Network Security
Far too often, news of data breaches is accompanied by details of the failures in network security that allowed a hacker access to confidential data. Many of these failure are avoidable with adequate precautions such as a spam email filter and mechanism for controlling access to the Internet.
Almost as many breaches in network security can be attributed to poor employee training. Password sharing, unauthorized downloads and poor online security practices can result in hackers gaining easy access to a network and extracting confidential data at will.
It has been well chronicled that hackers will bypass organizations with strong network security and turn their attention to fish that are easier to catch. Make sure your organization does not get caught in the net – implement appropriate web filters and educate your employees on the importance of network security.
Apr 7, 2013 | Cybersecurity News, Network Security
What is a hacker?
Hackers are commonly referred to in print media and Internet reports, and are often viewed as either criminal masterminds intent of wreaking havoc and causing chaos, or bored (but highly skilled) teenagers with nothing better to do with this time.
However, a hacker is just an individual who is familiar with computer software and who is able to find and exploit security weaknesses in computer systems. Should you conduct a search on the internet for HTML Injection, you would find a great many websites that explain how to use this technique to gain access to websites. If you were to follow the instructions, you would essentially be a hacker. Just, not a very good one.
Not all hackers are bad, not all lack a conscience, and many are not motivated by money. Some are highly talented individuals who want recognition for their computer skills or just want to protest about something. Hackers have been known to break in just to prove a point. It is morally reprehensible that board members are taking huge amounts of cash out of the business, but are jeopardizing the privacy of their customers and leaving them exposed to Identity theft.
Some companies even employ hackers to test their systems. These “ethical hackers” or “white hat hackers” perform an extremely valuable job. It is far better to have an employee attempt to hack a computer network to find vulnerabilities in order to fix them, rather than have a malicious outsider break in and steal data. Facebook has, and does, hire programmers for this purpose, and even runs an annual hack-a-thon.
The rise of the everyday hacker
The leading company in the field of application security testing, Veracode, produces an annual security report that assesses the state of software security. The company’s researchers investigate security trends and makes predictions about how vulnerabilities could potentially be exploited.
In this year’s State of Software Security Report the company has predicted there will be a rise in the number of “everyday hackers” over the next few years. These “have-a-go-hackers” will not be highly skilled computer geniuses. They will be normal people who decide to have a go at hacking. As previously mentioned, there is a lot of information on the internet, and many techniques do not require a great deal of computer skill to pull it off.
A “SQL injection” search on Google will reveal 1.74 million search results. Not all of those websites will give step by step instructions on how to do it, but some do. Currently, according to the Veracode security report, 32% of web applications contain security flaws that could be exploited by SQL injection. These flaws are not hard to identify, and are actually quite easy to fix. Many companies do not even test for them.
Hacking is increasing and data breaches are occurring much more frequently
More than half of data breaches are caused by hackers breaking into systems to steal data (or stealing data once they have broken into a system for other reasons). In 2011 and 2012, Veracode calculated that 52% of data breaches came as a result of web intrusions.
Interestingly, software is now being installed to tackle these vulnerabilities and far fewer security holes typically exist. The problem is more people are now looking for vulnerabilities to exploit.
Veracode found that unsecure software was the largest root cause of data loss. Its researchers discovered that 70% of software used by organizations does not even comply with enterprise data security policies.
Unless organizations take a more proactive approach and address these vulnerabilities as a priority, hackers will exploit the security holes and sabotage systems, hold companies to ransom, and steal data. To prevent data breaches, action must be taken and taken fast.
Mar 3, 2013 | Cybersecurity Advice, Network Security, Web Filtering
Many people are willing to use the Internet to commit fraud. Identity thieves try to get website surfers to reveal their personal information, hackers break through defenses to steal credit card numbers and bank account information, and scammers head online in the tens of thousands. Saboteurs spread viruses and criminal gangs are using spear phishing campaigns to get the information they need to empty corporate bank accounts. The Internet can be a very dangerous place indeed.
There were more than 1 million victims of online identity fraud in 2012
A recent study conducted by market research firm Javelin Strategy and Research, indicates more than 1 million victims of identity fraud were created in 2012 than the previous year. That means one in three Americans have now become victims of online fraud. An incredible 12.6 million people have been affected by online fraud in the United States alone. In fact, a new victim of identity fraud is created every three seconds.
Cybercrime is extremely profitable. In 2012 alone, more than $21 billion was lost to cybercrime.
People are engaging in high risk activities online
One of the main reasons why we have experienced such a dramatic upturn in cases of identity fraud is a lack of security awareness. When connecting to the Internet, many individuals fail to realize they are entering a potentially dangerous place. Because of ignorance of the risks, many people fail to take precautions and do not protect themselves.
Would you walk down a street in New York City waving a big bundle of cash in front of you? Would you leave your credit card in a phone booth? Of course not. Yet people do equally risky things online. They provide their bank account details to criminals and enter their credit card details into online forms without checking whether the website is legitimate. They even store all of their intimate information on their laptops, Smartphones and tablets, and then leave those devices in cafes, unlocked automobiles, on trains and on buses.
These things can and do happen, but when it comes to online fraud, the biggest threat to security comes from social media websites.
Social media websites carry a major risk of identity fraud
Most of us have done it. Uploaded a photo to Facebook, posted intimate details of our personal lives, accepted a request from a “friend” we barely know. Some people post virtually every aspect of their lives online: What they had for breakfast or cooked for dinner, where they have been, who they bank with, etc. All of this information is incredibly valuable. Just ask Facebook. The company doesn’t charge users for having an account. Facebook makes money from selling your data to advertisers. They are not the only people who are interested to find out about you. Identity thieves also want your information.
It is easy to get a name from a social media account, also an address. Your birth date is not hard to obtain. What other information have you posted online since you joined Facebook and Twitter?
If someone had access to your accounts, do you think you would be an easy or hard target for an identity thief? How about the complexity of your password? Is that shared across websites? Is it easy to guess if someone knows the name of your pet? Or your child’s date of birth?
The fact is that most people are easy targets and engage in risky behavior. Even celebrities are major targets for hackers and thieves and have had their accounts hijacked. There is a lot of information in cyberspace about you that can easily be obtained by a hacker or criminal with a little time and a modicum of skill.
Fortunately, it doesn’t take much effort to protect yourself. All you need to do is adopt some basic “best practices” when using social media websites and while surfing the net.
Best practice tips to avoid becoming a victim of identity fraud
With a new case of identity fraud happening every three seconds it is vital that you take steps to protect your identity. Otherwise it will only be a matter of time before you become a victim. Possibly only 3 seconds!
Don’t reveal your private and confidential information on Facebook or Twitter
Think before posting. Does the information in your post reveal a little too much about you? Do you trust ALL of your Facebook friends? Do you even know the people who follow you on Twitter? Is your post appropriate for everyone on your friend list? Ask yourself these questions and make sure you use your restricted lists carefully and regularly check your Facebook privacy settings.
Have you made yourself an easy target?
Have you locked all of your devices with a password? Do you store passwords and login information on your computer? Are those files protected with a password? Do you ever access PayPal or your bank accounts via an insecure network? Do you always check that a website starts with https:// (not http://) before entering sensitive information? Remember, the Internet can be a dangerous place!
A Play Store mobile app is not necessarily safe
When you download an app to your mobile phone, do you read the list of data that you are giving that app access to? Do you trust the manufacturer of that app to keep your data secure? It is a pain reading all of the small print, but make sure you know what data you are potentially providing.
Your Smartphone is an encyclopedia of information
Be careful about the data you share online via your Smartphone, and for heaven sake don’t leave it anywhere where it can be stolen. In case of theft, you may compromise your entire email account, your WhatsApp conversations, access to your bank account and much more. Make sure you use a strong password, activate the lock function, don’t automatically connect to Wi-Fi networks and never leave Bluetooth on when it is not necessary.
Mobile phones are insecure
Be exceptionally careful about divulging any information via a mobile phone. That means text messages and phone calls, not only apps and Internet sites. Before disclosing information ask yourself why does the person or company need it? Who are they? How will your data be used? Are you volunteering data? If so, why?
How quickly would you know that you had become a victim of online fraud?
Do you check your bank account frequently? How about PayPal? Your credit card balance? How long would thieves have before you realized you had become a victim. It is not only financial information that can be used to commit fraud. Do you check your health insurance Explanation of Benefits (EoB) statements for signs of fraudulent insurance claims? Do you obtain free annual credit reports from Experian, Equifax and TransUnion?
It is easy to become a victim of online fraud but many people do not regularly check to find out if they have become a victim.
You have become a victim of online fraud! What do you do?
A quick response can limit the damage caused. Act fast.
- Call your bank and credit card provider and place a credit freeze on your accounts
- Change all of your passwords
- Report social media account hacking to the provider of the service
- Obtain credit reports to find out how badly you have been affected
Report all cases of online fraud to the relevant government and law enforcement agencies.
Feb 20, 2013 | Internet Security News, Network Security
Bring Your Own Device (BYOD) is increasing in popularity. Employers love it: They can leverage the power of Smartphones, tablets and laptops, without having to pay the huge cost of supplying the devices to all staff members. BYOD can lead to a major increase in productivity, improve efficiency, and the devices facilitate better collaboration. They make communication so much easier.
That said, they do raise a number of security concerns, so much so that many security experts believe the acronym should stand for “Bring Your Own Doom”, or “Breach Your Own Data.” By running such a scheme are you just introducing unnecessary data security risks? Would it be better to bite the bullet and supply mobile devices to exercise greater control?
Employees are not necessarily careful with corporate data stored on their devices
Employees engage in risky online behavior. They fail to implement even basic security controls on their own devices and are prone to losing them. If the devices are used to store corporate data, this is a major security risk.
Even with the risks posed by allowing the devices to be used at work, a Fortinet survey recently revealed 74% of organizations in the United States have adopted BYOD.
The survey was conducted on 3,800 employees, half of whom believed bringing their own devices to work was a basic human right. In actual fact is it a privilege. The figures would be surprising were it not for the fact that all of the respondents were in their early twenties, many of whom had only just started their first job.
Young adults, often referred to as Generation Y, are tech-savvy and have grown up in an environment with a myriad of electronic devices at their disposal. They are heavily reliant on this technology. This is good news as it means they are able to use a wide range of devices competently; they know their way around a computer and are easy to train. On the downside they are perhaps too reliant on their mobile devices and use them too much to communicate. Take those devices away and they are at a loss.
Employers have realized that this technical expertise can be leveraged to improve efficiency in the workplace. They are also the CEOs, CISOs and senior executives of the future, and their understanding of how technology can be used in the workplace is far better than current industry heads. Their knowledge of technology can be used to increase profits, connect with customers, and tap into new, lucrative markets.
It is no surprise that even with the considerable security risks, Generation Y is encouraged to use mobile electronic devices at work. There are, after all, great benefits to be had. Companies that do not allow use of the devices could well find themselves falling behind their competitors.
What is the real cost of BYOD?
Improved efficiency and productivity does come at a cost. BYOD has a major drawback. It can make it far easier for hackers and malicious outsiders (and insiders) to gain access to corporate data. This is a major problem, especially for smaller organizations that lack the big budgets of the likes of Sony, Microsoft, IBM and Facebook. They cannot devote as much money to improving cybersecurity defenses.
Large companies may be targets for cybercriminals and hacktivists, but smaller businesses are now being targeted with increasing regularity. The data they store may not be worth as much, but it is far easier to gain access to. Small to medium-sized businesses are fast becoming the primary targets for many online criminals.
How robust are your BYOD Internet and email security controls?
Interestingly, the Fortinet study revealed that 66% of respondents thought it was their own responsibility to keep their devices secure. Only 22% believed device security was the responsibility of their employer. While it is good news that BYOD participants believe they should take care of their mobiles and ensure they are kept secure, this does not let organizations off the hook. If the devices are not properly controlled and managed, they could all too easily lead to a data breach.
One problem highlighted by the research is Generation Y is happy to break the rules. Policies can be put in place, but it does not mean they will be followed 100% of the time. One of the most effective ways of managing BYOD is to focus on BYOD participants rather than the devices that are used to connect to corporate networks. A user-centric approach has been shown to work very well. If the user is effectively managed, they are empowered to keep their devices secure.
That said, security controls must be implemented by an organization. Policies must be developed covering data security, and users must be reminded of the risks posed by the devices.
Jan 3, 2013 | Cybersecurity Advice, Network Security
It will probably come as no surprise to discover the use of personal devices at work carries significant network security risks. Chances are your company may even have a BYOD policy in place that permits the use of personal devices in the workplace.
In an effort to quantify the level of risk posed by the use of these devices, a survey was conducted by Virgin Business Media. Respondents were asked questions about BYOD and the potential pitfalls. Network security was one of the main worries, and alarmingly, 51% of respondents revealed they had already suffered a security breach as a result of personal devices being used to access corporate networks.
The number of devices connecting to the network has an impact on the level of risk faced. The more devices that are allowed to connect, the greater the risk of one of those devices being used by a hacker to launch an attack on the network. Small to medium sized businesses tended to suffer fewer breaches as a result. The survey suggests 25% fewer.
These figures should not be taken to mean that small businesses are unlikely to suffer a cyberattack or experience a security breach. The risk from mobile devices will be reduced, but cybercriminals are now attacking small businesses with increasing regularity. Small to medium sized businesses may not store such large volumes of data, and they may not be as valuable to criminals, but the security defenses used to protect networks are much easier to circumvent. SMEs also tend not to employ as highly skilled IT security staff as the likes of IBM, Facebook and Google.
Take a Proactive Approach to Internet and Email Security
Many small to medium sized enterprises only implement robust security controls after they have suffered a major security breach. Many CEOs believe that they will not be targeted by criminals and do not require particularly sophisticated defenses. Unfortunately, many attacks are random, so SMEs actually face the same threats as larger corporations. They may not be targeted by teams of foreign government-backed hackers, but they are at risk of attack by other hackers and Internet criminals.
The FBI and National White Collar Crime Center formed the Internet Crime Complaint Center (IC3) as a single point of contact for victims of internet crime. IC3 receives reports from businesses and individuals who have become victims of online criminals. In 2011, IC3 received over 400,000 separate complaints from small to medium sized companies that had become victims of online criminal activity. The threat of attack is actually very real.
Given the high risk and the increase in internet crime, business owners need to face the facts. It is no good burying your head in the sand and hoping that it will never happen. It is time to implement security defenses to ensure that it doesn’t.
You may not want to introduce BYOD and have to deal with the risks, but if you do want to leverage the benefits of personal mobile devices and want to enjoy the increase in efficiency and productivity that BYOD promises, you will have to make sure appropriate security measures are installed. Otherwise you could be making your network a lot easier to breach.
Dec 18, 2012 | Cybersecurity News, Network Security
Unfortunately, IT security professionals have to deal with business managers. This is a problem that will never go away, but there is some good news. They may still be intent of slashing budgets and increasing the productivity of the workforce, but they are less keen about slashing IT department budgets. Many are now suggesting increases in operational budgets to deal with the increased risk of attack.
We are also finally seeing CEOs making the decision to implement good security measures to protect against malicious insiders and hackers. The days of having “good enough” security measures may finally be coming to an end. Attitudes on cybersecurity are changing at last, in no small part due to the cost of not doing so being hammered home. Highly publicized cyberattacks have helped in this regard. So have reports of stock prices tumbling after security breaches are suffered.
It is not only lone hackers that are attempting to break through firewalls and cybersecurity defenses. Groups of incredibly talented hackers are being recruited by nation states and are being put to work on highly sophisticated hacks on U.S. enterprises. With the backing of nation states, the threat level increases considerably. Robust defenses must be implemented to repel the attacks. Any organization that implements minimal cybersecurity defenses may as well place an advertisement in the Washington post inviting hackers to attack.
Cybersecurity attacks have been receiving a lot more press, in no small part due to the huge volume of data that hackers have been able to obtain. Corporate secrets, company accounts, information on personnel, customer data, medical records, Social security numbers, and much more have all been obtained. This information is subsequently sold to the highest bidder or, in some cases, simply posted online for all to see.
The potential damage caused can be catastrophic. Many small to medium sized businesses would not be able to survive such an attack, and even enterprise organizations feel the effect. The threat from these attacks has seen a much needed change in attitudes of the upper management and, while IT departments are not yet given all the money they need, the situation is certainly improving.
A recent survey conducted by ESG research suggests information security situational awareness and strategy is something that business leaders are getting much more involved with, according to 29% of respondents. This is a major improvement year on year. Furthermore, 40% of respondents said that over the past year, the executive management has become “somewhat more engaged” with these matters.
As more mega data breaches are reported in the news, and the true cost of resolving security incidents is calculated, we can expect engagement to increase more. Bigger IT security budgets should also be allocated to improve protection.
Dec 9, 2012 | Cybersecurity Advice, Cybersecurity News, Internet Security News, Network Security, Web Filtering
The festive period is almost upon us and, aside from having to deal with the wave of Christmas and New Year cybersecurity threats, it is a time to relax, reflect on the major security events of the year, and plan for 2013.
Lessons have been learned in 2012 and it is up to IT security professionals to ensure that the same mistakes are not made next year. 2013 is likely to see a wave of attacks, a great deal more threats, and many companies’ security defenses breached. Prepare adequately and your company is likely to avoid becoming another security breach statistic.
Online Security Threats from 2012
2012 was an exciting year, certainly as far as data mobility was concerned. Many companies have enjoyed the benefits that come from being able to access data from any location; on any device. Unfortunately, so have cybercriminals.
Widespread adoption of Bring Your Own Device (BYOD) schemes have made workforces much more productive, efficient, and happy. Unfortunately, mobile devices are being attacked with increasing regularity. Personal Smartphones, laptops, and tablets may represent the future of business, but they often lack the necessary security controls to ensure corporate networks remain protected. Cloud computing has also been adopted by many organizations, but not all have made sure their cloud applications are appropriately secured.
There has been an explosion in the number of social media websites. Use of the sites are more popular than ever before, and so are the threats from using the sites. As user numbers have increased, so have the types of malware being developed to exploit users of Facebook, Twitter, Pinterest and the myriad of other sites that have enjoyed an increase in popularity.
Up and coming platforms are being targeted as user numbers increase and established platforms such as Facebook and Twitter are honeypots for cybercriminals. Social media channels and mobile devices are likely to remain problematic for IT professionals charged with keeping their corporate networks secure. Unfortunately, IT security professionals have little control over personal devices, and it is very difficult to stop end users from using their social media accounts at work.
As cybercriminals start using new attack vectors with increasing regularity, security professionals must be alert to the new risks. Listed below are our security threat predictions for 2013. some of the trends that are likely to develop further over the course of the coming year.
Security Threat Predictions for 2013
SQL Injection attacks will continue to increase
There was a rise in the number of successful cyberattacks last year, many of which involved SQL injection – the use of Structured Query Language to gain access to corporate databases. Hackers were able to use this technique to hack into web servers and obtain user names and passwords from corporate databases.
Small to medium size companies are particularly vulnerable as they often do not have the resources available to address all vulnerabilities that can be exploited by SQL injection. However, even very large companies are at risk. In 2012, Wurm Online, a hugely popular online multi-player game, was hacked using SQL injection resulting in the site being taken offline. Yahoo Voices was also hacked using this technique and over 450,000 user logins were obtained by hackers. This attack was caused by “union-based SQL injection”. These attacks were made possible as basic web server mistakes had been made by the companies in question. Both attacks were avoidable.
Ransomware attacks will increase
The past 12 months have seen a rise in cyberattacks using ransomware. Users are fooled into installing malware on computers and networks which subsequently encrypts all company data. Company operations have ground to a halt, with no data accessible without a security key. Those keys will only be provided by the criminals if a ransom is paid. Companies have found they have no choice but to pay the criminals to unencrypt their data. In 2012, a number of hacked GoDaddy websites were discovered to be infecting users with ransomware.
Defenses against this type of malware must be improved. Install spam and web filters to prevent users from installing this malware, and ensure that all data is backed up and policies are developed to recover backed up files. A data breach response plan should be developed to ensure business-critical data is restored promptly.
Increase in amateur cybercriminals using attack toolkits
As we saw this year, you do not need to be a hacking genius to pull off a successful cyberattack. It is possible to rent an attack toolkit with a host of premium features to make it easy to use by virtually anyone. The Black Hole exploit kit is a good example.
Investment in these kits has helped improve their usability and many now include APIs, scriptable web services, reporting interfaces, and even mechanisms to protect the users of the toolkits. By improving the quality of the kits, talented computer programmers have been able to increase the number of individuals able to launch attacks on corporations. There is no shortage of takers, and the investment spent has been well rewarded. Expect more individuals to use these kits and the volume of email malware to increase.
Less damage from security vulnerability exploits
Security vulnerabilities are being discovered with increasing regularity and this is enabling security holes to be plugged before they can be exploited. Protection against exploits is also improving and the next 12 months is likely to see even more advancements in this area. A number of protections have already been developed and implemented to prevent attacks of this nature, such as address space layout randomization, sandboxing, data execution protection (DEP) and trusted boot mechanisms. It is expected to become harder for hackers to exploit security vulnerabilities, although the risk of attack will certainly not be eradicated.
New privacy and security challenges that need to be addressed
The rise in popularity of mobile devices, and the adoption of BYOD by many organizations, has seen data security risk increase substantially. Mobile devices contain numerous security flaws. The devices can be used to track victims with GPS systems and near field communication (NFC) allowing criminals to physically locate their targets. The growth in social media applications for mobile devices is likely to see even more devices compromised. Expect 2013 to see a wave of new attacks on mobile devices and security vulnerabilities in new technologies exploited.
Do you agree with our security threat predictions for 2013?
Oct 31, 2012 | Internet Security News, Network Security, Web Filtering
On November 1, 2012, SpamTitan Technologies will be releasing WebTitan 4.0, the latest version of the powerful web filtering solution for business customers. The new version includes a host of additional features to make it easier than ever before for system administrators to manage Internet usage in the workplace and protect their networks from malware, viruses and cyberattacks.
The latest version includes new controls to manage bandwidth, with advanced reporting features, delegated administration, full transport authentication, and SNMP support. SpamTitan Technologies WebTitan 4.0 also boasts improved white labeling options.
Proxy mode now offers full transparent authentication
When developing WebTitan 4.0, product developers took on board comments from users and incorporated a host of new features to make management easier. The result is the most user-friendly version released to date and includes augmented controls to ensure businesses are better protected.
WebTitan 4.0 offers full transparent authentication when using the product in proxy mode. Users are able to generate advanced reports, as opposed to previous versions when reporting options for transparent proxies was IP based.
Administration functions can be easily configured
New delegated administration functionality has been added to reduce the burden on system administrators. Now the administration of WebTitan can be passed over to any stakeholder in the organization. All controls can be easily configured and individual users can be granted reporting rights, policy management privileges with the option of setting reporting rights to allow individuals to issue Internet usage reports for specific users or user groups.
When administrator rights have been configured, it is possible for reporting and policy management responsibilities to be delegated to individuals who have a better understanding of the best web filtering policies for specific groups of users, ensuring much improved cross-organizational participation.
Ensure enough bandwidth is available for business-critical applications
The latest version offers a host of improved corporate Internet policy functions to ensure that sufficient bandwidth is always available for business critical applications, with the option of setting quotas to prevent wastage. A host of Internet services are now available which can suck up bandwidth, such as video streaming, Internet radio and other media-rich applications.
These services can cause Internet access to slow considerably and often bottlenecks are created that reduce productivity. The new version has far greater granularity that allows users to allocate resources more efficiently and make considerable cost savings.
As Internet functions have evolved, the management of web filtering has become much more complex. Managing users and user groups can therefore be a major headache for system administrators. One of the main aims with the new release was to ease the administrative burden on system administrators. Web filtering can now be managed much more efficiently.
SpamTitan Technologies WebTitan 4.0 includes more complex functions, yet the user interface and controls are more intuitive and easier to learn. CEO of SpamTitan, Ronan Kavanagh, said the latest version has been created to “ensure our customers get the best end user web experience while organizations are fully protected from all malware as it emerges.”
The latest version makes it easier to add company branding to WebTitan. White label versions can be supplied to allow businesses to add their own branding and create a web filtering solution that matches the look of other systems used by their organization. Full SNMP support is also now included.
Competitive Pricing and a 30-Day No-Obligation Trial
Licenses for WebTitan 4.0 can be purchased to suit the needs of the business. There is no need to pay for IP addresses that will never be used. WebTitan 4.0 has a flexible banded pricing structure. Businesses can just pay for the number of end users who require Internet access.
The new version of WebTitan is now available for download with the option of a 30-day no obligation demo license for new customers.
The full licensed product starts from only $850 (WebTitan for Vmware 4.0 /WebTitan ISO). Previous purchasers with current licenses are able to upgrade to the latest version for no extra cost.
SpamTitan Technologies
SpamTitan Technologies is a provider of web filtering and email security solutions for the enterprise. The company, based in Galway, Ireland, offers a comprehensive suite of software options for small to medium sized organizations that offer protection from spam, phishing and other email and web-based data security threats. Customers can implement solutions that can be tailored to the unique needs of their businesses and receive excellent protection from malware, viruses, phishing, Trojans, and spambot attacks. Users can also be prevented from viewing undesirable web-content using WebTitan secure Internet filtering solutions.
The company uses next-generation virtualization software that can be easily implemented, operated and maintained, without the need for expensive and unwieldy hardware. The latest versions of the company’s popular software give system administrators excellent versatility and flexibility. The enhanced functionality and protection capabilities of WebTitan 4.0 can also be provided at an extremely competitive price.
May 22, 2012 | Network Security
Many employees want to use their personal devices in the workplace. Personally owned devices are usually faster than the desktops supplied by employers. Employees know how to use the operating system, they have the software they need already installed, and it allows them to be more flexible about when and where they work.
These are all great benefits for employers. The power of new technology can be harnessed without expense, and productivity can increase.
Some may believe technology vendors are the driving force behind BYOD. It is true that vendors have embraced the BYOD movement and are pushing for their new devices to be used in the workplace. However, it is employees that are really driving the movement. They want to use their own devices in the workplace as it makes their lives easier.
Unfortunately for IT security professionals, keeping control of the devices is thought to be virtually impossible. The security risks introduced by personal tablets, Smartphones and laptops are numerous. BYOD is seen as a data security nightmare and a security breach just waiting to happen.
But what are the risks introduced by the devices? Are they as problematic as security professionals believe?
What are the problems with Bring Your Own Device (BYOD) programs?
- Many IT professionals dislike BYOD, but it is not only for data security reasons. Managing BYOD requires a considerable amount of planning and time. IT staff are usually pressed for time as it is, and that is without having to manage personally owned networked devices. Budget increases to manage BYOD are rarely sufficient and extra staff are often not employed to cope with the additional workload.
- Devices owned by employees must be allowed access to corporate networks. They are also used to store sensitive corporate data, yet those devices are taken outside the control of the company, used at home, taken to bars and are often lost or stolen.
- The devices can cause problems with compliance, especially in highly regulated industries.
- IT professionals must ensure data can be remotely erased, and protections are put in place to prevent the devices from being infected with malware.
- Another problem is how to make sure data can be removed from the device when an employee leaves the company. Controls must therefore be put in place to ensure data can be deleted remotely, and access to corporate networks and data must be terminated.
- If data is stored on the device, it must be configured to store personal data and work data separately. The IT department cannot remotely delete all data on the device. Some will belong to the user!
There are solutions to make BYOD work effectively. Work data can be stored in the cloud, instead of the device. This makes data management much easier. Policies can be developed to ensure security vulnerabilities are not allowed to develop. Management may be complicated, but software does exist to make the process much more straightforward and less labor intensive. Many software security solutions have been developed specifically for BYOD.
BYOD may require a considerable amount of planning, and will require budgets to be allocated to ensure the devices can be effectively managed; but, if the result is a happier and more productive workforce, the benefits than can be gained by employers are too numerous to ignore.
Mar 13, 2012 | Cybersecurity Advice, Network Security
You can purchase the most sophisticated software, implement multi-layered security systems, conduct regular system scans and use a host of other security products to keep your network protected from cyberattacks. Unfortunately, all it takes is for one individual to accidentally install malware and all of your good work has been undone. That individual is likely to be one of your company’s employees, not a hacker.
Common sense is one of the best defenses
You may not be able to install defenses that offer 100% protection against intrusions, insider threats, and malicious software, but we are sure you do your best with the resources you have available. You should install software systems to protect your network, email system and web browsers, but it is all too easy to forget that one of the best ways of protecting a computer, or the network it is connected to, is to use common sense. Unfortunately, when it comes to internet and web security, many employees have very little. Consequently, they must be taught how to act appropriately.
Some employees think they have a very secure password, but oftentimes is nowhere near as secure as they believe. It doesn’t contain any special characters, it lacks capital letters, and while it does contain numbers, only a 1234 has been added on the end. If you do not instruct employees how to create secure passwords, they will not.
You must also inform them that they must not share passwords across platforms. Sure, it is a pain remembering lots of different passwords, but if one is compromised they all will be. A recent survey conducted by Trusteer, a provider of fraud protection systems, highlighted how common this practice is. Their survey revealed that 73% of computer users use the same password to access their online bank account as they do for other online services.
You may have installed a spam filter to reduce the risk of employees falling for a phishing email. The spam filter catches virtually all spam and dangerous emails, and places them in a quarantine folder. The risk of a malware infection via email will be reduced to the minimal level.
Then not just one, but a number of employees go into the quarantine folder, and open an excel spreadsheet that has been quarantined as it is actually malware. Sometimes common sense disappears entirely. One company discovered that is exactly how hackers managed to gain access to a corporate network in 2011.
Not all scams and phishing campaigns are easy to identify
Sometimes a clever campaign is devised by cybercriminals to phish for information. Social media websites contain many examples of these. The British Royal Wedding last year saw one cybercriminal launch an interesting campaign to help access accounts with two-factor authentication. The scam was launched on Facebook, and you may even have seen it, or something about it.
The page helped you create your “Royal Name”. All you needed to do was enter in the name of your first pet, your grandmother or grandfathers name, and the name of the street where you grew up. The result could have been Tiddles Arthur Beddington. Not a particularly amusing name it has to be said, but the creator of the campaign would find it funny. Not only would those answers be helpful when attempting to guess passwords, they are also the likely answers to security questions used to gain access to internet banking websites. If your password and login name had already been compromised, you could have just given full account access to a hacker.
The importance of providing common sense training on internet security
You either have some common sense or you don’t, but when it comes to internet security, there will always be one individual who appears to have none. Make sure all of your employees are trained on the basics of internet security. Some will not know to act in a secure manner online.
