Helping you Piece IT Together

 

Home Previous About Us Our Services Whitepapers Resources Newsletter Links News Contact Us Search
 

Visit Our Blog

 


 

 

Issue September 2006

In this month's issue of our Security Watch Newsletter we provide a follow up to the recently held seminar on Identity Theft, update you on some of the latest happenings at BH Consulting and outline what a mule scam is.  We also draw your attention to some forthcoming EU legislation, focus on some of the initiatives in combating Phishing attacks, outline the Top 5 reasons for data security breaches and highlight Microsoft's latest patch to address the VML vulnerability.

 

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

 Focus IrelandSupport Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland.  Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy.  The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to  campaign and lobby for the rights of people out-of-home and the prevention of homelessness.  No sum is too small and all is put to excellent use.

BH CONSULTING NEWS
 Identity Theft Seminar as part of Global Security Week
As part of this year's Global Security Week initiative BH Consulting, in partnership with Vigitrust, sponsored a free seminar on Identity Theft.  The seminar was a resounding success with full attendance on the day.  Delegates heard excellent talks from the Garda Computer Crime Unit and the Garda National Bureau of Fraud Investigation, ENISA (the European Network and Information Security Agency) and also from the Companies Registration Office.  There is an excellent resource provided by An Garda Siochana to help you prevent identity theft, while ENISA provided free copies of their Security Awareness Guide.  The Companies Registration Office provided an excellent overview of their CORE system which companies can use to prevent corporate ID Theft.  Finally, as part of Global Security Week 2006 the team behind this years event have created a comprehensive guide to the best links on Identity Theft and made it available on the Global Security Week website.  Presentations from the seminar will also be soon available on the Global Security Week website.

BH Consulting Advises Ireland AM Viewers on Identity Theft
Brian Honan, Senior Consultant with BH Consulting, recently appeared on the Ireland AM show on TV3 advising viewers on how best to protect themselves against Identity Theft.  Brian provided details on what measures to protect your identity and prevent it from being used by criminals.  That advice is outlined below;

AVOIDING IDENTITY THEFT
* Beware of giving out email address
* Use a special email for shopping
* Only buy from sites with a clear privacy policy
* Use a Strong password
* Be careful of mailing lists
* Keep records of all transactions so you can verify them against your statements

FRAUDULENT EMAIL PHRASES
* ''Verify your account''
* "Respond within 48 hours or your account will be closed"
* "Dear valued customer"
* "Click the link below to gain access to your account"

IF YOU ARE A VICTIM OF INTERNET THEFT
* Notify financial institutions
* Change passwords
* Notify relevant websites
* Request a credit report
* Contact the police

WWW.BHCONSULTING.EU Launched
BH Consulting are happy to announce the launch of our .EU domain, www.bhconsulting.eu .  Having a .EU domain name enables you to protect your company brand, products and/or trademark.  It also opens your company to access to a wider audience.  If you wish to register your own .EU domain name you can do so by checking the European Registry of Internet Domain Names.

BH Consulting To Address NITEs Seminar
This year the 5th annual National IT & eSecurity Summit takes place at the IMI Conference Centre on the 8th and 9th of November.  Brian Honan will be giving a talk on "Improving Security - Incident Response".  Further details of the conference is available here.

BH Consulting Interviewed about Recent Phishing Attacks and Mule Scams
With the recent spate of phishing attacks against Irish banks, Brian Honan was interviewed by TV3 evening news to explain how people can fall victim to these type of attacks.  Brian was also interviewed by the Irish Independent on the same topic and how people can protect themselves from the increasing number of mule scams. 

Mule scams are named after the drug mules used in drug smuggling.  The basis of the scam is that criminals need to transfer money they have fraudulently gained from Phishing scams etc. to their own bank accounts.  The criminals need this to happen in such a way to leave no trace back to them.   The criminals send out emails looking to recruit people to act as agents for a legitimate looking company.  These emails look like legitimate job ads and often link to a website that also looks legitimate.  The "job advert" is looking for people to act as agents for the company and to process transactions on behalf of the company.  The potential employee could be given a scenario where they are told they will be collecting money from customers and forwarding that money by wire transfer to the "hiring company's" account.  All potential employees need to have is an email address and a bank account.  Money from "customers" is transferred into the "employee's" bank account and the "employee" then transfers that money, minus a commission, to the criminals bank account or most likely via Western Union.  The first thing the employee knows about the scam is when the police call at their door.

BH CONSULTING WEBSITE UPDATE
 We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of whitepapers available for download free from our white papers page;

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES
 European Commission Proposes Data Breach Notification Legislation
The European Commission has published proposals for new legislation that will require telecom companies to notify customers and regulators of any breaches in security resulting in the personal data of customers being exposed.  Similar laws exist within the United States which have resulted in an increase in the number of breaches being reported... Click here for more info.

ISSA Ireland Calls for More User Education
With the increasing number of phishing attacks the Irish Chapter of the Information Systems Security Association has called for consumers to be better educated on identifying and preventing Phishing attacks.  With reports of stolen IDs available for £1 on certain websites, the issue of ID Theft will continue to be a major concern.  Recently, a number of Irish banks have come together to form the High Tech Crime Forum... Click here for more info

Top Five Reasons for Security Breaches Identified
A recent publication by the US Chambers of Commerce and VISA has identified the top 5 reasons for security breaches in companies.  The report outlines the reasons for the breaches and provides recommendations on how companies can prevent these breaches.  While the report does focus on credit card merchant companies, four out of the five points are applicable to all companies.  Click here for more info

Microsoft Release Patch for VML Vulnerability
Microsoft have deemed the VML vulnerability to be serious enough to warrant issuing a patch to address the issue outside of their normal patch cycle (the first Tuesday of each month).  The fact that Microsoft has deemed this vulnerability critical enough for them to rush out a patch should be enough to indicate to you that this patch should be deployed in your environment as soon as possible.  If you have an effective patch management processes in place it should cater for emergency patch deployment, but remember to ensure the patch is tested adequately before deploying it. ... Click Here for more info

FREE SECURITY SCAN
 In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting.  If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here.  To unsubscribe click here

Home | About Us | Our Services | Useful Resources | Contact Us | Corporate Responsibility | Disclaimer | Privacy | Blog
Copyright © 2005 BH IT Consulting Ltd.