Internet Explorer Security Update


This is a follow up to our article on the Internet Explorer Security Scare sent earlier this week. Microsoft has now released a security patch to fix its weakness. Depending on your system’s update settings, this should have been downloaded by Windows. However, to check and ensure you have the patch installed, here is AGUK’s advice.

INTERNET EXPLORER LATEST UPDATE
Windows XP Users: Go to Windows Update website and follow the steps given.

Windows Vista and Windows 7 Users: Click Start and in the search box type "Windows Update" then press Enter.

In either case you will see the critical updates available. If none are displayed then your system is up to date.

FUTURE SECURITY PRECAUTION
If your computer is not set to receive automatic updates then I recommend you immediately rectify this. It is crucial for any system to automatically download and install updates daily. For more information about how to do this please click here (Microsoft Website).

CURRENT SECURITY STATUS
After you have installed this latest patch from Microsoft you can, if you wish, adjust Internet Explorer and change your browsing security from High security to Medium-High. Alternatively leave the Internet zone setting at High and instead add any trusted sites not displaying correctly at this level to your “Trusted sites” section. To do this take the following action:

Windows XP Users: Click Start > Run and type inetcpl.cpl then press Enter.

Windows Vista and Windows 7 Users: Click Start and in the search box type inetcpl.cpl then press Enter.

In either case then click the Security tab and select the “Trusted sites” zone as per the diagram below.

Diagram of required steps to take. 

FINAL SAFEGUARD
AGUK recommends you maintain up-to-date AntiVirus software and never open email attachments, or follow links in emails to unknown websites. Also, whenever you receive an update or security patch, ensure your system is set to restart automatically after installing it, or do this manually. This will ensure immediate effect of the update.

 

Internet Explorer Security Scare


You may have seen, or heard, news coverage about a significant security problem with Windows Internet Explorer. Following Microsoft’s admission that Internet Explorer was used to hack Google the German Government warned against using Internet Explorer. Now France has issued a similar warning.

INTERNET EXPLORER SCARE
Internet Explorer is the web browsing software used by many to access the internet. If you use this browser, the current flaw allows exploiting hackers to access files on your computer, to log keystrokes made, and to redirect you to specific websites. However, the advice from AGUK is not to panic but be cautious. 

To take any such advantage of a compromised system, a hacker must get you to either visit a specific website, or install a browser add-on. Depending on your security settings, this add-on (unlike software browser add-ons known as ActiveX controls) can be installed without you knowing. It is also undetected by current anti-virus software.

AGUK’s Security Action Plan
If you do not know which type of browser you are using click here and visit our browser test page. If you are using Internet Explorer there are steps you can take to reduce the risk of falling victim to Internet Explorer’s browsing weakness.

(1) Alternative Browser
You could install and use an alternative web browser. AGUK recommends Google Chrome. This lightweight browser is faster than Internet Explorer and is growing in popularity. This would not necessitate the removal of Internet Explorer.

(2) Run Internet Explorer in Safe Mode with add-ons disabled
It is possible to run Internet Explorer with all add-ons disabled. This will help prevent your browser being susceptible to this latest attack. The simplest way to do this is by creating a shortcut on your desktop. Here’s how:

Close down all open programs and on your desktop right click on your mouse and select: [New > Shortcut]. Then in the box labelled "Type the location of the item” paste the following text exactly, including the quotes:

“%ProgramFiles%\Internet Explorer\iexplore.exe” –extoff

After you have done that click [Next] and then [Finish]. A new shortcut will now be on your desktop called iexplore.exe. When you use this shortcut you will see that Internet Explorer is launched with all add-ons and ActiveX controls disabled.  In this mode it is possible some websites will not display correctly, but this is the sacrifice you must pay until the security hole is closed by Microsoft.

(3) Enable High Security level in Internet Explorer
It is recommended you follow this process in conjunction with option 2 above.

Windows XP Users: Click Start > Run and type inetcpl.cpl then press Enter.

Windows Vista and Windows 7 Users: Click Start and in the search box type inetcpl.cpl then press Enter.

You should now see the Internet Properties window. Click on the Security tab, select Internet from the zones and then move the slider to High as per the image below. Make sure you click OK once you have changed these settings.

If you have any questions or concerns about this issue please let us know in the comments.

 

Is Your Laptop Secure?



After focusing last month on the importance of mobile phone security, I received a number of emails asking about securing laptop computers. By 2011, according to market intelligence firm IDC, laptops will represent 66% of corporate purchases, with 71% of consumers opting for a notebook instead of a tower PC. In response to those who contacted me, and for anyone considering buying a laptop, here are my safekeeping recommendations.

LAPTOP SECURITY
Many office workers who have to be mobile are opting to replace their desktop system with a laptop. An average laptop has an impressive hard-drive capacity and can store a huge amount of sensitive and important data. Laptop security is, therefore, crucial.  The following tips on keeping laptops safe and secure apply to those with Windows-based software.

Encrypt Your Laptop
Entering a password to access or log into a laptop does not mean its data is safe.  Far from it.  The initial log-in can easily be circumvented, or the drive removed and accessed via a different device.   My suggestion is to use a program called TrueCrypt which creates and runs hidden system-wide encryption. It is easy to use, and free for commercial use.

Anti Virus Software
Maintaining up-to-date Anti Virus software on your laptop is vital so I recommend installing the following two programs: 
  1. NOD32. This is a low cost business-strength security product providing integrated, real-time protection against spyware, adware, viruses, worms, trojans, phishing, hackers, etc. 
  2. Windows Defender if you are using Windows XP. Windows Defender is compatible with all MicroSoft certified Anti Virus software including NOD32. Anyone using Vista and Windows 7 will already have Windows Defender. 
Back-up Your Data
Laptops are light and portable and easier to lose than PCs so backing up your data should be instinctive. New laptop users should consider online systems such as HumYowhich, once installed, automatically backs up your data securely and safely while you work.

Using Wi-Fi Safely
Be cautious when connecting to public Wi-Fi hotspots. Some access points may be set up maliciously in order to collect data as you surf the internet. To avoid such risks, connect only to access points you recognize. You should also enable your laptop’s built-in Windows Firewall.
 

Further Action
Devise your own laptop security best practice routine by checking for updates regularly. Protect your laptop when on the move in an easily identifiable case. When not in use, store it in the same place away from any temperature extremes and electrical fields. Last but least, don’t forget to insure it.

Mobile Phone Data Security


Mobile phones make life very easy on the one hand, and very difficult on the other. Here's why.

A study by TAXI, the magazine for the Licensed Taxi Drivers Association, revealed that during a six-month period a staggering 63,135 mobile phones were mistakenly left in London cabs.  If they contained customer data and information that was not secure, then their owners could find themselves in breach of the Data Protection Act.

MOBILE PHONE DATA SECURITY

Mobile phones are common tools of the trade now for many businesses. However, in recent years these devices have become much more sophisticated. Many have the capacity to store over one million emails, as well as contact details of an entire customer base and other sensitive information, such as word documents and spreadsheets.

Awareness
Think how important the data on your mobile phone is.  Be aware, too, that if your employees are equipped with a company mobile phone, they must similarly be conscious of the importance of any stored information and contact details.  We strongly recommend that you look at your own mobile device security strategy, and that of your company. 

Precautions
As a first step you should note down your mobile device’s IMEI (International Mobile Equipment Identity) number. This is often found underneath the battery and your mobile provider will require it when you report the loss or theft of your mobile.  This should be a mandatory safety measure for all staff with company mobiles.

Seven Steps to Take
Here are some of the other things you should consider in formulating your mobile security strategy:
  • Enable the “Automatic Lock” function on your device, and set the lock period to the minimum time
  • Enable the “Require Pin” function or, if the option is available, the lock device on SIM card removal 
  • If you use memory cards, enable the “Encrypt External Storage” option if supported by your device
  • Only store essential names, numbers and documents on your mobile phone
  • Check with your mobile provider if your device supports “Remote Wipe”, and know how to implement this
  • Keep your mobile provider’s number handy as they can disable your phone when you give them your IMEI 
  • Be prepared to notify the Information Commissioner and your customers if a mobile device with customer data is lost/stolen
Further Action
There may be other things specific to your business that you need to think about, and you may need to create a workplace policy to ensure all staff are aware of the implications of storing data on mobile devices.