Common Security Misconceptions.
Here are some very common misconceptions that people have about computer security. These are actual customer statements made to me over the years.
1. "My server is in a locked room, and no one physical uses it, so I don’t have to worry about security…"
Someone doesn’t have to be physically in front of a computer in order to infect it or your network.
A person who made this statement to me was recently infected with a catastrophic virus. This virus stopped and disabled vital services, deleted ALL of their databases, and infected all of their application executables for their main POS application. After the virus was removed, the main POS application had to be re-installed and the database restored from a backup. If it weren’t for database backup, they would have been required to recreate all their data from scratch.
The source of the virus was later determined to have been a borrowed USB thumb drive that was infected. The users home laptop was infected after the thumb drive was inserted. Since the laptop had no security service packs or A/V software updates for at least (2) two years, it had not protection against the current viruses. The thumb drive was then inserted into a office PC (which had no anti-virus protection), infecting the PC. Because the virus was "network aware", it infected every other computer in the users local area network, including the unprotected server.
2. "I have an anti-virus program on my computer, so I don’t have to worry about getting any sort of infection…"
Anti-virus and Anti-malware software should be set-up to update at least daily. Using safe computing practices is also important, however. When using due diligence computer viruses, like the biological ones, are always in a constant state of change. There are morphed ones and new ones all the time. Often these are ahead of the best efforts of the anti-virus/anti-malware software manufacturers.
Just because you have the software doesn’t necessarily mean that you have it configured to properly protect your system(s). This should be reviewed regularly.
3. "I have a password on my server and on all of my office computers, so I don’t have to worry about
my system being compromised."
Having an obvious password is as bad as having no password at at. Hackers try the most obvious first, then religious references, common pet names, and then common surnames and last names.
Even if you are password protect, this won’t protect you from a virus infection.
Some common sources of virus and malware infections are:
CD/DVD ROM drives.
USB thumb drives.
Ipods, and Cell Phones.
Shared directories on a network.
Music and video downloads, or image files. Images can contain hidden code or image files can be code files renamed.
Emails with embedded hyperlinks to a malicious web site.
Unpatched operating system and application software programs.
Web pages at social engineering sites such as You-Tube, Facebook, MySpace, etc.
Hacked links in news feeds and advertisements on news sites and on-line retailers. URLs themselves can contain a hidden code payload.
Specially crafted malware websites that are crafted to look like a legitimate website. Sometimes these sites designed to capitalize off of a misspelling made by a user trying to go to a legitimate website (e.g. sears.com v.s. sear.com).
Automated scripting in utilities such as Java, Adobe Flash Player, Real Player, etc.
Most, ideally all, of these sources of viruses can be handled by MalWare software CCS recommends. To have your system security reviewed, please contact the CCS Retail Systems Support Department.