Securing Your Desktop Computers

May 22, 2014 by Leave a Comment

Perhaps you were aware that support for your business computers using the Windows XP operating system was being discontinued as of April 8, 2014, maybe not.   Were you able to compile an inventory of the Windows XP machines in use at your business or in virtual home offices of your employees and upgrade them?  Why as a business owner, office manager, or IT support person should you care and be motivated to come up with a plan if you have yet to?

Your business is vulnerable.  According to global security solutions provider Symantec, over 30% of targeted spear phishing attacks during 2013 were aimed at companies with less than 250 employees.  End of life support by Microsoft for the Windows XP operating system eliminates critical support updates that help ensure the security and reliability of the operating system as well as on-line technical information updates that help techies resolve issues when PCs have problems.  If you think that your virus software will protect your XP computers, you are mistaken.

Cyber criminals target organizations to steal and or store stolen information.  Small businesses are targets since stealth attacks or the storage of stolen information can persist for long periods of time without detection.  Targeted attacks result in malware being planted within an unsuspecting company that then provides hackers access to the target company’s computers.

As a business, you may have both legal and regulatory compliance issues, if you process credit cards and or store personal and private information such as social security numbers, driver’s license numbers, bank and credit/debit card numbers, healthcare records, etc.  Even if you don’t have such information, the loss or compromise of your company intellectual property and bank accounts, client data, and other sensitive information can lead to significant reputational harm, financial losses, and legal problems.

In an article published earlier this year titled “Why Your Small Business Is at Risk of a Hack Attack” Entrepreneur provides an overview of what is happening with the world of cyber crime.  This is a quick worthwhile read if you want to learn more of how and why your business may be a target.

Network Management Solutions has been helping companies address business driven technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

You may contact NMS to schedule a free one-hour no obligation consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best address your issues through NMS or another provider.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.

 

Filed Under: News Tagged With: , , , , ,

Keeping Corporate Information Safe

June 20, 2012 by Leave a Comment

There is much in the news about data breaches, information hacks, and data loss.  Such events when publicized can lead to a loss of reputation, brand damage, legal actions, and other undesirable outcomes.  Loss of data can also mean a loss of competitive advantage, damaged infrastructure, and monetary losses, regardless of the size and scope of the business.  If your intellectual property is important to your business it is important to others also.  This can include insiders who may profit from your vulnerabilities while under your employ or become your competitors down the road.

Thefts and losses occur from a variety of sources including both intentional and non-intentional acts. The threat landscape is complex, pervasive, and difficult to manage and mitigate.   Even the largest of corporations face great challenges in keeping pace with the onslaught of new technology, growing threats, and ongoing criminal activity.   Most small to mid-sized businesses do little to address the issues believing they are under the radar and safe from harm.  Unfortunately this is not the case.  So what are the answers?

As with any event that is difficult to control or predict, it is best to be prepared.  Preparations start with being well organized in all facets of the business operation, technology management, ongoing oversight, and the ability to respond precisely to a threat or compromise.  Ad hoc planning and response will not cut it as you are most likely to miss the early warning signs and destroy key information in your response.

Books have been written, courses taught, standards developed, degrees obtained, with professions and lives dedicated to being prepared. This is a complex mission and far beyond the scope of this article, however some food for thought follows.

What do the technology platforms look like in your business?  How are devices deployed?  Are there approved apps, devices,networks, deployment standards, acceptable use policies, ongoing training? If BYOD is part of  your business platform, do you allow devices that are jailbroken, run unapproved apps, and how do you monitor for data leakage?

What does normal traffic look like on your network?  Where does legitimate remote traffic originate from? What times are remote users accessing your networks and computing systems?  How do you detect anomalous behavior?

Building secure, standardized, stable infrastructure and understanding what normal activity looks like is critical in benchmarking security.  Additionally the ongoing monitoring and management of network access, traffic and transactional flows, and the monitoring of key applications are critical in the ongoing day-to-day management of the availability, performance and security of the information technology infrastructure.

Network Management Solutions provides robust design and management services that are a critical component in keeping corporate information safe.

For further information please visit us as www.nmscorp.com or contact us.

Filed Under: News Tagged With: , , ,

Bring Your Own Device – App Crazy

April 3, 2012 by Leave a Comment

Information loss happens in a variety of ways.

This can be through cyber theft, unintentional action exposing sensitive data, loss of a device, and a host of other ways.  Many organizations find it hard to consider that there is sensitive information within the company that is of value to others and beyond that perhaps targeted by outsiders and or insiders.

Since the organization rarely considers its “information assets” there is no strategy in place to monitor and mange the exchange of company information.  Not until such time that there is a crisis do many organizations stop and think, “how did this happen”?

The growing acceptance of a “bring your own device to work” is increasing organizational susceptibility to information loss.  iPads, iPhones, Androids, all are welcome.   Compounding the issue is allowing the end user of the device to install whatever apps they might choose.  All apps are not created the same nor appear to be what they are at all times.

Malicious applications, improperly coded apps that contain vulnerabilities, and applications granted permissions on install to sensitive data stores by unknowable users, are all considerable avenues for data loss.

When data losses occur how does the organization know?  If a personal device is lost that contains sensitive information, how is the organization notified?  Are they?  How is the data secured, retrieved, or wiped?

Its too late when business owners face ex-employess who become competitors, or sensitive communications wind up in the hands of competitors, or data losses lead to legal and or PR nightmares.

Clearly any organization that moves forward with BYOD or any mobile strategy without a clear cut plan that is supported by the necessary tools, process and procedures is broadening its potential for data loss.

Bring your own device to work, install your own apps, that’s crazy!

 

 

Filed Under: News Tagged With: , , , , ,

Failed Security of Smartphones in the Workplace

December 15, 2011 by Leave a Comment

Smartphones have become prevalent in the workplace both as personal use and business devices. These two functions are distinctly different uses, or should be, and we need to remember that. While I am not advocating that companies establish policies against workers bringing personal use devices into the workplace, many businesses have embraced this, I am strongly suggesting that personal use devices remain just that, personal use devices.

Many companies have stepped across the line and permit personal use devices to become part of the company network. In doing so company information is transmitted and stored on personal devices.  The risks in allowing personal use devices for company business are numerous and potential negative consequences abound  with respect to company communications, intellectual property, regulatory or legal matters, and otherwise.

It is critical that sound information assurance principles are applied to mobile devices and mobile workforce solutions.  It is critical that the organization be able to protect and retrieve its information assets in the case of a lost cell phone, rogue employee, employee termination or otherwise.

While the App Stores for IPhones, Androids, and Blackberrys may seem harmless they pose significant risk to information that is stored and transmitted including sensitive business communications and assets. With personal use devices the owner controls the security, installed application and the permissions to locally stored data including address books, files, email, text messages, and other data.  Additional concerns exist in what application might be vulnerable to hack attacks.

Keep your company data safe, establish the polices understanding what is at risk, and own the device.  For more information contact Network Management Solutions.  Remote managed services, information assurance, systems integration.

Filed Under: News Tagged With: , , ,