The practice of email encryption (turning a message into code before sending it beyond the network) has become standard protocol for the majority of email transactions today. This practice can be seen in both the private and public sectors, but it is especially prevalent within public organizations - where 83% of federal agencies have policies allowing employees to encrypt emails.
Since mobile devices such as tablets and smartphones contain their own native IT security measures, some business leaders and IT managers question the need for the additional security that can be provided by a mobile data management system. The simple answer to this question is that mobile data management programs can serve to both enforce and provision the native security present on handheld devices. A more nuanced answer, however, would point out that MDM products could produce an "integrated security" environment in which mobile devices become not only more secure, but also far more useful to the organization.
With electronic payments now outnumbering cash transactions, the Point-of-sale (PoS) system hack is becoming a more common in the world of cyber crime. In recent years, there have been several high profile cases including the notorious $10 million Subway PoS breach, where at least 150 franchises were targeted, as well as the breach of Barnes & Noble, where credit card readers in 63 stores were compromised. Almost all modern businesses now make use of an electronic PoS systems, and with the hacking of these devices on the increase, it is more important than ever to take appropriate steps to secure your customers’ data.
According to a recent draft of mobile security guidance from the National Institute of Standards and Technology (NIST), businesses should seriously consider the deployment of software that can provide centralized management for mobile devices. This recommendation appears in "Guidelines for Managing and Securing Mobile Devices in the Enterprise," also known as Revision 1 of NIST Special Publication 800-124. The draft guidance goes beyond a mere recommendation of such IT solutions; it also provides detailed suggestions that SMBs can use to help them select a centralized management program for mobile devices, as well as guidance with regard to installing and using such a system.
Internal IT security personnel at SMBs may have their work cut out for them when it comes to integrating the newest version of Microsoft Office into existing security procedures. According to Microsoft, Office 2013 represents a significant departure from the traditional IT risk management paradigm. According to the company's recently released security overview of the product, Office 2013 presents companies with "a fundamental change from computer-centered identity and authentication to user-centered identity and authentication. This shift enables content, resources, most recently used lists, settings, links to communities, and personalization to roam seamlessly with users as they move from desktop, to tablet, to smartphone, or to a shared or public computer."
Firewalls remain a critical component to every business' IT security posture. Much like a firewall in a physical building, they are designed so that if one part of the network is under attack, other systems on the same network are able to remain unharmed. Let's look at some interest facts about firewall protection that give weight to their importance.
Small and medium-sized businesses trying to create and maintain systems that will meet HIPAA standards for privacy and IT security may have their work cut out for them. Initial audits have been conducted this year, with more still scheduled to take place, but according to the audit protocol itself is likely to evolve in response to the findings from the program so far. According to Linda Sanches of the Office for Civil Rights, the protocol itself is a "living document".
Odds are if you aren't one of the million cloud users already, you've figured out that this whole cloud computing trend is probably worth looking into. One of the first things you'll run across when you begin your search for information is the choice between public versus private clouds. Sure, each of these cloud types has its own advantages. But when you look at all the angles and filter each solution using your specific needs, you may reach the same conclusion as many other SMBs; a private cloud computing network is safer and more reliable in the long run than a public one.
Research in Motion, the producer of the BlackBerry smartphone suffered a blow last month when Yahoo! offically switched all employees a new iPhone 5, Samsung Galaxy S3, HTC One X, HTC EVO 4G LTE, or Nokia Lumia 920, including a company-paid data and phone plan. Yahoo! will also discontinue IT support for the BlackBerry.
In the press release announcing the popular decision, new Yahoo! CEO Marissa Meyer wrote, "We'd like our employees to have devices similar to our users, so we can think and work as the majority of our users do."
Most Yahoo! employees are happy with the switch, more than ready to get rid of their BlackBerrys, which have been waning in popularity for some time now. Most have praised the decision, but some IT security experts are questioning the safety of these devices over the uber secure BlackBerry.
BlackBerry vs iPhone vs Android Smartphones -- Which Is More Secure?
BlackBerry is and remains a highly secure mobile device platform. It was originally designed with corporate-grade security in mind, and RIM has worked hard to maintain that focus with all of the new versions of the BlackBerry operating system.
The BlackBerry 7 OS was recently rated the "most secure OS" in a report by software security specialists Trend Micro. Blackberry 7 scored 2.89 out of a possible score of three, with the iPhone 5 OS coming in a distant second with a score of 1.7, and the Android 2.3 OS coming in at the bottom of the heap with a security score of just 1.37.
The report praised the BlackBerry 7 OS both for its robust security-conscious design and the ease of use in the set up of security features. The iPhone was mentioned positively in that it did allow easy app "sandboxing," and because it does not include any type of removable storage (always a major security risk). The particularly low score that the Android 2.3 OS received was due to the fact that although "sandboxing" of apps was possible, it was very cumbersome, so the majority of users did not bother. This, of course, is a major security vulnerability, and hopefully most corporate users will be savvy enough to know to keep their apps out of their OS.
Although earlier versions of the iPhone OS were notably lacking in security features, the iPhone 5 OS offers users all of the security basics. An iPhone 5 is probably secure enough for your needs, but there are definitely some risks involved. Some analysts have questioned Yahoo!'s timing of the switch to smartphones in terms of security, possibly exposing themselves to security risks by pulling the trigger too early. The iPhone OS 6 is rumored to include several major security upgrades.
If the highest level of security is vitally important to you, you can feel the most secure with a BlackBerry.
Want to learn more about mobile security and how it can affect your business? Contact iCorps today.
Encryption -- turning a message into code before sending for security reasons -- has become standard protocol for sending the majority of email transmissions today. This trend can be seen in both the private and public sectors, but it is especially the case in the public sector, where 83% of federal agencies have policies allowing employees to encrypt emails.
While this sounds like a positive development, unfortunately, encryption is a double-edged sword. Encrypting messages does add a significant level of security, as encrypted messages have to be unencrypted, which takes time and makes them much less valuable to hackers. But emails that users encrypt at their desktop before sending cannot be subjected to any kind of content verification by network security, which makes it almost impossible to trace unauthorized data transmissions. In practice, the encryption that is used to guarantee the security of data actually becomes a method to send unauthorized data undetected through the email gateway.
The Encryption Conundrum
This encryption conundrum puts IT managers between a rock and a hard place. Nobody wants to give up the high level of security provided by encrypting employee emails, but IT security experts almost all say that significantly more unauthorized data is lost from networks by email than flash drive, disc or any other method.
The problem is just going to grow as more businesses and agencies move to encrypting most or all of their email traffic. A recent study suggested that over 80% of IT security managers were concerned about loss of sensitive data through encrypted email.
Advanced Email Security Technology
The only way to effectively solve this encryption conundrum is with advanced email security technology. Thorough training of employees on encryption protocols and other software analytics methods will help control the loss of sensitive data through encrypted emails, but these measures will not thwart a smart and resourceful individual.
To be sure that no one is sending out unauthorized data in encrypted emails, IT managers must have the ability to unencrypt files before they are routed to your Exchange server for outbound transmission. This is obviously a more laborious and time consuming process, but protocols can be set up so that only certain messages or a certain percentage of messages are unencrypted before outbound transmission.
This kind of advanced email security takes some significant expertise to set up properly. Federal agencies will likely staff up their IT departments and take on the task in-house. But that idea can be a little daunting for small and medium-sized businesses. Small and medium businesses should consider working with a high-end local IT services provider to get the results they want. Learn more about how to secure your email from a data leak.
If your organization falls under any of the types of government compliance, it’s crucial that employees follow the proper protocol to be compliant with IT security policies. Executives designate the process of ensuring that compliance standards are followed to IT leaders generally. The IT department determines where there are compliance gaps and applies the necessary measures and policies. However, for these measures to work efficiently, everyone in the organization must follow them. Unfortunately, employee non-compliance with policies can happen and when it does, security breaches are possible.
Here are the top five causes of breaches due to non-compliance:
Hackers have stolen credit card information from 63 Barnes & Noble stores across the US, reported the New York Times yesterday.
The advanced threats to computer systems today are more aggressive and sophisticated than ever. Worse, they are constantly being improved and updated with new versions of malware including various kinds of bots, viruses, worms, phishing schemes and even Trojan horse approaches. The consequence of network intrusions are also becoming more detrimental, and can result in disasters such as hackers getting access to client personal or financial data.
While standard commercial anti-virus software will protect you from 95% of the malware circulating on the Web, even regularly updated IT security systems offer you almost no protection from advanced system threats, especially advanced persistent threats guided by sophisticated hackers.
Advanced persistent threats are malware designed to exploit the vulnerabilities of specific targets, and once the malware is in the system, it is extremely difficult to completely remove. Some of the latest targeted system threats are incredibly sophisticated, and many are created to hide in multiple places deep in a network. You might find two, three or four corrupted files, but you can never be 100% sure you got them all. The only way to adequately protect your networks from advanced threats is a carefully designed layered defense.
A layered network defense is composed of several different types and layers of IT security measures, including but not limited to:
- complete endpoint protection and top-to-bottom solutions
- multi-factorial authentication
- strong encryption
- intrusion detection systems and content filtering
- virtual private networks
- packet filtering
Technology never stops evolving. And the ever changing Information Technology landscape— now including cloud computing and BYOD (Bring Your Own Device)—has had an enormous impact on IT consultants and the challenges they face. What are some of the ways companies and their IT departments are evolving to meet these new challenges? Read below to examine a few hot trends in network management.
The advent of cloud technology has revealed that the solution can pose great advantages to a business—as well as new threats to a network's security. As more and more companies choose to make their data available from anywhere by storing it in the cloud (on a server instead of a hard drive), it has become even more critical to find ways to keep hardware secure.
The need for IT security is paramount to successful operations, especially in the business world. All data is important and should not be subject to outside intrusion in the form of malware, worms, spyware, viruses, botnets or adware. Regardless of the size of the organization, an IT management system should be set up in order to protect against intruders.
An astounding half a million credit cards have been stolen from an unidentified Australian company. The hackers responsible for the theft are said to be an Eastern European group who are also suspected to be the same one’s that threatened the business continuity of Subway restaurants in 2011. A total number of 150 Subway restaurants in the US were victims of similar hacking.
Small and medium-sized businesses often focus on networks and software when considering their IT security profile. While adequate IT networking security is certainly an essential component for any plan to confront the current threat environment, organizations must also have in place policies and procedures that will promote print security. Unbeknownst to many SMBs, one of their biggest security vulnerabilities could actually be their printers.
Most Americans will recognize the term ‘melting pot’ as referring to the multi-ethnic nature of society in the United States. Now, however, some IT security professionals are beginning to use it in an entirely new context, referring to the current threat environment as a ‘complex melting pot’ largely comprised of ‘security challenges surrounding the secure transfer of sensitive data via email’. This new threat environment is a result of several converging trends, including small suppliers of email services to SMBs, the increasing use of email services based in the cloud, and the BYOD movement.