This is default featured slide 1 title
This is default featured slide 2 title
This is default featured slide 3 title
This is default featured slide 4 title
This is default featured slide 5 title
 

Monthly Archives: December 2016

Mobile Device Management

Visions of kicking back and working from the beach with a piña colada in one hand and an iPad in the other are no longer just flights of fancy for many workers. Businesses are finding that it really is possible for employees to work remotely on their own devices without losing any productivity.

As a result, many companies are measuring the benefits of employees working remotely against the logistical issues inherent in developing a mobile device management plan.

There are many tangible benefits of BYOD (Bring Your Own Device), including:

  • Reduced equipment costs
  • Increased employee satisfaction and efficiency
  • Decreased IT staff burden (since employees maintain their own equipment)
  • Reduced office space square footage (as workers are mostly off-site)

The risk in BYOD is that these devices can potentially expose security vulnerabilities not directly supervised by IT staff or addressed by corporate antivirus solutions. This is where the need for mobile device management comes in.

A new landscape of threats

Tablets and smartphones are arguably less secure than desktop PCs and laptops because they lack pre-installed malware protection. Most computers include at least a trial version of an antivirus suite, but for the newest mobile gadgets, individual users and IT managers are on their own to search for and install mobile endpoint security management.

This vulnerability has not escaped the attention of hackers, who unleash creative new threats like SMS text messaged-based attacks on a daily basis. The old-school virus, while still annoying, does not hold a candle to the damage caused by these new approaches in cybercrime, which include more sophisticated Trojans, keyloggers, phishing attacks and malicious apps than ever before.

Maintaining security while not breaking the bank

Enforcing a ban on these devices is a near impossibility, but there are options for businesses on a tight budget to maintain security:

  1. The first cost-effective step is to immediately establish protocols regarding these devices in the workplace, including guidelines for acceptable use, forbidden applications and how to avoid dangerous activities, such as browsing certain questionable sites while connected to the company’s Wi-Fi.
  2. Next, evaluate your current solutions to see if they can be modified to protect BYOD devices through password enforcement, remote wiping or other protective measures.
  3. If the quantity of devices or sensitivity of data requires a more robust solution, explore whether the use of Mobile Device Management (MDM) software makes sense. MDM provides a centralized platform to manage all BYOD devices and is recommended if IT personnel are spending an inordinate amount of time securing tablets and smartphones – or if the sheer variety of devices and new threats tests their expertise.

Main components of an effective MDM program

If you determine that an MDM service is appropriate, how do you choose one? Use the following as a mini-checklist to cover the major recommended features:

  • Cloud-based, so updates are automatic and painless
  • Remote configuration and monitoring
  • Passwords, blacklists and other security policies enforcement
  • Backup/restore functionality of corporate data
  • Logging/reporting for compliance purposes
  • Remote disconnection or disabling of unauthorized devices and applications
  • Scalable, so new users and increasingly sophisticated devices can be accommodated easily

Many businesses are only just becoming aware of the burgeoning BYOD trend and the necessity of protecting mobile devices. Small- and medium-sized businesses without large IT staff and corresponding big budgets need a solution that protects them as much as the larger companies. Fortunately, the MDM trend is heading towards more affordable and easier-to-manage solutions, which is great news no matter how big or small your company is.

A Review of Bluetooth Attacks and How to Secure

Bluetooth is best known as the wireless technology that powers hands-free earpieces. Depending on your point of view, people who wear them either:

a) Look ridiculous (especially if shining a bright blue LED from their ear);
b) Appear mad (when apparently talking to themselves); or
c) Are sensible, law-abiding, safety-conscious drivers.

Whichever letter you pick, insidious security issues remain around Bluetooth attacks and mobile devices. While most of the problems identified five to 10 years ago have been straightened out by now, some still remain. And there’s also good reason to be cautious about new, undiscovered problems.

Here are a few examples of the mobile security threats in which Bluetooth makes us vulnerable, along with tips to secure your mobile workforce devices.

General software vulnerabilities

Software in Bluetooth devices – especially those using the newer Bluetooth 4.0 specification – will not be perfect. It’s unheard of to find software that has zero security vulnerabilities.

As Finnish security researchers Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi demonstrated in 2011, it’s easy for attackers to discover new, previously unknown vulnerabilities in Bluetooth devices. Potential impacts could include charges for expensive premium-rate or international calls, theft of sensitive data or drive-by malware downloads.

To combat this threat: Switch off your Bluetooth when you’re not using it.

Eavesdropping

Bluetooth – named after the Viking king, Harald Bluetooth Gormsson, thanks to his abilities to make 10th-century European factions communicate – is all about wireless communication. Just like with Wi-Fi, Bluetooth encryption is supposed to stop criminals listening in to your data or phone calls.

In other words, eavesdropping shouldn’t be a problem. However, older Bluetooth devices use versions of the Bluetooth protocol that have more security holes than a tasty slice of Swiss. Even the latest specification (4.0) has a similar problem with its low-energy (LE) variant.

To combat this threat: Ban devices that use Bluetooth 1.x, 2.0 or 4.0-LE.

Denial of service

Malicious attackers can crash your devices, block them from receiving phone calls and drain your battery.

To combat this threat: Again, switch off your Bluetooth when you’re not using it.

Bluetooth range is greater than you think

Bluetooth is designed to be a “personal area network.” That is to say, devices that are more than a few feet away should not be accessible via Bluetooth.

However, you’re not safe if you simply ensure there’s distance between you and a potential attacker; hackers have been known to use directional, high-gain antennae to successfully communicate over much greater distances. For example, security researcher Joshua Wright demonstrated the use of such an antenna to hack a Bluetooth device in a Starbucks from across the street.

To combat this threat: Once again, switch off your Bluetooth!

Bluetooth headsets

Wright has also demonstrated serious flaws in many popular Bluetooth headsets. By exploiting these vulnerabilities, attackers can eavesdrop on your conversations with the people around you, not just your phone calls. Built-in hands-free car kits can also be vulnerable.

The device becomes, in effect, a mobile bugging device, transmitting everything it hears to an attacker.

To combat this threat: Make sure you change the default PIN code to something hard to guess. And yup… switch off the headset.

5 Elements of a Good BYOD Enterprise Program

Employees are increasingly using their own devices as the mobile workforce grows in importance. A Computing Technology Industry Association study found that 84 percent of professionals surveyed use their smartphones for work, but only 22 percent of their companies had a formal mobility policy. The upshot of this mobile shift is that corporate networks will be increasingly vulnerable, unless these devices are reined in with a BYOD enterprise program.

If your company lacks a mobility policy, consider incorporating the following five elements into your BYOD program to save time and money.

1. Include clear, written rules

Eliminating risky end user behavior through clear BYOD policies saves IT expenses right off the bat. Some of the most salient points to cover in writing include:

  • Prohibited devices, such as jailbroken phones
  • Blacklisted applications
  • Procedures for lost or stolen devices, including the possibility of wiping out all data on a device
  • Privacy disclosures, such as what personal information the enterprise has access to on a device

Some of these issues, like whether the company can legally wipe out data on a device they do not own, should be cleared with your human resources and legal departments to minimize the risk of lawsuits.

2. Make sure it’s formally presented

It is not enough to have employees sign off that they have read the policies – formal classroom or online training is recommended to ensure comprehension and compliance – especially for less tech-savvy workers who might not understand that seemingly innocent actions can expose the company to risks.

3. Ensure that it’s scalable and flexible

Make sure your security software can be painlessly installed on new devices. Cloud-based services do this particularly well and are typically available on a per-user subscription model, which saves money by protecting only what is needed at any given time.

Also, consider exceptions to rules, such as allowing peer-to-peer networking programs for certain users who might benefit from these tools. Otherwise, employees may risk bypassing your security protocols in order to use forbidden applications.

4. Secure against the greatest number of threats possible

Risky behavior such as opening email attachments from strangers or visiting dubious sites on BYOD devices should be addressed in the written policies and further safeguarded via antivirus software.

There are other exploits to be aware of, which might not be as obvious, such as fake antivirus scanners that users might innocently install, and social engineering (or phishing) threats. A good endpoint protection program will keep employees up-to-date on these lesser-known attack vectors and continually inform them on how to best protect their devices. This does not require much expense but does involve staying abreast of threats and implementing a solid communication plan.

5. Allow for remote monitoring and control

You have to have a degree of oversight over which BYOD devices are accessing your corporate systems. This is where a third-party mobile device management tool (MDM) can pay valuable dividends. MDM services provide benefits such as malware blocking, policy enforcement, logging, encryption and remote wiping, all from a single, centralized platform.

In summary, leveraging the benefits of BYOD while minimizing potential pitfalls is a tightrope act, but the BYOD trend can’t be ignored. Each business must strive to develop a program to protect its systems and data from breaches, while allowing workers the freedom and convenience they seek.

The Benefits of Outsourcing Your IT

Just a few short years ago, the image of an IT department for small and medium businesses was one of Dilbert-looking technicians noodling around with Cat 5 cable and speaking in a blend of Klingon and Robot. In other words, IT seemed completely remote, complicated and inaccessible to most employees. Additionally, each new hardware and software deployment, including installing malware protection, could take weeks to manually implement across the enterprise, and rarely went smoothly.

One solution – outsourced IT – has found greater acceptance in the past few years as its benefits have become more tangible to even small businesses. It is estimated that globally, 74 percent of companies use some form of outsourced IT solution, up 25 percent from 2009.

Cost savings

Moving IT off-site can save an SMB thousands of dollars per year. As most business decisions are predicated on the bottom line, this is often the main driver in the decision to migrate. Areas of savings include:

Reducing hardware expenses. Servers, storage, cabling, cooling, and datacenter square footage expense can now be on a cloud vendor’s dime, not yours.

No salary or benefits expenses for IT employees.

Potential tax savings by converting capital expenditures (servers), that depreciate slowly over time, to a monthly cost which can potentially be deducted in the current tax year.

The latest software versions – hassle-free

Outsourcing IT means software, including malware protection for endpoints, can be updated automatically by the provider. This obviates the need for a local tech to run around taking workstations offline for upgrades.

Furthermore, updating software not only unlocks newer features, but also closes exploits in older versions that might allow hacker penetration. So it’sworth exploring any platform that can make this process painless and automatic, such as a cloud service.

Focus on your business, not technical issues

Anyone who survived working in Corporate America from the 1980s onwards is familiar with the spectacle and lost productivity that accompanies the proverbial “system going down.”

When outsourcing IT to the cloud, this nightmare occurs less often as data is often distributed redundantly across many servers that are monitored constantly, leading to greater stability and uptime, and less worrying about IT matters.

Improved security

Reputable outsourced IT providers are dead serious about security against malware, zero-day hacks and other intrusions and constantly monitor and update their protection schemes.

For most SMBs, outsourcing will provide a more frequent and secure back-up solution than their existing IT setups. Furthermore, as the data is kept off-site, it is well- protected from a local catastrophe, such as a fire or flooding.

No new employees to manage when scaling up

Scalability is easy with outsourced IT – simply contact the vendor for more storage, memory and processors as needed. There is no longer any need for job postings, interviews, expensive training, personality clashes, worker’s compensation or other common HR issues and liabilities just to get tech personnel to handle the increased operations.

Instead, you can focus your payroll budget on production or sales staff that directly drive revenue.

How to move to the cloud

Prior to outsourcing your IT, draw up a migration plan. Then study the stability and security reputation of outsourcing providers before trusting them with your mission-critical data. Malware protection is increasingly important, so discuss solutions with each candidate to explore what steps they take in the event of a breach.