Friday, September 04, 2009

Gmail Security

There are a few things you really should do if you use Gmail that will make it more secure (and more convenient).

First, log in and then click the Settings tab as shown.

Now scroll down to the bottom and check the "Always use https" option.
This will help keep people from spying on you at public WiFi stations like McDonalds, Starbucks, or the library.

Now for the more convenient part...
You can actually check Gmail in your own e-mail program! You don't need to log into the website, or to download some special Gmail only software to get the "you have mail" pop-up.

Click on the "Forwarding and POP/IMAP" link.

Down at the bottom, again you will find the "Enable IMAP" option. Turn that on.
Then follow the instructions in the Configuration instructions shown as step 2 in the image.
make sure you always select SSL as the connection method. (on port 993)

DO NOT cheat and select the gmail option in Thunderbird if that is your mail client. That will set you up with unencrypted POP mail. Trust me you want SSL encrypted IMAP. In fact, no matter who you are getting your e-mail from, you want SSL, or better yet, TLS encrypted IMAP. POP is so 1994. (and if you run it unencrypted you are enabling "Big Brother" maybe I should have said it's so 1984.)


If you don't know what PCI-DSS is and you run a business that takes credit cards you need to read this:
Click for a free PDF copy

The Payment Card Industry (PCI) Data Security Standard (DSS) is something you have already agreed to, and MUST follow. Does your bill for your merchant account include a line about non-compliance fees? This is what it's about.

GFI LanGuard

There are all kinds of different network vulnerability scanners out there, but the best bet for small businesses is probably GFI Languard.

The reason? It's simple and it's free.

It is an easy to use Windows based program, so no need to learn or install Linux to use it.
It is absolutely free if you have 5 or fewer IP addresses (computers) to scan.
It is free for a 30day trial if you have more than 5 IPs to scan.

Wednesday, September 02, 2009


VirusTotal is a free service that lets you check a suspicious file against 35 different Antivirus tools.
If you get an e-mail attachment that you really are not sure about, and your own AV doesn't see a problem, you can check it here and know with some certainty that at least no other AV vendor sees the problem.