(PD) Cybersecurity for Small Business Roundtable - May 16, 2011.
Copyright©2017-2018 December 01, 2017 - ipdated August 03, 2018
Trouble-shooting Security Problems
I purposefully dig, scrape, and test to find problems where other people do not see a problem — it's my job. In my business I have been finding and fixing other people's problems most of my life. I have had over 10,000 computer/electronics customers in the tri-state area, many of which were repeat customers. I watched as new problems arose with new solid state devices, more problems arose with integrated circuits, more problems arose with LCD displays, more problems arrived with computer networking, and countless other problems have popped-up that have now evolved into the very serious problem of Internet security.
Although I had begun servicing computers and networking in the early 90s, in 2001 and later years I passed several FBI background checks to acquire licensing by the Texas Private Security Bureau to service minimum to maximum security systems at city, county, and state government agencies, as well as for major corporations, banks and data centers. Fifteen years ago there was not much concern for networking security because relatively few individuals had the skills and equipment to cause problems, and the individuals with the skills were usually 'white hat' people you could trust.
Ah, the good old days. ;-)
Fast forward to today: the Internet is now saturated with criminals. Over 99.9% of all emails I receive are from scammers, and about the same can be said for telephone calls (I keep the ringer turned off now). One online mega-retailer is known to sell pirated videos and music (I counted roughly 50% of sales from the retailer to be pirated). The world's #1 music, video, and book provider openly ignores copyrights while making money selling stolen rights and stolen personal data (you know who they are, and you also know why I cannot publicly state their name). Many software companies now openly talk about how they steal your private data and that you ought to thank the thieves: the companies claim that stealing your private data is 'to help you'.
And there is no enforceable law nor social standard to stop the growing online security threats.
Security Problems in Computer CPUs
Many of the old problems of solid state devices and integrated circuits never got solved by the manufacturers. Intel®, for example, has security problems with its CPU Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) (Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update). Vulnerable CPUs include 6th, 7th, and 8th generation families, Xeon® E3-1200 v5, v6, Scalable, W, Atom® C3000 and E3900 series, Apollo Lake Pentium™, and the Celeron™ N and J series. Reports state that computers with the affected Intel CPUs can be hacked remotely even if the computer is turned off. Intel will surely fix the problem in time, but at present the only plausible security solutions are to unplug the computer or to use a computer that does not have the affected CPUs. For myself, I prefer to physically unplug computers because it is a permanent security fix that cannot be remotely overridden.
FYI, since around 1994 I myself have only used AMD® CPUs in all of the new computers that I have built. AMD is not perfect either, but as a whole, AMD has been the favorable choice.
Security Problems at the Highest Level
The new problems are rising faster than they can be fixed, and as far as the Internet goes, at this point it no longer appears possible to fix the problems until the day that the Internet permanently goes offline. My article at Hacked Websites & Security gives additional information of how some of the major corporations are having their websites hacked — costing the corporations millions to billions of dollars each — but for the moment I want to talk about the Cybersecurity Roundtable: Protecting Small Businesses web page on the FCC website. "...with leading industry executives and government experts in cybersecurity and information technology. American small businesses have generated sixty-four percent of net new jobs over the past fifteen years, helping to lead our nation’s innovation and economic growth. In a rapidly evolving virtual marketplace, where each cyber-attack costs small and medium sized businesses an average of nearly $200,000, business owners must vigilantly protect against information security risks that result in billions of dollars in lost revenue. However, many businesses continue to struggle to understand and implement available solutions."
Linked from the previous page is Prepared Remarks of Chairman Julius Genachowski, Federal Communications Commission, Cybersecurity and Small Business Roundtable Commission Meeting Room, May 16, 2011 which states "A recent study found that having a broadband connection makes a $200,000 a year difference in median annual revenues for businesses, by helping them reach new markets and increasing productivity."
The two documents were written about the same Cybersecurity conference, but one document states a median $200,000.00 per year financial advantage of a business using the Internet (which is not a realistic dollar value if all businesses were included in the tally), while the second document states that there is an average loss of $200,000.00 per year for businesses using the Internet (the paper likely intended to imply that the 'average hacked small and medium business lost $200,000.00', but the vaguity is par for government documents, and the actual dollar value of $200,000.00 seems implausible, or else I really need to raise my rates for fixing hacked business computers!! ;-) ). The actual details discussed at the conference are unknown, but the documents' conflicting profits and losses are good illustrations of how alleged 'facts' are often simply invented and/or cherry-picked to support whichever point of a view that an individual wants to use to support their own interests.
Security 'Experts' are not Equal
Similarly as how the FCC has often presented itself within a less than professional understanding of the topics that FCC regulates, many cybersecurity websites do not themselves follow any security practices. The FCC's own website downloads scripts and spyware from other domains that the FCC has no control over, which is a no-no for security, especially for the visitor's security and privacy. I could rant for hours about the FCC's failures on several topics including electromagnetic radiation safety guidelines: I'm grumpy that way, but that's my job. ;-)
Known 'cybersecurity' websites are infested with scam ads, scam pop-ups, and spyware. The websites have little or nothing to do with security: the websites only exist to make money by pushing ads onto visitors.
Users of the Firefox® and Opera® browsers can install the Disconnect extension that can block and show the ads and scripts that exist on each web page. A typical 'cybersecurity' website page may have dozens to hundreds of scam scripts that invade the users' privacy while also being a potential source of malware. I have seen a web page that had over 4,000 ads that were blocked by Disconnect.
I do not use any scripts on my websites that could harm a visitor's privacy or security. I also do not permit scripts to be inserted into my customers' websites unless the customer specifically requests the scripts. If I believe that the script poses a security risk, then I will refuse to insert the script.
The bottom line is that I practice what I preach.
The problems are easy to point to, but not always possible to fix. One thing that can be easily fixed is a business website's security. A website ought to be built with security, not have mish-mash security patches added later. And this is what I do for my customers, I build websites that are as secure as possible, and cost as little as possible. In today's world we might be forced to be online, and we might strongly rely on having a web presence, but those are not reasons to be careless about website security.
Click Here to Contact Me by Email
Copyright©2018 by Larry Neal Gowdy. All rights reserved.
Updated August 03, 2018