The practice of email encryption (turning a message into code before sending it beyond the network) has become standard protocol for the majority of email transactions today. This practice can be seen in both the private and public sectors, but it is especially prevalent within public organizations - where 83% of federal agencies have policies allowing employees to encrypt emails.
Since mobile devices such as tablets and smartphones contain their own native IT security measures, some business leaders and IT managers question the need for the additional security that can be provided by a mobile data management system. The simple answer to this question is that mobile data management programs can serve to both enforce and provision the native security present on handheld devices. A more nuanced answer, however, would point out that MDM products could produce an "integrated security" environment in which mobile devices become not only more secure, but also far more useful to the organization.
With electronic payments now outnumbering cash transactions, the Point-of-sale (PoS) system hack is becoming a more common in the world of cyber crime. In recent years, there have been several high profile cases including the notorious $10 million Subway PoS breach, where at least 150 franchises were targeted, as well as the breach of Barnes & Noble, where credit card readers in 63 stores were compromised. Almost all modern businesses now make use of an electronic PoS systems, and with the hacking of these devices on the increase, it is more important than ever to take appropriate steps to secure your customers’ data.
According to a recent draft of mobile security guidance from the National Institute of Standards and Technology (NIST), businesses should seriously consider the deployment of software that can provide centralized management for mobile devices. This recommendation appears in "Guidelines for Managing and Securing Mobile Devices in the Enterprise," also known as Revision 1 of NIST Special Publication 800-124. The draft guidance goes beyond a mere recommendation of such IT solutions; it also provides detailed suggestions that SMBs can use to help them select a centralized management program for mobile devices, as well as guidance with regard to installing and using such a system.
Internal IT security personnel at SMBs may have their work cut out for them when it comes to integrating the newest version of Microsoft Office into existing security procedures. According to Microsoft, Office 2013 represents a significant departure from the traditional IT risk management paradigm. According to the company's recently released security overview of the product, Office 2013 presents companies with "a fundamental change from computer-centered identity and authentication to user-centered identity and authentication. This shift enables content, resources, most recently used lists, settings, links to communities, and personalization to roam seamlessly with users as they move from desktop, to tablet, to smartphone, or to a shared or public computer."
Firewalls remain a critical component to every business' IT security posture. Much like a firewall in a physical building, they are designed so that if one part of the network is under attack, other systems on the same network are able to remain unharmed. Let's look at some interest facts about firewall protection that give weight to their importance.
Small and medium-sized businesses trying to create and maintain systems that will meet HIPAA standards for privacy and IT security may have their work cut out for them. Initial audits have been conducted this year, with more still scheduled to take place, but according to the audit protocol itself is likely to evolve in response to the findings from the program so far. According to Linda Sanches of the Office for Civil Rights, the protocol itself is a "living document".
Odds are if you aren't one of the million cloud users already, you've figured out that this whole cloud computing trend is probably worth looking into. One of the first things you'll run across when you begin your search for information is the choice between public versus private clouds. Sure, each of these cloud types has its own advantages. But when you look at all the angles and filter each solution using your specific needs, you may reach the same conclusion as many other SMBs; a private cloud computing network is safer and more reliable in the long run than a public one.
Research in Motion, the producer of the BlackBerry smartphone suffered a blow last month when Yahoo! offically switched all employees a new iPhone 5, Samsung Galaxy S3, HTC One X, HTC EVO 4G LTE, or Nokia Lumia 920, including a company-paid data and phone plan. Yahoo! will also discontinue IT support for the BlackBerry.
In the press release announcing the popular decision, new Yahoo! CEO Marissa Meyer wrote, "We'd like our employees to have devices similar to our users, so we can think and work as the majority of our users do."
Most Yahoo! employees are happy with the switch, more than ready to get rid of their BlackBerrys, which have been waning in popularity for some time now. Most have praised the decision, but some IT security experts are questioning the safety of these devices over the uber secure BlackBerry.
BlackBerry vs iPhone vs Android Smartphones -- Which Is More Secure?
BlackBerry is and remains a highly secure mobile device platform. It was originally designed with corporate-grade security in mind, and RIM has worked hard to maintain that focus with all of the new versions of the BlackBerry operating system.
The BlackBerry 7 OS was recently rated the "most secure OS" in a report by software security specialists Trend Micro. Blackberry 7 scored 2.89 out of a possible score of three, with the iPhone 5 OS coming in a distant second with a score of 1.7, and the Android 2.3 OS coming in at the bottom of the heap with a security score of just 1.37.
The report praised the BlackBerry 7 OS both for its robust security-conscious design and the ease of use in the set up of security features. The iPhone was mentioned positively in that it did allow easy app "sandboxing," and because it does not include any type of removable storage (always a major security risk). The particularly low score that the Android 2.3 OS received was due to the fact that although "sandboxing" of apps was possible, it was very cumbersome, so the majority of users did not bother. This, of course, is a major security vulnerability, and hopefully most corporate users will be savvy enough to know to keep their apps out of their OS.
Although earlier versions of the iPhone OS were notably lacking in security features, the iPhone 5 OS offers users all of the security basics. An iPhone 5 is probably secure enough for your needs, but there are definitely some risks involved. Some analysts have questioned Yahoo!'s timing of the switch to smartphones in terms of security, possibly exposing themselves to security risks by pulling the trigger too early. The iPhone OS 6 is rumored to include several major security upgrades.
If the highest level of security is vitally important to you, you can feel the most secure with a BlackBerry.
Want to learn more about mobile security and how it can affect your business? Contact iCorps today.
Encryption -- turning a message into code before sending for security reasons -- has become standard protocol for sending the majority of email transmissions today. This trend can be seen in both the private and public sectors, but it is especially the case in the public sector, where 83% of federal agencies have policies allowing employees to encrypt emails.
While this sounds like a positive development, unfortunately, encryption is a double-edged sword. Encrypting messages does add a significant level of security, as encrypted messages have to be unencrypted, which takes time and makes them much less valuable to hackers. But emails that users encrypt at their desktop before sending cannot be subjected to any kind of content verification by network security, which makes it almost impossible to trace unauthorized data transmissions. In practice, the encryption that is used to guarantee the security of data actually becomes a method to send unauthorized data undetected through the email gateway.
The Encryption Conundrum
This encryption conundrum puts IT managers between a rock and a hard place. Nobody wants to give up the high level of security provided by encrypting employee emails, but IT security experts almost all say that significantly more unauthorized data is lost from networks by email than flash drive, disc or any other method.
The problem is just going to grow as more businesses and agencies move to encrypting most or all of their email traffic. A recent study suggested that over 80% of IT security managers were concerned about loss of sensitive data through encrypted email.
Advanced Email Security Technology
The only way to effectively solve this encryption conundrum is with advanced email security technology. Thorough training of employees on encryption protocols and other software analytics methods will help control the loss of sensitive data through encrypted emails, but these measures will not thwart a smart and resourceful individual.
To be sure that no one is sending out unauthorized data in encrypted emails, IT managers must have the ability to unencrypt files before they are routed to your Exchange server for outbound transmission. This is obviously a more laborious and time consuming process, but protocols can be set up so that only certain messages or a certain percentage of messages are unencrypted before outbound transmission.
This kind of advanced email security takes some significant expertise to set up properly. Federal agencies will likely staff up their IT departments and take on the task in-house. But that idea can be a little daunting for small and medium-sized businesses. Small and medium businesses should consider working with a high-end local IT services provider to get the results they want. Learn more about how to secure your email from a data leak.