Internet Acceptable Use Policies – Hold Your Employees Accountable!

Most organizations require employees to sign and acknowledge some form of “Internet Acceptable Use Policy,” and most employees comply once they sign. But what about those who don’t? Do you know who they are? The problem is most organizations have no way to ensure employees comply with the policy until it is far too late. A company today can be severely damaged, or even worse, put out of business if someone accidently discloses proprietary or confidential information. Losses can also include employee or customer personal information or more importantly customer credit card numbers. Barnes & Noble customer credit card information was compromised by hackers just this week! Attackers planted software on computers to capture customer credit card information when they swiped their cards to make a purchase.

So how do you ensure Internet use compliance? Easy: deploy web content filtering.

There are number of beneficial reasons to deploy web content filtering: malware prevention, increased security, legal liabilities, regulatory compliance reasons or simply to monitor employee use of the Internet. The growing use of social networks like Facebook and Twitter has enhanced the need for organizations to ensure that company policies are followed and to reinsure the company’s reputation is continually safeguarded.

The most important goal for implementing any web content filtering solution is reducing the risk browsing the Internet introduces. Having an effective web content filtering solution in place that aligns itself with your internet acceptable use policy will ensure that you are protected from a security and legal standpoint and will improve the productivity of your employees. Web content filtering is one of many features built into EarthLink’s Hosted Network Security product. Go ahead and Contact your EarthLink representative today to learn more.

Are You Prepared for a Disaster?

What if you lost your entire IT infrastructure in a matter of hours, would your business survive?

Disaster recovery planning is essential to continue business operations after disasters occur. This could be anything from a prolonged power outage to a total infrastructure loss caused by catastrophic events. The goal of disaster recovery is to limit the effects of a disaster and take the necessary steps to ensure that the resources, personnel, and business processes are able to continue operation after a disaster occurs.

If you don’t currently have a plan in place, here are some things to think about:

  • Determine the minimal amount of downtime your business can sustain during a disaster and design your plan around it.
  • Disasters can be anything from a virus breakout to damage caused by server weather.
  • Get executive leadership buy in and perform a Business Impact Analysis to identify risk, and determine critical business processes necessary to run your business.
  • Identify a disaster response team made up of key members of critical business units.
  • Document critical infrastructure and business components and make sure key data is backed up and stored in an alternate location.
  • Keep important contact information and a list of 3rd party venders, in a safe place, if the services they provide are critical to your business.
  • Continually test your plan and modify it as necessary.

Disaster recovery planning is not only about recovery but also about prevention. Make sure critical systems are configured for full redundancy and high availability.  Have multiple electrical feeds and system power backed up by a UPS and generator. Make sure servers and desktops are patched and virus software is up-to-date. All of these items are preventative measures that can help minimize your disaster risk.

Remember that business needs, and the threats to your business, are constantly changing. All of these items will affect your disaster recovery plan, so it is important that you revisit it anytime a significant change is made. Good luck!

If you are interested in learning more about developing an effective disaster recovery plan, contact your EarthLink representative.


Free Software Download: EarthLink System Scanner

Is your computer brand new?

If not, it’s probably not fully optimized, not working as quickly and efficiently as it could be.

Is your computer fully secure?

If you’re not sure, you may be at risk of viruses, spyware, hacking, or identity theft.

No, our intention is not to scare you or to be negative.

EarthLink System Scanner - free download

We’ve actually got something positive for you. And it’s free.

It’s the new EarthLink System Scanner.

After a quick, free download, this simple program scans your PC and provides a detailed analysis of security and performance issues you may want to address (I found over 500 issues when I ran it on my own relatively new PC).

Why run it? Because the first step to a faster, safer computer experience is knowing the status of your system.

Some of the issues the EarthLink System Scanner identifies may be easy for you to fix yourself manually. If there are others you are unable to fix, click the Fix All button to see recommended software programs that can easily make these fixes for you.

The EarthLink System Scanner requires Windows 7, Vista or XP, and the download is approximately 7MB.

Learn more and download the free scanner.

Phishers and Scammers are Getting Smarter…Are You?

Most of us have heard of the term phishing and have probably been attacked by it more than once. Phishing is attempting to acquire information from users while posing as a trustworthy individual in an electronic communication.  “Phishing” generally refers to attacks in your email inbox, but there are three others to know of: vishing, smishing, and whaling.

“Vishing” is a phishing attack on your VoIP (voice over IP) phone.  If you don’t have a VoIP phone then you are not at risk, as land lines are not susceptible to this kind of attack. Like phising, a message sent to a thousand possible emails, vishing is sent to a thousand possible VoIP phones.  Vishing happens when victims receive voice messages asking to contact their bank about fraudulent bank account activity.  The attack is successful when users call the number and are then prompted by voice commands to enter personal information, or they are connected with someone appearing to be a bank representative. Providing information can then lead to stolen credit card numbers, or full-on identity theft.

“Smishing” is a phishing attack on your mobile phone via text messaging or Short Message Service (SMS) messaging.  Same concept as above, text messages are sent to your phone asking you to go to a website or call a number where you are met by someone attempting to steal your personal and critical information.

Finally, “whaling” is a specified attack on senior business leaders.  These attacks are more specific, as scammers are doing their homework and compiling business email addresses, job titles, direct telephone numbers, and reporting employee names of business executives and compiling direct attacks over email.  Executives are prone to fall to these attacks as the information in the emails leads them to believe the messages are legit.  The email message may contain and attachment or point executives to a website, where once clicked, a program is downloaded to the user’s PC and confidential information is then compromised.  This attack is a little different as the scammers are not only interested in obtaining personal information on the user, but are also after confidential and proprietary information of the company.

A lot of successful phishing attacks go unreported because the victims don’t want to appear gullible enough to be stooped by these attacks.  Sometimes we throw logic reason out the door and fall, even though we think we are too smart to do so.  Continue to delete the emails, but also remember to delete the voicemails and the text messages.  And remember, if you have a small suspicion that something isn’t right, it probably isn’t!

EarthLink IT Services offers numerous security services to protect against these attacks.  Check out our security service product suite HERE!