How Companies Can Stay Secure When Introducing BYOD Policies

By | September 23rd, 2016|Business Security|

CSIDBring your own device (BYOD) policies continue to grow in popularity. Employees and employers alike are enjoying the flexibility of using their own devices for work, so much so that we’re starting to see the workplace itself evolve. While we’ve seen many benefits to these policies (productivity, cost savings), it’s important to note that creating a BYOD policy without security in mind may put company data at risk.

BYOD policies may mean an increased risk for employee error. For example, a recent survey found around 40 percent of respondents said they never change their passwords on devices except when prompted to do so. Forty percent also said they use the same passwords across multiple websites. Such poor employee password habits can leave the door wide open for criminals, as we demonstrated last year, when hackers were able to infiltrate our fictional small business, Jomoco, in less than an hour.

However, a thorough understanding of the strengths, preferences and limitations of the average employee can address these security gaps. Here are best practices and recommended tools to implement effective BYOD security measures for your company:

BYOD best practices:

  • Develop a BYOD policy in partnership with IT, risk management, and legal counsel. Keep an open line of communication with IT so they can quickly communicate new and emerging threats of which employees should be aware of.
  • Educate employees on BYOD security best practices regularly. It should never be assumed that your employees understand all the guidelines spelled out in your policy.
  • Require your employees to create long, strong and unique passwords, and encourage employees to take advantage of two-factor authentication wherever possible.
  • Require that employees password protect their mobile device if it hosts company information.
  • Require your employees to update their software on devices when prompted. These updates typically address security vulnerabilities.
  • Require that employees quickly report any lost or stolen devices. Swift response allows you to mitigate the risk of sensitive information falling into the wrong hands.

BYOD tools:

  • Use a secure alternative to open Wi-Fi networks. Provide employees with access to a VPN or hotspot.
  • Create and provide standard antivirus, anti-malware protection for all types of devices.
  • Consider enlisting the support of a proactive monitoring service for your company. By proactively monitoring for employee credentials on the dark web, businesses can determine when an employee’s personal information may have been compromised.

As a closing thought, always keep in mind that threats are constantly evolving, so a good BYOD policy is never complete. Just like any business process, BYOD polices should be reviewed and updated on a regular basis.

To stay up to date with all business security news, be sure to follow us on FacebookTwitter and LinkedIn.


Cybersecurity Tips for Working Remotely

By | September 16th, 2016|Business Security|

CSIDFor 3.7 million Americans, waking up and logging onto a computer from the comfort of their home marks the start to their workday. According to Global Workplace Analytics’ 2016 study, 50 percent of the US workforce is now permitted the luxury to partially telework during the workweek. This trend continues to edge toward the norm. In fact, the ability to work remotely, for the greater, non-self-employed population, has grown 103 percent since 2005.

While more opportunities to work remotely may reflect the emerging modern workplace, there are several factors employers and employees should weigh and discuss to ensure security is top of mind.

If your job allows employees to work remotely, consider the following:

Employees: Protect Your Home

  • Use strong, cryptic passwords on all of your work and personal accounts. Resist the urge to duplicate passwords.
  • Use two-factor authentication whenever offered for both work and personal accounts.
  • Personal and work devices should be equipped with the latest antivirus software, web filtering, firewalls, and encryption. Always make sure your devices and software have the most up-to-date versions to help safeguard information.
  • Work with your company’s IT department to set up a virtual private network, or VPN, to add another layer of security to your home’s internet.

Employees: Working Elsewhere

  • Employees should keep personal and work devices password protected in the event they are stolen or misplaced.
  • Avoid accessing sensitive company accounts on public Wi-Fi or unsecured networks. Public Wi-Fi can increase the risks of signal sniffing and compromise personal accounts, as well as professional networks. Many hackers set up accounts that mimic the names of frequented locations, hoping to steal from unknowing users. Consider using a VPN to access company data, or using your cell phone as a hotspot.
  • Be aware of your surroundings. Consider a screen protector and make sure sensitive calls are made in private.

Employers: Create a Cybersecurity Policy for All Employees
To help foster a conversation and environment committed to cybersecurity, organizations should create a cybersecurity policy and make staff training and security education a priority. In a recent episode of Firewall Chats, Michael Kaiser, executive director at the National Cyber Security Alliance, discussed creating a culture of cybersecurity at work.

“[Policies need] to be reinforced,” Kaiser said. “It can’t be a one and done kind of thing. It has to really be periodic. … Reminding people of the value of the information that an organization holds and the responsibility they have to protect it. When people give you their information, they expect you to protect it.”

To create a cybersecurity policy:

  • First, identify the security risks and threats that may affect your business
  • Develop clear policies and procedures for all employees, whether on-site or off-site
  • Train all employees on your new (or existing) cybersecurity policies
  • Create and maintain a process to help reward policy followers and address offenders
  • Define and address third party and vendor risks
  • Work closely with your IT department to detect and address unauthorized activity

Creating a culture of cybersecurity will help safeguard employees and company data, regardless of where they work. Employees, do you have the ability to work remotely? Are you aware of the security steps needed to help keep your company safe? Share your experiences on Facebook, Twitter and LinkedIn.


Firewall Chats, S. 2, Ep. 5: Creating a Culture of Cybersecurity at Work

By | April 12th, 2016|Firewall Chats|

CSIDThis April, the National Cyber Security Alliance is encouraging consumers and business owners to make time for digital spring cleaning. Each week is dedicated to highlighting tips to help secure our most sensitive data.

It’s important to make cybersecurity a priority in your personal life, as well as work. Small businesses are frequently targeted by cyber criminals, as many do not have policies and procedures in place to guard them from such an attack.

In a recent survey, eight out of 10 small business owners said they do not have a cyber attack response plan in place, even though the majority (63 percent) of these businesses have been a victim of at least one type of cyber attack.

For insights into the “dos and don’ts” of creating open cybersecurity, we sat down with Michael Kaiser, executive director at the National Cyber Security Alliance. The first thing small business owners need to do is understand the risk is serious.

“Don’t think it won’t happen to you,” Kaiser said. “Don’t think that what you have is not valuable to a cybercriminal.”

Companies need to be very aware of the safety and security necessary to keep information and work devices safe from malicious threats and human error.

“It has to be a commitment from the top of an organization for people to take cyber security seriously,” Kaiser said. “Everyone plays a role in that. … Leadership sets the tone about the importance of protecting the company’s assets, and also the personal information of their customers, clients, [and employees].”

For businesses just adopting cybersecurity best practices, Kaiser mentions starting with password reminders, policies that fit the size of your organization, and creating a conversation.

“[You can start with] getting people together in a conference room and talking about cybersecurity and what they need to do, and what your policies are,” he said.

If you are part of a large organization, invest time into policies and employee trainings around phishing emails and “Bring Your Own Device” best practices. Revisit the conversation often.

“It has to be reinforced,” Kaiser said. “It can’t be a one and done kind of thing. It has to really be periodic. … Reminding people of the value of the information that an organization holds and the responsibility they have to protect it. When people give you their information, they expect you to protect it.”

It’s important to empower coworkers to protect data. Set rules and responsibilities, and let employees know they are being entrusted with the data of consumers and other employees.

Leadership should also have cybersecurity procedures in place, should a breach occur.

“At the end of the day, cybersecurity is about resistance but it’s also about resilience,” Kaiser said. “It’s about how fast you can come back if you are attacked.”

Listen to the entire episode here: And let us know your feedback on our Firewall Chats Twitter and Facebook.

Save the Date: Our next episode will air on Tuesday, April 26, and will explore medical identity theft.

Mobile Security Infestation: Protecting Yourself and Your Mobile Device

By | July 28th, 2014|Uncategorized|

MobileInfestationThis guest blog post comes to you from Ivan Serrano, a technology, business and social media writer and infographic specialist from San Jose, California. In his free time, Ivan loves marveling at the wonders of modern technology and gets wound up in his photography in San Francisco.

We’re all aware of the dangers of hackers when delving into the depths of the Internet on our computers, but as the ever-expanding mobile community also dives deeper into the Internet, we have to worry about the health of our mobile devices as well. The problem with this mobile infestation is that, along with mobile Internet connectivity, it is relatively new. Most people are still under the illusion that nothing bad can happen to a phone other than physically damaging it, and it’s not their fault; no one really knows what to look for.

Third party app stores can contain malicious apps, unsecured WiFi hotspots can lead to identity theft, and in BYOD businesses, the devices are often insecure. With more businesses and individuals relying on mobile phones to store data and do business, this poses quite a large security problem. Thankfully, these security breaches haven’t gone unnoticed. There are numerous ways to keep your mobile device secure, and more are being developed all the time.

What’s out there and how can we deal with it? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Your Small Business is Big Business for Cybercriminals

By | June 3rd, 2014|Uncategorized|

public wifiThis post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

This cyberSAFE guest blog post comes to you from Kent Lawson, founder and CEO of Private Communications Corporation and creator of its flagship software PRIVATE WiFi. In 2010, after 12 years of retirement, Kent became interested in Internet privacy and security issues and the vulnerability of wireless communications in WiFi hotspots. He created Private Communications Corporation to protect consumers and corporations from privacy and security breaches on the Internet. PRIVATE WiFi, the company’s first product, protects individuals and business people while using laptops and other mobile devices at public WiFi hotspots.

Do you think your business is too small to have data that’s valuable to hackers? If that’s the case, you may be unknowingly exposing it to cyber threats that could spell disaster for your business. A whopping 42 percent of SMBs said they experienced a cyber attack within the past year, according to the 2013 Risk of an Uncertain Security Strategy study by the Ponemon Institute. Yet, despite that hair-raising statistic, 58 percent of the SMBs surveyed said senior management doesn’t consider cyber attacks a significant risk to their organizations. How’s that for denial?

It’s not surprising that cyber security complacency continues to make SMBs prime targets for cybercrime. Small and midsize businesses are lagging behind in their cyber security efforts, according to Symantec’s Internet Security Threat Report 2014. As a result, SMBs experienced the highest number of targeted attacks overall last year, nearly double the number from 2012. Even worse, those attacks lasted longer than ever.

Granted, it’s hardly a level playing field when it comes to SMBs and cyber security. Smaller businesses may not have a full-time IT staff like larger companies. They might not have a company network or maintain a corporate VPN. To control costs and improve productivity, SMBs may allow employees to use their personal mobile devices for work. But without a strong BYOD policy, the blurred line between personal and professional time opens the door to compromising company data.

SMBs and Mobile Devices: Who’s Minding the Store at WiFi Hotspots?

Nowhere is that security vulnerability more obvious than when employees connect to public WiFi hotspots. Since most WiFi hotspots aren’t encrypted, the data traveling them can literally be grabbed out of thin air. As a result, data theft is rampant. But that threat hasn’t stopped workers from routinely logging into hotspots. A 2013 survey by GFI Software revealed that over 95% of workers admitted using public WiFi connections at least once a week during their commutes to carry out work-related tasks, such as sending and receiving email, reviewing and editing documents and accessing company servers. More than one-third (34.2 percent) reported that they accessed public WiFi at least 20 times per week.

Think of it this way: Every time an employee accesses company information on a WiFi hotspot, the likelihood that your business will be the victim of a cyber attack goes up. For many SMBs, that risk isn’t hypothetical. More than 40 percent of small businesses report that they have been victims of a cyber attack that cost them thousands of dollars, according to a 2013 survey conducted by the National Small Business Association. Have you considered how much a cyber attack could cost your business? For many, the cost was too high: 72 percent of small businesses that suffered a major data loss shut down within 24 months. Make sure it doesn’t happen to you.

These are the simple steps you can take to protect every mobile device that touches your business.

How SMBs Can Secure the Mobile Workplace

  • Make sure to install firewall and anti-malware apps on all mobile devices used for your business, and promptly install app and OS updates.
  • Use strong passwords of upper and lower case letters, numbers and symbols and different passwords for each site. And uncheck the box that automatically saves them.
  • Check before connecting to hotspots with strange names. Watch out for unusual variations in the logo or name of the establishment that appears on the login-page. That could mean it’s a fake hotspot designed to steal your data.
  • Disable features that automatically connect your device to any available network. This will prevent you and your employees from accidentally connecting to a fake WiFi hotspot or a stranger’s computer.
  • Disable printer and file sharing options before connecting to a hotspot.
  • Limit your employees’ access to company data to include only what they must have to do their jobs. Also, make sure all the mobile devices used to conduct business – laptops, smartphones, and tablets – are protected by a VPN. VPNs like PRIVATE WiFi encrypt the data traveling to and from your mobile devices, which makes it invisible to hackers.

News Recap: 2014 Security Predictions Roundup

By | December 5th, 2013|Uncategorized|

predictions picAs 2013 quickly comes to a close, the security industry has begun making predictions for coming threats and trends for 2014. Here’s a collection of five recurring 2014 security predictions.

1. BYOD will continue to grow – and cause risks – in the workplace

More and more businesses are adopting “bring your own device” (BYOD) practices and will continue to do so next year. Entrepreneur reporter Mikal E. Belicove found that 60 percent of businesses employ a BYOD strategy because “the efficiencies offered by a mobile work force are too great to pass up, and moving the cost of access to the employee is too juicy a cost savings to ignore.” What are the threats associated with a growing BYOD workforce? According to Help Net Security, the potential risks stem from “both internal and external threats including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications.”

2. Internet of Things moves from buzzword to security matter

ZDNet coins the Internet of Things (IoT) as 2013’s favorite buzz-phrase and believes that 2014 will be a time to evaluate how security plays into the IoT: “If 2013 was the year that the idea of the IoT (and many practical applications) went mainstream, then 2014 is likely to be the year when the security implications of equipping all manner of ‘things’ — from domestic refrigerators to key components of critical national infrastructure — with sensors and internet connections begin to hit home.” To circumvent security disasters from occurring amidst the IoT, Help Net Security suggests that the companies making the “things” should “continue to build security through communication and interoperability” and by “adopting a realistic, broad-based, collaborative approach to cyber security” with government departments and security professionals.

3. Hackers will want to destroy data, not collect it

In the past, cyber criminals have wanted to access information for profit, but over the course of 2013 a shift occurred. The 2013 IBM Cyber Security Intelligence Index report found a rise in the number of sabotage cases versus espionage. The reason? Because vulnerabilities within organizations often leave attackers with opportunities to cause damage. InformationWeek says “in 2014, organizations need to be concerned about nation-states and cybercriminals using a breach to destroy data.” Additionally, InformationWeek noted that ransomware will begin affecting small and medium sized businesses.

4. Cyber criminals will use social networks to infiltrate businesses

Social networking continues to expand into the business sector. This being the case, attackers will prey on businesses using social networks and high-level executives participating in business networking sites like LinkedIn to compromise organizations and gather intelligence, InformationWeek says. ZDNet, too, notes that social networking will be increasingly used in 2014 to “lure executives and compromise organizations via professional social networks.”

5. Attackers will look to the cloud for valuable data

Like the IoT, 2013 was an influential year for the cloud industry, but as more businesses continue to adopt cloud technology, hackers have and will continue to find ways to exploit cloud-stored data. To protect against cloud cybercrime, senior consultant at Windstream Kent Landry predicted in Help Net Security that “cloud providers will need to be certified in cyber security standards like NIST, PCI DSS compliance, STAR certifications, and other industry checkpoints. The security industry will flourish as organizations increase investment in protecting both their data and their customers with more advanced prevention software and training.”

What are your security predictions for 2014? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Studies Show that Gen Y May Break Restrictive BYOD Policies

By | November 1st, 2013|Uncategorized|

blog 10.31.13Fortinet recently surveyed 3,200 “Gen Y” employees ages 21 to 32 about device policies at work, and found that many are willing to break work policies when it comes to accessing personal devices or storing sensitive data on personal cloud storage. Respondents were surveyed on several topics, including the use of mobile devices at work, personal cloud storage habits and security attacks on personal devices.

When asked about banning the use of personal devices at work, 51 percent of respondents were “prepared to contravene any policy banning the use of personal device at work or for work purposes,” Tim Wilson reports in Dark Reading. On the topic of secure cloud storage, respondents claimed they used cloud accounts for both personal and work use. eWeek reporter Nathan Eddy said that “89 percent of respondents had a personal account for at least one cloud storage service with DropBox.” Of the people with personal accounts, Eddy reports, seventy admit to using their accounts for work purposes, and of this group:

  • 12 percent store work passwords using these accounts
  • 16 percent store financial information
  • 22 percent store critical private documents such as contracts/business plans
  • 1/3 store customer data

John Maddison, vice president of marketing for Fortinet thought some of the findings were alarming. “It’s worrying to see policy contravention so high and so sharply on the rise, as well as the high instances of Generation Y users being victims of cyber-crime,” Maddison said in Dark Reading. “On the positive side, however, 88 percent of the respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization’s IT security.”

How can businesses work with Gen. Y employees to ensure they are practicing safe habits, without restricting personal use of devices/cloud services? What are some best practices for BYOD policies? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Ponemon Finds Companies Doing Little to Protect Regulated Data on Mobile Devices

By | June 28th, 2013|Uncategorized|

byod_fbThe Ponemon Institute released this week “The Risk of Regulated Data on Mobile Devices,” a study that focuses on the risks associated with employee access to regulated data, including health and financial information, through a company or personal mobile device. The report revealed nearly half of IT professionals cannot determine whether their companies are yielding to laws protecting data stored on mobile devices.

According to SC Magazine, “only 12 percent of practitioners said their organizations were in “substantial” compliance with laws that protect regulated mobile data, while 17 percent said they weren’t in compliance with applicable laws and regulations at all.” Additionally, 40 percent are not sure if they are compliant with these laws.

“Regulated data isn’t subject to a lower standard of protection just because it ends up on a mobile device,” said Ryan Kalember, chief product officer at WatchDox. “This study clearly shows that IT departments must understand the risks and be more proactive to accommodate mobile productivity while still protecting the organization’s data.”

The survey showed that most (69%) IT professionals surveyed understand the security risks associated with mobile devices, but 59% allow employees to use their own devices at work. “This is also known as the bring your own device phenomenon, a related issue that is also quite painful in the enterprise,” reported CMS.

To help with data security on mobile devices, the Ponemon Institute recommends “organizations create awareness about regulated data on mobile devices to the effect that it be treated just like any other sensitive information,” reported CMS. “An inventory of protected data should be taken so the risks are more known, and organizations should consider using technology like mobile device management, mobile DRM and mobile application management to specifically address data risk.”

Is your business in compliance with laws protecting data stored on mobile devices? How can you enforce a healthy BYOD policy with employees? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Industry News Recap: BYOD Security a Major Concern for Small Businesses, Hospitals

By | May 9th, 2013|Uncategorized|

byodIn the 2013 BYOD and Mobility Security Report, 70% of respondents cited security as the top criteria for success when implementing bring-your-own-device (BYOD) programs. The report, sponsored by Lumension Security, interviewed 1,650 information security professionals around the world, the majority of which represent organizations between 10 and 99 employees.

Nathan Eddy of eWeek reported that security as a measure of success even outranked employee productivity. “Respondents fear a loss of company or client data, unauthorized access and malware infections, and many say they lack the resources necessary to address these security concerns,” he said.

The report also revealed that, “mandatory use of encryption was cited as a risk-control measure for mobile devices by 40 percent of respondents.”

In similar news, HIMSS Analytics recently conducted a focus group of seven senior health IT executives. They claimed that data security concerns, especially those related to BYOD policies, are among their top challenges.

Ken Terry of InformationWeek reported, “Although the focus group was small, what the participants said reflected the IT infrastructure priorities of the industry, as represented in a recent survey by the Health Information Management and Systems Society (HIMSS), according to a report on the focus group.” According to Ken, participants pointed out that the proliferation of personal devices in hospitals leads to insecure data exchanges. He says, “Providers tend to find workarounds that can jeopardize data security.”

As an employee, executive or business owner, how do you feel about BYOD policies? What security practices does your organization have in place, if any? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Load More Posts