We’d like to see as many consignment and resale stores start 2014 out on the right foot. It is not an impossible task to better-secure your systems and while there is no silver-bullet, it’s a relatively straight-forward set of tools that can drastically help secure your systems. After all, if your computers aren’t cooperating, it can have a major impact on your business.
Consignment and resale shops spend a lot of time online searching for pricing and pictures, as well as working on social media. This puts consignment stores at the front-line of where malware and unwanted software can make its way into your systems.
OpenDNS is a service that provides web filtering, which helps prevent bad or unwanted websites from being accessed by employees. From malware after searching for “free image editing software” to browser infections/search redirects, one of the first places that should be filtered are the websites your computers can access.
In addition to blocking known-malware sites, adult content sites, etc. OpenDNS also lets you block or allow specific websites, as well as view reports of your store’s Internet and search activity.
Once you have registered for an OpenDNS account, all you’ll need to do is update your router’s DNS Servers.
The *thing* you browse the web with is commonly referred to as a Web Browser. On Windows-based computers, Internet Explorer is the default/included browser. On Macs, Safari is the default browser. You do not have to use the included browser and you can generally have a safer browsing experience by switching browsers.
Two popular alternatives are Firefox and Google Chrome. While we utilize each browser for a variety of purposes, we typically recommend Firefox to our clients. Installing an alternative web browser alone, is not enough to make browsing online safer. We work with a lot of clients whose browsers are infected with search redirects and other hijacks, yet they felt they were protected from this simply by using Firefox or Chrome.
We feel we can better-secure our clients systems with Firefox. With Firefox, along with the plugins we outline below (i.e. NoScript, AdBlock Plus & Public Fox), you can establish a first-line of defense as you browse the wild wild web.
Firefox is free and open source. Once installed, we also recommend enabling Do Not Track.
When you click a link and visit a website, by default, that website can do quite a bit of things – all without you knowing. It’s sort of like letting anyone just come in to your house and start going through your things. Better is it to take the approach that no website is trusted and only those on your Allowed list can load.
NoScript makes this process very easy, providing you with a quick ‘Allow’ of a website you trust and plan on visiting more than once. NoScript also does a great job of picking-out the other 3rd party websites that are loading in the background, as well as other types of active content which can harm your computer.
Ads are not only a visual annoyance, they are a common source of malware. Even popular, trusted websites can have compromised ads which can load malware and malicious content on unsuspecting users’ systems.
We love AdBlock Plus. Combined with NoScript, you can have a safe, controlled, clean web browsing experience and help keep your systems clean long before malware even has a chance to run.
Once installed, be sure to enable AdBlock Plus’ anti-malware features, as well as disable the ‘Allow some un-intrusive ads’ option.
Now that you have your Firefox installation secured and configured to your liking, wouldn’t it be nice if you could protect those settings from being changed?
With Public Fox you can. Public Fox essentially treats the web browser as though it’s in-use on a ‘public’ computer. You can password protect your Options and block downloads.
By no means is this alone meant to be a way of protecting a system, but Public Fox can help curb unwanted changes and downloads to your systems.
Non-Admin User Accounts
By default, when you purchase a Windows-based computer, the only user account will have full Administrator access. If you do not configure at least one user account for yourself and/or the store, you’re granting full control of your computer to your employees and whatever they might stumble upon out there on the web.
It is best-practice to not utilize a full admin account and instead, log in with a Standard User/restricted account. This can help prevent major changes to your systems, such as installing/uninstalling software.
We also recommend taking this one step further and on Professional versions of Windows, configuring Group Policy to lock-down additional aspects of the system – e.g. prevent printers from being deleted, etc.
With many systems using default configurations @ Administrator accounts, Internet Explorer, and no antivirus, computers without Patch Management are just sitting ducks.
Security holes in commonly used programs such as Adobe Reader, Adobe Flash, and Java are frequently and actively exploited. These programs do not automatically update and regularly require user intervention to make sure they are updated + system rebooted. With even two computers in a consignment shop, just keeping programs patched and updated can quickly become a challenge.
Emails with fake PDFs or Word Docs are commonly the source of these sort of attacks and with many email providers not filtering-out messages like this, un-patched systems are waiting to be compromised.
The the combo of OpenDNS + Firefox + NoScript + AdBlock can benefit users of all platforms. Most of what you do is online these days and for many, the web browser is all they use their computer for. Browser infections/hijacks impact users of ALL platforms.