IT Decision Makers Are Challenged with Mobile Security and Compliance

IT Decision Makers Are Challenged with Mobile Security and Compliance

The digital landscape is alive with change, particularly when it comes to the proliferation of mobile devices (BYOD) in the workplace. The dawning of this phenomenon began as far back as 2009, when the phrase first took hold, becoming, as CIO notes, the ‘New Normal’ in 2013:

“CIOs can thank mobile device management vendors for pushing their messages of compliance to business users and, as a result, helping bring IT into the discussion as a BYOD enabler.”

Cisco: More control of the cloud network is needed

In fact, a Cisco survey of 4,000 IT decision-makers worldwide noted the need for more control of the cloud network with the ever-increasing array of mobile devices, smartphones and tablets in the workplace. 

However, along with this general acceptance of BYOD in the workplace, 82 percent of those surveyed were concerned about compliance and security requirements.

Following the ‘moving’ mobile device!

For example, aligning departmental needs with a company’s BYOD policies creates new challenges: If an employee who uses his/her’s own mobile device switches to a new device, how is sensitive info to be tracked and stored? Worse, what happens to that data if the person leaves the company?

Cisco notes savings with BYOD in the workplace

Are these concerns lessened when the economic metric is added in? According to a recent Forbes overview on BYOD devices, Cisco notes a typical savings of $350 annually…per employee.

Still, concerns persist about ‘security’ when it comes to mobile strategies. As Forbes notes:

“Security is one concern for there are undeniable risks in permitting employees’ access to corporate resources from personal devices, and indeed the dangers posed by malicious applications and viruses will discourage many organizations from implementing BYOD.”

Contact us to learn how our managed services can help protect your cloud network. We really focus on your business needs before recommending our managed service options—clients love our proactive approach.

A ‘Disaster Recovery’ Plan Begins with a ‘Risk Assessment’.

a disaster recovery plan begins with a risk assessment

Forbes in a recent overview of business emergency/contingency plans, challenged stakeholders with this question “Is your business prepared for the worst?”

Prepare for ‘Disaster Recovery’

For companies operating without a written Disaster Recovery or Business Continuity Plan (BCP), a disruption caused by hardware failures, building fire or flooding can greatly impact efforts to promptly resuming ‘business as usual.

While such strategies may be more commonplace in big business, DR plans are often overlooked by smaller companies. Unfortunately, without a written plan in place a small—or even temporary—disruption can delay recovery.

Getting operational quickly and efficiently requires the strategic planning and foresight of a BCP (Disaster Recovery Plan)…to improve responsiveness by the organization, minimize confusion, and ensure clear decisions are made during a time of crisis.

Getting the C-Level Suite On-board!

Today, more companies are creating DR plans to make sure their operations return to full operational-mode quickly. Notably, and in what could be a clarion call to begin the process, IT folks are turning more-and-more to their ‘C-level’ stakeholders for the ultimate buy-in. As Information Age noted: 

It is therefore vital that IT leaders effectively communicate the latent threats to the ‘C-Suite’ – the top executives at that organisation – to successfully address the weaknesses that may exist and be fully prepared to respond when they happen.

The ‘Business Impact Analysis’

The first step toward establishing a DR plan is to audit the company’s vulnerable assets. This ‘Risk Assessment’ ( ‘Business Impact Analysis‘) generally will include the network’s hardware, all programs, and applications critical to maintaining the business.

Most importantly, the plan should assign specific roles for team members; also, who would have the go-ahead to spend if equipment needs replacement. Moreover, everyone should be on board with the assigned authority throughout the recovery process.

Contact us to learn how our proactive, Backup & Recovery services can bring the continuity you need to keep your organization up and running in during small or large emergencies.

Auto Complete Passwords: Safe or Dangerous?

auto complete passwords safe or dangerous

Auto-complete for passwords is a feature commonly used in browsers today. It is a mechanism that allows usernames and passwords to be automatically entered into a web form. Only around 20% of US internet users have unique passwords for each online account. Many people have to manage dozens of different passwords and see auto-fill as a convenient feature that cuts down on time. Others use a dedicated application to manage passwords outside of the browser. However, this is much more dangerous than many realize.

A hacker can easily trick the browser or program by placing an invisible form on a compromised web page. 

MARKETERS TRACK TOO

Surprisingly, this is not only done by hackers. Digital marketers often deploy this trick to track what websites users visit. AdThink and OnAudience are both known to do this. Their goal is gathering data for marketing purposes, but IT professionals warn it would not be hard for them to steal passwords as well. 

ONE EASY AND EFFECTIVE WAY TO IMPROVE SECURITY

It is quite simple to disable auto-complete in a browser. Privacy settings in most browsers can be easily accessed and the auto-complete disabled within a minute. Below are instructions to accomplish this. 

For Chrome users: Go to the Settings window, go to Advanced, and then disable under Manage Passwords.

For Firefox users: Go to the Options window, click the Privacy tab, then under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”

For Safari users: Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

 Unfortunately, this is just one way hackers can get your information. Modern organizations with advanced technology require more managed measures against hackers.  

Contact us today at BluWater Tech for around the clock security assistance

You vs. the Hackers – Small Business Security

you vs the hackers small business security

Small Business Security

Large business data breaches such as last year’s Equifax hack always make headlines, but small and medium-sized businesses are also vulnerable to data hacks unless they put thoughtful security measures in place.  Even smaller businesses typically hold private information about their employees such as SSN, date of birth, family members, and other private information that hackers love.  Other private data such as email addresses, credit card and banking information, and other information about clients is typically gathered and stored by smaller businesses, just like major corporations.

In some cases, hackers deliberately target smaller businesses in the hopes their security defenses are not as robust as some of the larger targets.  In this post, we will outline some potential weaknesses that smaller businesses need to address so they can prepare a hacker-proof plan that will help safeguard them against potential threats.

PoS Systems

If your organization uses a point-of-sale system, unless properly secured, a hacker can try to use it to make unauthorized credit card charges.  These types of systems come with preloaded software that is easily hacked into through an unsecured access point.

Unsecured Wi-Fi

Some smaller businesses like to offer public Wi-Fi access in the hopes of garnering more customers.  However, this type of access should never be used to conduct any real corporate activity.  If an organization wants to offer public Wi-Fi, that’s fine, but employees need to understand they should never use it for work-related activities even if secure company systems are down temporarily.

Website

Hackers especially like to target websites that gather credit card and other personal information.  They might also attempt to find loopholes allowing them to gain access to company databases.

Email

Hackers still attempt to confuse employees by creating seemingly legitimate emails in an attempt to convince them to click on links leading to malicious sites, or to impart private company information to untrustworthy sources.

Other Hardware

If the only thing between corporate data and a hacker is a four-digit password on a mobile device, the potential for hacking is enormous.  Especially if businesses do not enforce password policies, access to company data may be as easy as entering “1234” in a screensaver.  Hackers also look for vulnerabilities in servers and PCs in order to steal admin passwords and/or inject malware.

Clearly, every business needs to ensure a thorough IT security solution is part of the bedrock that forms their company foundation.  For more information on a total security solution, please contact us.

 

How to Keep Your Business’s Mobile Devices More Secure

how to keep your business mobile devices more secure

Security is both an online and physical concerns, even for mobile devices. More and more employees have laptops, tablets, and phones for their business tasks, and this is even truer for small businesses. If you’re worried about how secure your company’s devices are, here’s how to cover both angles.

What’s the physical threat to mobile devices’ security?

Phones get stolen. They also get lost. No matter how vigilant your employees you are, eventually a phone or tablet will go missing; up to 95% of security attacks are through stolen mobile devices or proximity-based phishing, which makes the devices themselves the weakest point in any defense.  This means you have to protect more than your business’s network: you have to protect what’s tapping into the network, too.

How can you protect your data from physical break-ins?

One option is to use a mobile device as a connection point only. Keep all of your files in a cloud that doesn’t require any downloading, and make sure all work is done through online portals. If your employees can comfortably get their work done through a browser or a protected app without turning to local storage or offline programs, then there’s nothing on the phone to steal.

Another option is to use security as a service programs. Using sign-in systems that use devices in tandem make a single stolen device useless. You can also use programs that allow you to remotely wipe lost devices once they’ve been reported so any cookies, caches, and data are out-of-reach.

Physical security of technology used to be easier when you had a single office with a privately owned server and desktop computers.

But mobile devices and working on the go are all but required to keep up with your competitors, so go to Bluwater Technologies to get started on closing gaps in your security.