Tag Archives: Indiana

Why Hiring The Cheapest Computer Support Company Will Actually Cost You More

13 Dec 17
lverbik
, , , , , , ,
No Comments

As anybody working in IT will tell you, the most common question we get isn’t, “Why is my computer running so slowly?” or “Why is my Internet not working?” It’s, “What do you charge for your services?” With so many IT companies clamoring for your attention, it makes sense that you’d want to look for the most inexpensive, cost-efficient option, right?

The problem is that this question doesn’t get to the heart of the issue. Sure, any IT company can offer rock-bottom prices, but as with anything else, those savings are going to come with fewer, lower-quality IT services. Also, many cheaper services say they are inexpensive, but they typically have slow response times and nickel and dime you over everything.  Instead of asking about price right off the bat, the better question is, “What will I get for my money?”

With cheapo IT companies, the answer is not much. Maybe they’ll be there when the server breaks down or if Microsoft Word is acting weird on your computer. But you can bet they won’t help you implement IT systems that will prevent real, catastrophic issues from arising – the kinds of things that determine the success or failure of a company at the most basic level.

Today, business and technology go hand in hand. It’s an inescapable fact that good tech forms the pillars upon which successful companies stand. Many business owners still insist on cutting corners with IT, hiring cheap and inexperienced “professionals” to protect and support the most fundamental aspects of their operation.

Of course, it’s hard to fault them for doing so. Without a firm grasp of a business’s IT needs, it’s all too easy for a subpar, would-be IT partner to convince an owner they meet the company’s requirements. That’s why the question, “What will I get for my money?” is so important. IT support coverage needs to be comprehensive, addressing every potential sink-or-swim crisis before it actually happens. The integrity of your network infrastructure should support your business, rather than force you to run around putting out fires.

A downed server or temporarily unreliable network might seem like minor issues, but even the smallest of IT problems can easily snowball into an expensive nightmare that threatens your company’s very existence.

Take a company that stores all its data on a central, networked server, for example. Maybe they’re a content creation firm, with terabytes of custom-designed client marketing materials stashed away, or a large law practice with thousands of vital case documents. They were reluctant to spend much on IT support, so they went with the cheapest option available. Of course, regular server maintenance wasn’t included in their package, but they assumed their trusty hardware would keep kicking for at least a few more years. But when an employee tries to access the database, an error pops up. Upon further investigation, it turns out the outdated server has finally broken down, apparently for good. All those documents, all that data instrumental to the basic functionality of the company, is irrecoverable – thousands of hours of work (and thousands of dollars) down the drain, and all because of an issue that would easily have been caught and prevented by a team of qualified IT experts.

When technology works, it’s easy to imagine that it’ll continue working without issue. But the fact is that a computer network requires constant, behind-the-scenes monitoring and maintenance to ensure it stays up and running, not to mention secure.

From hordes of hackers waiting in the wings for you to slip up, to hardware failure, to natural disasters, rogue employees and a million other IT threats, it’s important to ensure the stability of your network before a problem comes knocking. Cheap Band-Aid solutions work great until the day they cost you thousands. It’s better to invest in a team of real IT experts, and avoid crisis altogether. It’s much cheaper to prevent something from breaking than it is to replace it altogether.

Top Tricks Cybercriminals Use To Hack Your Computer Network

16 Nov 17
lverbik
, , , , , , , , , , , , ,
No Comments

There’s no denying that cybercrime is on the rise. All it takes is a glance at a few big news stories from the past couple years. Equifax gave up the information of over 100 million people, many of them not even users, to a surgical hacker attack. Last May, over 57,000 infections spread from a single ransomware source across 99 separate countries, with damage reaching everything from hospitals and businesses to vital public utilities like the German railway network. And how many high-profile celebrities have had their phone’s picture feeds hacked and had to deal with the scandal of some maliciously leaked photographs, some of which they’d deleted years before?

But it’s not just massive corporations like Equifax or JPMorgan or actresses like Jennifer Lawrence that are being targeted day in and day out. It’s small businesses, many equipped with far less robust security measures in place. In fact, if you’re an entrepreneur, it’s almost a statistical guarantee that hackers will target your business at some point down the road.

In your company’s battle against cybercrime, it’s essential to stay abreast of the rapidly shifting digital landscape. Only the most up-to-date security technology can even hope to protect you from the ever more sophisticated thieves pounding at your digital door.

However, it’s also important to stay informed. Here are a few of the sneakiest and most common tricks thieves use to snatch your vital data:

Social Engineering Hacking, though it can cost you thousands and thousands of dollars and do just as much damage as its digital counterparts, doesn’t require a single line of code. Instead, they find weaknesses in the “human network” of a business. For example, skilled scammers can call your business’s cell phone provider, posing as the CEO’s spouse, and convince the customer service rep to hand over passwords, Social Security numbers, and sensitive personal information. Many IT departments are susceptible to this same scam.

Often, social engineering is used to gather information that will later be used for a different strategy. Such as …

E-mail Phishing, which hijacks (or fabricates) an e-mail account with trusted authority and sends users an e-mail requesting they click a particular link. Maybe the e-mail looks like it’s from the service department of your company’s time-tracking software, seeking to remedy an error. But when the link is clicked, ransomware or other malware spreads like wildfire through the system, and the user is at the mercy of the hackers. Usually, this is used to extort exorbitant sums of money out of small businesses or individuals. Symantec reports that just last year, over 7,000 businesses of all sizes fell prey to some form of phishing scam, costing them more than $740 million in total.

Brute-Force Password Attacks Or Password Guessing are just what they sound like. Either a hacker uses a software that, after putting in some data about the target (for example, the name of their dog or their anniversary), runs through potential keys ad infinitum. With sufficient information about the target, it’s only a matter of time before the software breaks through. Or, more often than you might think, hackers can simply guess the password. Infiltrators have common passwords that use real words or common structures memorized and can run through hundreds before giving up.

Fault Injection is a different story, usually only used by the most dedicated, sophisticated hackers around the world. Cyberthieves will use a complicated software to scan the source code of their internal software or network, noting every potential weak point in the system. Then, by splicing in strings of code, they can penetrate through and steal data, inject a virus, or employ other digital mischief.

How To Protect Yourself Against These Threats

As they say, forewarned is forearmed, but it’s not enough to keep your eye out for common hacker strategies. As the progress of technology marches on, so do the techniques and softwares used by hackers, resulting in an infinite number of permutations of ways they can penetrate your system.

The only way to be truly secure is by utilizing bleeding-edge security solutions to ensure you stay ahead of the breakneck developments in hacker technology. With constantly updating software dedicated to security, along with some know-how, you can rest a lot easier knowing your data is safe.

Why Your Current Antivirus, Backup, And Firewall Have Been Rendered Completely USELESS (And What You Need To Do About It)

16 Aug 17
lverbik
, , , , , , , , , , ,
No Comments

At the end of World War I, German engineer Arthur Scherbius constructed a device that would become central in another worldwide conflict of unimaginable magnitude over 20 years later: the Enigma machine. The machines, which steadily became more complex with each iteration, consisted of a series of rotors that, by themselves, encrypted messages input via the attached typewriter. Each rotor performed a simple substitution cipher, but when run through multiple rotors, the encryption reached a staggering level of complexity.

Initially used for transmitting sensitive company secrets in the commercial sector, the technology was eagerly adopted by the German military machine prior to World War II. After war broke out across Europe once again, Enigma encoding became central to the operation of the Axis powers, used for sending vital, sensitive intelligence across the airwaves. Due to the complexity of the Enigma system, the Germans were certain that the code would not, and could not, be broken.

But the Germans were wrong. Using photographs of stolen Enigma operating manuals obtained by a German spy, the Polish General Staff’s Cipher Bureau managed to construct an Enigma machine of their own, enabling them to covertly decrypt substantial amounts of Axis intercepts. Ahead of the impending invasion of Poland, the Poles shared their knowledge with the French and British military to expedite the defeat of the Germans. A massive team at Bletchley Park in Buckinghamshire, led by code-breaking master Alan Turing, became the central location for Allied efforts to keep up with Enigma operations.

Germany, still convinced the code was fundamentally unbreakable, continued using Enigma for a wide array of communications. But even the most complicated four-rotor Enigma systems were eventually decrypted. Great pains were taken to ensure the Germans never learned their precious code had been broken, labeling any intelligence gained from Enigma as “Ultra,” keeping the significance of Bletchley Park’s operations under wraps. Ultra-intelligence was used sparingly to avoid German suspicion.

The efforts of the Polish Cipher Bureau, Alan Turing, Bletchley Park, and the hundreds of men and women who contributed to the cracking of the Enigma code were described as “decisive” in theshortening of the war, and, at the high end, are estimated to have saved over 14 million lives.

Much like the Germans who assumed Enigma was uncrackable, most business owners believe their current, potentially outdated, cyber security measures will keep their data safe. But, in the contemporary age where digital information is as precious as gold, cybercriminals are working around the clock to penetrate even the most robust security solutions. You can bet they’ve already created a workaround for your current antivirus. What was good enough before may not be good enough today. After all, it’s simply impossible that a security solution from even two years back could be equipped to defend your precious data from a cutting-edge hacking technology that didn’t even exist when it was created.

Today, companies that fail to stay abreast of the latest cyber security trends — clinging foolishly to their own Enigma — are certain to pay the price down the line. Once the lock is picked, you need a new lock, and criminals are cracking new locks each and every day.

Luckily, as your IT provider, we’re cyber security experts, and we constantly seek the latest and most robust security solutions. Don’t leave your company’s security up to a false sense of confidence. Always be looking at options to upgrade your digital security and make it a sure thing.

The ONE Thing You Must Do to Keep Your Data Safe in the Cloud. Is Your IT Guy Doing This?

26 Jul 17
lverbik
, , , , , , , , , , ,
No Comments

How secure is your data? Cloud data storage is becoming a massive industry in this country, and many businesses and other institutions are putting their data into the cloud. Some of this data is pretty harmless. Other stuff — like hospital records, banking information, or company payrolls — are prime targets for bad actors. Is the cloud storage tradeoff worth it?

The short answer is yes, but only if your IT guy is encrypting your sensitive data.

Every cloud storage company you talk to will claim to take top-of-the-line security measures on behalf of your data. But that, in a nutshell, highlights the problem with cloud storage. Your data is entrusted to a third party for safekeeping. It’s possible that they’d do everything in their power to safeguard your information. But bad things, like ransomware, phishing, or just plain going out of business, do happen. And when they happen, it’s not the cloud storage company whose data is on the line; it’s yours.

Even if that doesn’t occur, let’s be honest. Most of the major cloud storage companies are based in the United States, the U.K., or France, where they could be subject to NSA snooping (or questionably legal surveillance from any other government entity). Despite the best efforts of many storage companies to  prevent government intrusion, your data could still be at risk, even when it’s locked up tight.

This brings us back to encryption, which is the hands-down best way to protect your data, period. It’s just like locking sensitive data in a box, with a password needed to reopen it. Even if someone gets ahold of the box, if they don’t have the password, there’s nothing they can do with it. There are a lot of encryption tools out there and you’ll want to make sure that you have the right one for your specific needs. If you ever need a recommendation, don’t hesitate to reach out and ask! We’ll be happy to provide you with the specific recommendation (free or paid) that fits your needs.

In addition, most cloud storage companies protect your data with their own encryption, but this isn’t as secure as encrypting your own information. That’s because the cloud storage company has the encrypted data in its possession, but it also has the keys to that data. If someone can get in, they can probably get the information they want. And a disgruntled employee — or just a hapless one — can also provide hackers access to the system through good old-fashioned human engineering.

If the cloud storage company is compromised (and it happens quite often), will your data be secured or unsecured? Well, if you’re encrypting your own data before uploading it, then the bad actors will open up the safe to find … a bunch of locked boxes. Pretty frustrating, right?

On the other hand, if you’ve trusted the cloud storage company to take care of everything, you’re going to have a bad day.

As you can tell, it makes sense to have your IT guy encrypt everything that gets put on the cloud before it gets there. But remember, just as your cloud storage provider is vulnerable, you can be vulnerable as well. It’s less likely that bad actors will target your company specifically, but if they want your data bad enough, they’ll go to great lengths to get it.

Many people have a misconception that these criminals will just use a magic program to crack your encrypted files. Decryption does exist, but it requires a lot of time and processing power. It’s far more likely that hackers will target your email or other aspects of your system and try to find out the encryption codes that way. And never forget that people are the weakest part of your IT security. Educate employees so they aren’t vulnerable to phishing scams, downloading questionable software, and visiting the wrong websites.

The Most Common Ways Hackers Access Your Network

28 Jun 17
lverbik
, , , , , , , , ,
No Comments

You are under attack. Right now, cybercrime rings in China, Russia, and the Ukraine are hacking into small businesses like yours to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack American businesses, and half of all cyberattacks are aimed at small businesses. The National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year. It’s critical that you protect yourself from the following 10 vulnerabilities.

1 Poorly trained employees are the biggest risk. It’s common for an employee to infect an entire network by opening and clicking a phishing email designed to look like legitimate correspondence from a trusted source. If they don’t know how to spot infected emails or online scams, employees can easily compromise your entire network.

2 We strongly recommend an acceptable use policy that limits the websites employees can access with work devices as well as work material they access with personal devices. We can easily set up permissions that regulate which websites your employees access and what they do with company-owned devices, even granting certain users more freedom than others. You also need to detail what an employee can or cannot do with personal devices when taking work home.

3 Weak passwords are bad news; passcodes should be at least eight characters long with both lower and uppercase letters and include symbols and at least one number. On a company cellphone, requiring a passcode makes stolen devices harder to compromise. Again, this can be enforced by your network administrator so employees don’t get lazy and put your organization at risk.

4 If your networks aren’t patched, new vulnerabilities (which are common in programs you already use, such as Microsoft Office) can be exploited by hackers. It’s critical that you patch and update your systems frequently. If you’re under a managed IT plan, this can be automated so you never miss an important update.

5 Are you backed up in multiple places? Aggressive ransomware attacks, where a hacker holds files for ransom until you pay a fee, can be foiled by backing up your data. You won’t have to pay a crook to get them back. A good backup will also protect you against accidental deletion and natural disasters, and it should be automated.

6 One of the fastest ways cybercriminals access networks is by duping employees to download malicious software by embedding it within downloadable files, games, or other innocent-looking apps. This can largely be prevented with a secure firewall and employee training and monitoring.

7 Not all firewalls are created equal. A firewall blocks everything you haven’t specifically allowed to enter or leave your network. But all firewalls need monitoring and maintenance, just like all devices on your network, and a weak one does you little good. This, too, should be done by your IT person or company as part of their regular, routine maintenance.

8 Many hackers exploit your devices when you connect to public Wi-Fi, getting you to connect to their Wi-Fi instead of the legitimate public one. Always check with a store or restaurant employee to verify the name of the Wi-Fi they are providing. And never access financial or medical data or enter your credit card information when surfing public Wi-Fi.

9 It may be one of the oldest tricks in the book, but phishing emails still work. The  goal is to get you to download a virus by clicking a link or getting you to enter your login information on a clone of a legitimate website.

10 In 2009, social engineers posed as Coca-Cola’s CEO, persuading an executive to open an email with software that infiltrated the network. Social engineering is another old-school tactic, but, like phishing, it works well. Hackers pretend to be you, and people often fall for it.

If you are concerned about cybercriminals gaining access to your network, then call us to learn more about implementing a managed security plan for your business. You’ve spent a lifetime working hard to get where you are and have earned every penny and every client. Why risk losing it all? Get the facts and be certain your business, reputation, and data are protected.

The Latest Malware Threat Will Make You Wanna Cry

24 May 17
lverbik
, , , , , , , , , , ,
No Comments

Wannacry, Wannacrypt, Wannadecrypter, these are just some of the names of the latest string of malware circulating both the news cycles, and the internet.  They are all part of a Major Ransomware sting that hit the scene last weekend.  In case you don’t know Ransomware is a bug that infects your computer and then encrypts whole drives with an encryption key, making them useless unless you have the key to un-encrypt them.  The bad guys then offer to “Sell” you the key for $300 Bitcoin.  (Bitcoin is an internet currency that is untraceable, and gaining popularity as a global currency, and not just by the bad guys).  Wannacry exploited a vulnerability in Windows to encrypt the computers.  Microsoft had released the Patches back in March, and we had them set up to go out then.  We checked through our software and found that all of our clients that are on the Advantage Care Monitoring packages were already patched (there were a couple of un monitored computers that didn’t have the patch, but we took care of that).  We just wanted to let you know that we are taking these security threats serious, and are doing what we can to help protect you.

Things to watch out for:

  1. Strange attachments that you are not expecting in an email. If you get an email with an attachment that you are not expecting.  Before you open it, reach out and see if the individual actually sent something to you.  It was said that the Wannacry was being distributed via email (worm where bug would replicate itself and email it out to everyone in your contacts list).
  2. If you get that pesky window that pops up saying that it wants to run windows updates… let it.
  3. If you are on a maintenance plan with us, but you shut your computer down every night, we can’t push out the updates to you, and end up trying to push them out during the day, disrupting your work flow. This can be avoided by leaving your computers turned on at night, when we do the updates, and other housekeeping duties to ensure that your computers are up to date, and fresh for you the following day.
  4. Be mindful of where you are going on the internet. The internet is full of corrupted web sites, some are just malicious, and others are corrupt and could infect you just by visiting them.
  5. Nothing on the internet is “Free”. Free games, and Free coupons come with a catch.  They get to install stuff on your computer that sends them info, and leave you vulnerable.  Once these things get on your system, they reach out to their “Paying” friends and invite them to the party on your computer, and now all of a sudden your computer is crawling because all of this unwanted software is clogging everything up, and potentially doing harmful things in the background.
  6. Backup, Backup, Backup!!!!!! The best defense against Ransomware is just blow away the infected computer/files and rebuild it. A backup is essential for this.  An offsite, disconnected version is essential these days as well.  There have been cases where an external hard drive with all of the companies backup files were encrypted also (because they were connected to the computer when it was infected). So just having a backup file may not be enough.

We are taking extra steps to ensure all of our client’s security.  If you have any questions, feel free to contact us and we can  discuss this more.

Cybercriminals Confess: The Top 3 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

21 Apr 17
lverbik
, , , , , , , , , , , ,
No Comments
  1. We’re masters at getting you to click on fake e-mails. One of the most common ways hackers gain access to computer networks and devices is via phishing e-mails. Gone are the days when you could easily spot a spammer’s e-mail because of its poor English, typos and punctuation mistakes – attacks are getting more and more sophisticated. That’s because cybercriminals have access to the same cutting-edge online marketing tools that legitimate companies have, giving them the ability to send highly targeted messages that look completely legitimate from sources you trust. These e-mails often use your name, your professional title and may even reference a group you belong to. Further, if you click on the e-mails or respond, you’re inviting a hacker into your network that bypasses a firewall and antivirus software. The only way to avoid getting snared by a phishing e-mail is to NEVER click on, open or respond to any e-mail requesting personal information, passwords, login details, etc. Always go directly to the site.
  2. We automate attacks that work around the clock. Hackers have software programs that systematically test millions of possible passwords to break into your PC. Easy-to-guess passwords are worthless against the power, automation and sophistication of these super-apps that will constantly hammer away at guessing your password. Because of this, make sure your passwords contain both uppercase and lowercase letters, at least one number and special characters – and NEVER use easy-to-guess passwords like “letmein” or “password.”
  3. We can use legitimate web sites to attack you. A growing number of cyberattacks are coming via “drive-by” download, where a hacker gains access to a legitimate, honest business web site (or sets up a site that looks legit on every level) but has malicious code installed called an “exploit kit.” An exploit kit can discover a vulnerability fast by probing your operating system, browser and the software you have installed (like a PDF reader or video player) to find a way to access your PC or network. If you (or your IT company!) aren’t applying regular security updates, you are unprotected against these exploits.

While these are common ways hackers gain access, there are dozens of other more straightforward ways hackers gain access if you’re not diligently updating and patching your network, maintaining an up-to-date firewall, antivirus and spam-filtering unified threat-management system. The days of “That could never happen to me” are gone.

If you want peace of mind that YOUR business isn’t a “sitting duck” to hackers, call us for a free assessment at 317-857-0150. You’ll discover if you truly are protected from common hacker attacks and what you can do now to avoid being an easy target. Call today at 317-857-0150.

4 Must-Have, Low-Risk Cloud Solutions

05 Apr 17
lverbik
, , , , , , , , , , , , ,
No Comments

Let’s face it, your business has more competition than ever. And they’ll eat you alive if you fall behind in today’s technology “arms race.”

Maybe your network needs greater security. Or you haven’t yet taken advantage of new cloud-based apps that help your team get more done in less time. Today, the action is in the cloud. And if you don’t know what’s out there, it’s just that much easier for competitors to pull ahead.

To help you stay on top, here’s a quick survey of four ways to put the cloud in your corner, along with examples of each.

Network Security

As devices on your network become more diverse and mobile, monitoring them in real time is absolutely critical to averting cyber-attacks. A good network-security tool probes for weak points and alerts you to potential threats. It can employ both hardware and software technologies. And today’s environment demands a bevy of checkpoints, from access control to WiFi-intrusion monitoring.

But how do you protect against threats that evade your monitoring efforts? Due to the recent spread of “fileless” malware, no antivirus program is 100% “bullet-proof.” However, you should be able to find basic software protection for around $40 per user. Look for features such as e-mail security, data loss prevention, network segmentation and behavioral analytics. And ideally, it scans quickly, takes up little space on your devices and may even be able to recover files encrypted by ransomware.

Collaboration

Giving your team the right cloud collaboration tools can be almost as good as giving them steroids… (Except, of course, it’s legal.) With the wide array of apps available today, the trick is finding the best one – or the best combination – for your company. Top contenders include Asana, Slack, Teamwork, Trello and Google Drive. These and similar apps can improve efficiencies in areas like project and task management, team communications and collaboration, brainstorming, document processing and storage, and more. And with cloud collaboration, you’re no longer restricted to bringing aboard talent from your local area alone.

Contracts & Accounting

Contracts and proposals that get bogged down in logistics can hurt monthly revenues. Is your sales team still asking customers to sign and fax back important documents? If so, they’re losing precious minutes every day. Then there’s the cost of storing and managing physical files. It all adds up. It’s no wonder so many companies now use electronic signature apps, such as DocuSign, Adobe Sign and RPost. They’ll let you manage the signing of important documents entirely online, and will encrypt and store files for you. Some are even court-approved and create a full audit trail.

For small business accounting, industry veteran QuickBooks, now with an online version, and upstart Xero can help you keep the books with relative ease. They both offer a clean, intuitive UI and affordable pricing with a comprehensive set of features. And, of course, being cloud-based, they can be accessed from a variety of locations, adding flexibility to your workforce.

If you’d like to know how well your company is (or isn’t) taking advantage of today’s cloud, contact us.

Network Abuse: Don’t Push Your ‘Luck’

16 Mar 17
lverbik
, , , , , , , , , , , , , , , , , , , , , ,
No Comments

Look around your office. Isn’t it great to see your team hard at work on their computers? Yet if we take a closer look, let’s see what’s really happening…

Joe, your new sales rep, is poring over last weekend’s game stats…

Amy in marketing is looking for a new job, surfing your competitors’ websites, chatting with their HR people…

Wes, over in customer support, just bogged down your entire network by downloading a video file of Metallica in concert…

Guy, your new hire in shipping, is on hotdate.com, viewing questionable photos…

Bob in accounting is browsing stock-investing sites, in search of a hot tip…

Okay, so maybe it’s not that bad at your company. But this type of behavior will happen to some degree if you don’t proactively prevent it. The real problem is, unfiltered content often links to malware and other threats. Ignore it and you risk productivity losses, legal liabilities, extortion, blackmail and fraud. And not only that, the resulting data loss and corruption can cost your company big-time. Cyberthreats stemming from unfiltered content aren’t something you can count on your lucky leprechaun or four-leaf clover to protect you from.

In today’s mobile environment, content filtering has becoming a greater challenge than ever before. Your company may already be doing some filtering at the network level. However, when was the last time you checked the number of mobile devices linked to your network? As your workforce goes mobile, your network is exposed to a rapidly expanding “attack surface.” With BYOD (bring your own device) now the norm, the old rules of content filtering just don’t cut it anymore.

Are You Making Any Of These Mistakes?

Old content-filtering models presume your network has a safe “firewall.” But now, with BYOD, you need a different way to protect your data. And that’s where endpoint security comes into play. Endpoint filtering keeps devices on your network safe from infection, no matter where they hook into the Internet.

But make ANY of the following mistakes with endpoint security and your network could be a sitting duck:

  1. Missing even ONE endpoint. This applies to tablets and smartphones as well as home-based machines that VPN into your network.
  1. Skimping on security policies, protocols and training. Believing that tech tools alone will keep your network secure is a recipe for breaches. In fact, no technology can keep a network safe if users cut corners.
  1. Leaving endpoint filtering out of your overall security plan. Ad hoc security invites disaster. An improperly designed system exposes holes that hackers love to find.

So, What Exactly Should You Filter?

Forrester Research states that companies whose users access the cloud should:

  • Detect and intercept unusual or fraudulent activities related to data in the cloud.
  • Detect, neutralize and eliminate malware in cloud platforms.
  • Detect and monitor unsanctioned cloud applications and platforms usage.
  • Protect against leaks of confidential information.
  • Encrypt structured and unstructured data in cloud platforms.
  • Investigate suspicious users and incidents.

Between BYOD and ever more complex cyber threats, you simply can’t afford to run around putting out fires. You absolutely MUST proactively defend your network in depth with endpoint content filtering.

Lost Employee Smartphone? Do This NOW!

15 Feb 17
lverbik
, , , , , , , , , , , , , , , ,
No Comments

“Hey boss, I lost my smartphone.”

How well have you prepared for this moment? It will happen sooner or later. If your company has a plan in place, no big deal. If not, you may suddenly get that sinking feeling in your gut …

And well you might. You now have three big worries:

Compliance Issues – If your employee had access to information covered by any number of regulations, your company could be subject to stiff penalties. One employer we know of wound up with a $900,000 fine.

Data Security – Sensitive company data in the wrong hands could spell disaster. Access to your network, secure sites, proprietary files, work-related e-mails and corporate secrets may now be out of your control. You must move quickly to prevent serious financial harm.

Employee Privacy and Property Concerns – If a valued employee had family photos and movies on the device, and you remotely delete all data on the phone, you may now have a disgruntled, or even uncooperative, employee. Especially if company policy regarding BYOD (bring your own device) and data loss were not clearly stated and agreed to up-front.

So how do you prevent a relatively minor incident from blowing up into a big problem? Here are seven smart measures you can take right now to prepare for the day an employee smartphone is lost or stolen:

  1. Install a mobile device management (MDM) system on any employee device to be used at work. This software can create a virtual wall separating work data from personal. It facilitates any security measures you wish to impose. And to protect employee privacy, it can limit company access to work data only.
  1. Determine which devices will be allowed and which types of company data people may access from them.
  1. Require that employees agree with an Acceptable Use Policy before they connect to your network. Make sure these include notice as to conditions in which company data may be “wiped” – i.e., destroyed. Also include specific policies regarding device inspection and removal of company records.
  1. Put strong data protection practices in place. Require use of hard-to-crack passwords and auto-locking after periods of inactivity. Establish protocols for reporting lost or stolen devices. Mandate antivirus and other protective software as well as regular backups.
  1. Designate someone at your company to authorize access to software and critical data. This person can also be your main point of contact for questions about BYOD policy and practices. It might also work well to distribute a resource page or FAQ document to your employees.
  1. Establish a standard protocol for what to do when a device is lost or stolen. Both Android and iOS phones have features that allow device owners to locate, lock and/or “wipe” all data on their phones. Make sure your policy requires that these features are set up in advance. Then, when a device is lost or stolen, your employee can be instructed to take appropriate action according to your protocol in order to protect company data.
  1. And finally, your best protection is to implement a well-crafted BYOD policy in advance. Develop it in partnership with risk management and operations personnel, as well as legal counsel and IT professionals, to come up with an effective and comprehensive plan.

Do not delay on this – it is a serious vulnerability that can and must be addressed in order to assure the safety of your company’s data and systems.