VAR Roundtable: Only End Users Can Stop Security Breaches

With the rise of off-site storage and customers accessing sensitive information on more devices, end users are finding themselves increasingly vulnerable to everything from malware to hackers.

"As more and more people put more and more of their stuff online on the cloud … there are going to be more security breaches," said Larry Gold, owner of Computer EZ in Rutland, Vt.

The solution providers participating in a CRN roundtable discussion at D&H Distributing's New England Technology Show in Quincy, Mass. said little can be done to stop naïve or inattentive end users.

[Related: Investment In Data Breach Responders Lacking, Study Finds]

"The number one anti-virus program on the market is the end user," said Richard Trahant, co-owner of Land Customer Systems in Peabody, Mass. "No software is going to beat the end user."

Trahant said there's no software that can block viruses from entering the system if customers allow it in by opening infected files.

"They will click on anything," said Jeanette Movsesian, owner of Microcosm in York, Maine.

Trahant encouraged VARs to schedule meetings with company executives and educate them on how destructive a security breach could be to their bottom line.

"We don't see people more concerned about it, but we do see more people getting hacked," Gold said.

Gold wondered how many breaches would be required before some of these businesses opt for a password of longer than four letters.

Dave Hodgdon, owner of PCGIT in Portsmouth, N.H., urged companies in the financial, medical and legal sectors to implement firewalls and complex passwords.

Yet Gold said many employers who opt for a more complex password end up writing it on a scrap of paper and misplacing it, resulting in a futile call to the VAR for password recovery help.

He and others recommended restricting access to vulnerable websites with little business function. Gold said employees shouldn't need access to Java, while Sue Trahant, co-owner of Land Computer, said employers should prohibit workers from visiting Facebook on company devices.

The solution providers also cautioned against conducting company business on Gmail, with one attendee calling it the biggest source of security breaches on the internet.

Another attendee -- who declined to be identified when speaking on this topic -- said VARs should urge customers to get away from Gmail and instead opt for a secure communication service. A secure system, though, wouldn't be free like Gmail, the attendee said.

Efforts to infiltrate user systems, however, are no longer limited to the computer.

NEXT: The Latest Phishing Efforts Rely On Old Technology To Wreak Havoc

Movsesian said she has at least five customers -- often elderly -- coming to Microcosm each week reporting they've received a call from someone claiming to be from Microsoft who alleges their security has been compromised, and then asks for personal financial information.

Gold reported seeing similar phishing efforts in Vermont, while Trahant said the phone spamming is usually being carried out from Indian call centers.

Much to solution providers' dismay, surprised callers are often fooled and fork over their credit card number. Movesian urges anyone who's fallen victim to this scam to cancel their credit card immediately.

Meanwhile, the use of encryption has really ramped up over the past two years, said Hodgdon, who recommended that all major work systems be encrypted since employees will often bring documents home on a thumb drive.

Companies should also make sure they have the most current mobile operating systems, Hodgdon said, as well as managed antivirus and spam filtering.

As security problems multiply, solution providers said these services constitute more of their business.

EZ Computer has seen a sizable increase in diagnostic and malware removal requests, said technician Adam Berg, while security revenue has been consistently growing at PCGIT, Hodgdon said.

And Microcosm has specialized in malware removal since it opened in 1995, Movesian said.

But the security field is fraught with challenges for unfamiliar solution providers, said Pat Donovan, D&H's senior director of inside sales.

Any VAR looking to enter the field needs to understand failsafes if the system doesn't work as expected, Donovan said, as well as the impact of transitioning from analog to IP security.

PUBLISHED AUG. 15, 2014