Tag Archives: information

The Hidden Dangers Of “Shadow IT” To Your Business

14 Jun 17
lverbik
, , , , , , , , ,
No Comments

We all know that using information technology — programs, apps, or internet browsing — carries a certain amount of risk. Nobody wants to have their secure data compromised, but technology brings enough benefits that the risk is worth it. So you vet certain systems, you establish protocols, you update and patch your software, and you keep track of the technology used at work.

But what about the technology your employees are using that isn’t part of your official plan? We’re talking about messaging apps, Excel macros, cloud data storage, collaboration spaces, and even hardware like USB drives, smartphone storage, and personal laptops that you don’t control.

We call this “shadow IT,” and that’s a whole lot of potential holes to cover!

Even if you ignore the dangers of having accounts hacked, data stolen, and websites vandalized, shadow IT can be very inefficient. You don’t control it, so you don’t know where important information is or what work is being done. It makes it hard to avoid duplication of efforts and even harder to manage employee productivity. What are you to do?

Well, your gut reflex might be to “crack down” on using unauthorized technology for work purposes. Swallow that reaction, though — you can’t stop it, and you’ll just harm morale. You’ll also drive usage even further underground; your people won’t be honest with you for fear of reprisal. That means that if a compromise occurs, you’ll be the last to know.

Instead, keep an eye on the situation. Make it clear that you support employees using the tools they need to get the job done, as long as they let you know what those tools are. If your people start using cloud storage apps, that’s fine — but have them explain how they’ll keep that data secure. Just as you empower them to find their own tools, empower them to keep things secure.

You probably can’t come up with a list of all the shadow IT that’s being used at your work, but you can keep an eye on the trends as they develop. Research the technology that’s being used and watch the headlines for data breaches or other compromises.

In some cases, you will have to crack down on specific apps, programs, or devices being used at your work; they’re just too risky. If you’ve worked with employees and fostered good communication, this shouldn’t be an issue. Remember to avoid blaming employees when shadow IT becomes a problem — especially if they bring the issue to your attention themselves. There’s nothing wrong with asking your people to stop using a specific program or device, as long as you’re transparent and have good reasons.

Last, but not least, try to look on the bright side. Shadow IT may be a little risky, but it also presents opportunities for employees to drive productivity and try out new best practices. If they’re using a piece of technology, it’s probably doing something that the currently “approved” tech is not. They’re also showing self-starter tendencies and trying to do their job better. And that’s always something you should support!

Protecting Your Data – Is your password strong enough?

18 Aug 14
lverbik
, , , , , , , , , ,
No Comments

Information security is an ongoing process, not something you do once and then forget about, right?

Right!  If you’re still keeping all your original passwords in a small dusty notebook on the corner of your desk…it’s time to rethink.

 

You’ll be relieved to know there are some really good online password management solutions you can use.  Passwordbox.com, Lastpass.com and Dash

The single best way to reduce the risk that hackers have zeroed in on your online credentials is to change passwords on a regular basis. As an extra precaution, you could create a distinct password for each website.  This lessens the chances that a crook could tap into all of a person’s web-based accounts, especially bank accounts.  Consumers could for example, preface an easy to remember password with the name of the store, such as “amazon_Zulu58!”lane.com can help computer users develop stronger passwords that are kept in a virtual vault, of sorts.  That way unencrypted data doesn’t stay in the user’s browser cache.  Some sites also have a repository for credit card numbers.

“Proceed with Caution”  is a good general rule of thumb to remember whenever you’re opening attachments, making purchases or logging in to a site.  Some local Indiana banks and businesses have been breached when the hacker sends an e-mail to an employee that contains a malicious attachment.  A single careless click installs key-logging software that harvests passwords.  Clever hackers may even go so far as figuring out a professional organization to which an employee belongs and creating custom e-mails to entice the reader to open and click.

While some online retail sites appear slick and compelling for consumers – often times they are traps for stealing consumer data.  Be cautious of sites that lack basics such as a phone number or office address on the site.  Also, look for whether it is a member of the Better Business Bureau or whether it has been reviewed or recognized by industry publications that might attest to the site’s authenticity.  When placing online orders, consumers also should watch that the URL on the browser indicates that the data is encrypted, such as displaying https: rather than http:.

Much of the earlier hacking focused on financial companies. But as those systems have been strengthened, hackers are turning to less robust systems operated by hospitals, small retailers and other industries.

Here are six keys to help keep your information secure:

1)      Use a different password for every website you visit.  We know it seems like password overload but it is a lot less work than dealing with getting hacked.

2)      Use a combination of upper case, lower case, numbers and symbols.  The more original you are the better.

3)      Change your passwords every three months.

4)      If it’s hard to remember all your passwords, try a password manager.  With most password managers, you have to put in a master password every time you want to use it, so it keeps hackers out.

5)      Make sure your computer has an anti-virus program.  Several companies such as Avast, McAfee, Webroot and Kaspersky offer suites of protection.

6)      Set-up two step log-ins.  Two step authentication asks you to sign in with your password, and then add a second sign-in – a numeric code sent by text, e-mail or a phone call.  Think of it as a double password.

 

Have questions?  Jay and his team at Techno Advantage want to help you ensure that you’re protected.  Click here to contact a Techno Pro!

**Don’t forget – Windows Server 2003 will officially be unsupported on July 14, 2015. **

Contact Techno Advantage for more information on migration solutions.  317.857.0150