporation and BJ's Wholesale club, and is sure to set the standard for protection in other states.

The problem is that many small businesses don't have the time, money, or resources to devote to 201 CMR 17.00 compliance and still others either have not heard of this regulation or feel they should not be subject to it.

There will certainly be many factors that will determine whether the AG's office pursues enforcement action following a data breach, including the specifics of the breach and how many Massachusetts residents may be affected. Signs of intentional criminal theft and the steps the victim organization takes following the breach would also prompt enforcement of the new law. Other factors will include the breached organization's size, resources available, adherence to its written information security policy (WISP) - a top requirement of MA 201 CMR 17 - and whether it was technically feasible for it to have implemented measures to prevent the breach.

While the compliance standards may seem overwhelming, there are checklists, guidelines, and frequently asked questions available at the Massachusetts Office of Consumer Affairs.

For those not yet in compliance, we recommend a fast-track approach by following three steps:

1. Appoint a person in your office to act as the Information Security Manager (ISM).
   
   
2. Write, Implement, and Approve a Written Information Security Policy (WISP). This is the core of the new regulation.
   
   
3. Have the ISM train your staff on the new ISP (Information Security Policy) and audit compliance on a regular basis.

Having a WISP in place is very much like having a written business plan. It takes a lot of work up front, but ultimately will be the best thing you can do for your business, employees, and clients. It will be far less effort to maintain in the long run and help both organize and protect your data.

Your IT department (internal or outsourced) can help you with the technical requirements, but for those who lack the time or resources to write and implement such a plan, please call our office at 888-IT4-USA1 and speak to one of our compliance consultants.