Cybersecurity Isn’t Generational: Why Millennials May Not Be the Tech Hope of the Future

Of all the assumptions made and beliefs held about millennials, one of the most common is that they’re uniquely tech-savvy. After all, this is the first generation to grow up being exposed first to the advent of computers and the Internet, and now to smartphones, tablets and always-on connectivity. So it’s no surprise that governments have been banking on these digital natives, who practically eat, sleep and breathe technology, to become their cybersecurity saviors. Who better than the first 24/7 tech generation to demonstrate a keen understanding of the current threat landscape and the technical skills necessary to implement the best defense-in-depth measures to counter those threats? Unfortunately, that may be little more than a pipedream, if a new survey is any indication. That report, “Securing our Future: Closing the Cybersecurity Talent Gap,” released by the National Cyber Security Alliance and Raytheon, identified a significant cybersecurity awareness gap among millennials worldwide – specifically, respondents between the ages of 18 and 26, hailing from countries like the U.S., U.K., Germany, France and Japan. Despite the presumption that millennials would be naturally more predisposed to grasping and deploying best practices for cybersecurity, as well as pursuing cyber careers to do so, many of them sound alarmingly out of touch. Here are just a few of that survey’s findings: Close to 80 percent had neither spoken with a cybersecurity professional before or weren’t sure if they had done so 69 percent felt that their high school computer classes hadn’t prepared them for a cyber career 67 percent said they hadn’t heard about any cyberattacks in the news over the past year Two-thirds... read more

Open Haus: Central Management [VIDEO]

By any measure, cyber threats against businesses are escalating in both volume and diversity, as the attackers executing these schemes have become more sophisticated and adept at exploiting vulnerabilities in corporate networks and endpoints. But despite this wave of new threats, the top foe of network administrators is actually a familiar one – employees themselves. An unaware employee, a vulnerable endpoint and some human error, precipitated by relentless social engineering, is exactly what opportunistic hackers hope for, and this combination can be more dangerous than any external threat alone. Remember, social engineering was effective against the director of the CIA, who was duped by relatively basic techniques, so why wouldn’t it work against unassuming employees? For network administrators, the key to reducing the impact of human error is to implement remote access technology that stops the spread of a breach before it can dramatically affect the rest of the network. To gain that additional control and visibility, network administrators turn to centrally managed VPNs. How It Works In today’s BYOD workplace environments, where employees are constantly introducing new mobile devices and operating systems, IT administrators must enable remote access and support an assortment of different endpoints. Centrally managed VPNs make this possible, while remaining cost-effective and enhancing employee productivity. Central management is a core feature of the NCP Secure Enterprise Management. Sitting right in the hub of our remote access VPN solution, the central management function streamlines management of remote access security, making it more likely that the network administrator is able to prevent sensitive corporate data from being exposed, whether unknowingly by employees or by malicious hackers. With... read more

What’s in a Name? The ABCs of Mobile Device Management

BYOD? CYOD? Given the slew of acronyms flying around mobile device management (which, of course, goes by the acronym “MDM”), you’d be forgiven for losing track of what some of these actually stand for, much less the concepts they represent. As offices increasingly embrace digital technology and enable more employees to work remotely, mobile devices like phones and tablets, not to mention laptops, have increasingly phased out the traditional desktop computer. But this paradigm shift is also opening a lot of sore spots and potential security vulnerabilities around corporate data– after all, it may be more convenient for employees to be able to send work emails from their personal phones, but what kind of liability does that create for the company when their sensitive material is stored in an employee’s private cloud storage? This raises further questions about where exactly a company should expect to draw the line between personal and business use on a mobile device. The business should allow a certain degree of convenience for the employee using their device, but at the same time, it’s important to ensure there are adequate security protocols in place. To that end, it’s worth dissecting just what exactly your MDM options are: BYOD: Under a Bring-Your-Own-Device policy, employees use their own personal phones or tablets for business purposes. This policy provides the greatest flexibility to employees in terms of familiarity – it’s their own phone, after all – but it also raises some privacy concerns, for both the company and the user. In fact, 57 percent of employees polled in a Bitglass survey said they opted out of their company’s... read more

As the Dust Settles: The Value of Secure Remote Access in the Hours After a Cyberattack

The first 24 hours after a cyberattack are chaotic. The investigations and conclusions will come far down the road, but in the immediate aftermath of an attack, the entire organization is in reaction mode. The public relations team will update media members hungry for additional details. If an attack affects an organization’s own employees, the human resources department will issue alerts internally. The legal team will remain on standby to ensure regulatory requirements are met, offer counsel and guide the organization through the first few days of what is likely to be a process lasting many years. For the IT department, meanwhile, those first few hours are all about containment – discovering the origin of an attack, isolating or stopping its harmful effects, and securing IT systems to assure continuity. Yet, in many cases, victims of cyberattacks aren’t taking these critical first steps. According to a new survey by the SANS Institute, only 59 percent of organizations are able to contain attacks within 24 hours and more than half claim to be dissatisfied with the length of time it takes for them to contain and recover from an attack. Even the federal government doesn’t really have a perfectly coordinated strategy for responding to these events. As last summer’s hack of the Office of Personnel Management (OPM) showed, the government isn’t well equipped to react quickly to emerging threats and successful attacks, and individual agencies don’t always take ownership of a coordinated response. Fortunately, most businesses don’t have such a burden. Most are more agile than the government, and therefore better positioned to respond quickly, even if the findings of... read more

CIA Director’s Hacked Email Shows Need for Multi-Factor Authentication

There’s a certain irony to the way the U.S. government approaches encryption and data privacy for its citizens, while simultaneously falling victim to major data breaches itself through embarrassing security lapses. Up until recently, law enforcement agencies like the FBI had lobbied hard for companies like Apple and Google to be forced to program encryption “backdoors” into their services, like iMessage, so that they could listen in on the otherwise-blocked communications of suspected criminals or terrorists. Silicon Valley’s response (and what the White House eventually sided with) was that opening a “backdoor” for law enforcement is tantamount to ultimately opening a backdoor for anyone. The FBI and NSA counter-argued that they would be in control of the keys to those doors, and that user data would be safe with them. That was a hard argument for privacy advocates to accept then, and it’s even less likely to win over anyone now in light of a new data breach scandal. The Guardian recently reported that a pair of hackers managed to access the personal AOL email account of John Brennan, director of the CIA. Not only that, but the data that was compromised through the breach – which included the names, contact information, security clearances and Social Security numbers of around 20 CIA employees – was leaked and published to Twitter. While the contents of these emails were, in Fortune’s words, “mundane” and “peanuts as far as actual revelations and public interest is concerned,” the fact remains that a pair of reportedly teenage hackers managed to hack into the email account of the U.S. Director of Central Intelligence. The joke... read more

Google’s ‘Android for Work’ BYOD Solution Requires VPN

Although Bring Your Own Device (BYOD) is not hitting the front page on a weekly basis anymore, it is still relevant. The hype may be over, but enterprises are now working to find practical remote access solutions for managing the variety of mobile devices utilized by employees at home and at work. BYOD policies often classify mobile devices according to their operating systems. Thus, administrators have to work with one of the following: Apple iOS, Google Android, Windows and BlackBerry. With Android for Work, Google is helping enterprises that deploy Android devices by offering a mix of apps, technologies and designs to separate and control business and personal use on mobile devices. Google uses elements of Samsung KNOX, specifically, mobile device management (MDM) and containerization technology, to separate work from personal data and apps within the device, similar to what BlackBerry 10 has been providing for some time. Android for Work also includes an enterprise version of Google Play, allowing employees to install only those apps that have been authorized by the network administrator. Personal and business use is separated by users logging in through different profiles. Once an application has been designated as a business app by the network administrator, it is possible to control data traffic and access rights. This does not affect other applications, since business apps are in their own separate area. Google devices with Android 5 (Lollipop) already have Android for Work integrated. Older versions of the operating system can be upgraded by downloading the app, available through the Google Play Store. Android uses the multiuser support in Lollipop, standard encryption and SELinux security... read more

The Lessons of Cybersecurity Awareness Month and What to Expect in the Year Ahead

For 11 years now, the U.S. government has recognized October as Cybersecurity Awareness Month. While the original goal may have been to acknowledge the growing risks that cyberthreats pose to national security, it has – unfortunately – become all too clear in recent years that cybersecurity is an issue that affects not just government agencies, but anyone and everyone, regardless of industry. Consider how, in the last few years, claims of identity theft and tax fraud have skyrocketed, targeted data breaches at major companies – from big banks to retailers to healthcare providers – are compromising millions of records containing personally identifiable information (PII) and the IT departments responsible for safeguarding against these risks seem virtually powerless. And with businesses progressively moving their operations online – shifting email, files and other data into single-vendor cloud platforms like Microsoft Office 365 or Google Apps – these risks and their ripple effects will only continue to grow. As our lives become increasingly digital and interconnected, implementing proper cybersecurity and staying one step ahead of new threats will only become more important. To that end, and as Cybersecurity Awareness Month winds down, here are a few cyber risks you should put on your radar to protect yourself and your data in 2016: 1. BYOD Workplace Policies Bring Your Own Device (BYOD) policies may allow employees the freedom to use their own familiar phones, tablets or laptops for work purposes. But, it also presents a glaring security flaw when you consider that 43 percent of smartphone users in the U.S. don’t use any kind of password, PIN or pattern lock protection – let... read more

Plan, Install and Operate VPN Gateways in Accordance with the BSI’s Basic IT Security Manual

While the core focus of IT administrators may not be security, they are often tasked with looking after network security, leading them to sometimes feel overwhelmed. They might ask themselves: “How do I know where best to focus? How do I know if my approach is correct?” Fortunately, such questions can easily be answered. Have a look at the manual for basic IT security from the Federal Office for Information Security in Germany (BSI). It contains many answers to security questions that IT professionals may have, but unfortunately, not many are familiar with the almost 4,500 pages of information, covering almost all aspects of IT security. The beauty of the BSI manual is that it’s written fully independent of manufacturers and can be used in almost all system environments. Divided into building blocks, risks and approaches, the manual for basic IT security provides a well-organized introduction and a comprehensive explanation of how to handle IT security matters. German government agencies have to be certified through the BSI, and all other institutions and companies can also be certified. BSI standards are the basis for the certification, which is compatible with ISO 27001. The implementation is described in the BSI manual. If an expensive certification is not required, working with the manual for basic IT security makes sense because the manual is free of charge – the current version can be downloaded from the BSI website and an HTML version is also available. Also, the clear structure is a big plus. If companies lack adequate security planning and a holistic view of IT security, the BSI manual presents a standardized approach... read more

The BYOD Backlash: Enterprises Search for a New Mobile Device Management Standard

If corporate Bring-Your-Own-Device (BYOD) policies are intended to be an acceptable compromise between employees and employers, why do both parties seem to be so consistently displeased with them? Let’s focus on employers, since they have final say as to what devices are permitted to access the corporate network. According to a study by CompTIA, BYOD has reached a breaking point. Fifty-three percent of enterprises now tell CompTIA that they have banned BYOD – up from 34 percent just two years ago. With that many employers banning BYOD outright, other initiatives have started to fill the vacuum. Believe it or not, some employers are finding themselves reverting back to how they handled mobile device management (MDM) years ago, before the infiltration of consumer devices into the workplace – by issuing work devices to employees. But what about the conventional wisdom that employees generally balk at corporate mobile technology, which may facilitate more secure remote access, but offers them little choice? As the CompTIA report found, some employees are actually open to using devices provided by the employer, on one condition – “if it is the same thing they would choose on their own.” What this shows is that even though a majority of businesses have banned BYOD, there’s still an opening for IT departments to provide employees with some degree of choice and flexibility in the mobile devices they use. And this degree of control is not through the physical device, but through the operating system – or rather, systems – that run on the device. One Device, Two Systems A container or partition solution is a newer form of... read more

How a Remote Access VPN Extends the Reach of Your IT Staff

What do the federal government’s Office of Personnel Management (OPM), Ashley Madison and Target have in common? They may seem entirely unrelated on the surface, but each organization has been a target of a high-profile data breach within the last year. Each new cyberattack is more proof that the threat landscape has diversified, leaving no industry, system or organization immune to vulnerabilities. The landscape would suggest that, now more than ever, organizations need nimble network security systems, supported by a disciplined IT staff that can keep up with the shifting state of cybersecurity. Unfortunately, while the threat landscape has clearly expanded in recent years, the IT security industry has yet to catch up and adapt to the quick rate of change. Across the board, there is a clear security skills shortage that has left IT professionals and their organizations without the necessary talent that they now require. In fact, 44 percent of organizations say that they have an inadequate number of networking and security staff with strong knowledge of both security and networking technology. Looking beyond these numbers, the problem is not necessarily a lack of skills, but rather, many organizations do not have ample personnel to field growing IT requests and security needs within their companies. To overcome this shortage, many organizations are seeking technologies that can augment their IT departments, without requiring extensive management by IT staff. Companies need easy-to-use solutions that largely run on their own and can be managed seamlessly – whether they are preventing a network hack or data breach, or merely enabling a company to function on a daily basis. Let’s take a... read more

Open Haus: Graphical User Interface

Not long ago, the old aphorism “look but don’t touch” applied to computers and mobile devices. There were no touch screens, no tapping or pinching, no complicated gestures a user could issue with their fingertips. All that touching a screen would do was leave behind fingerprints. That all changed in 2007, when Apple brought touch screens into the mainstream with the first-generation iPhone, back then a first-of-its-kind touch-screen smartphone. Since then, keyboards have all but vanished from smartphones, and touch screens are now replacing or augmenting keyboards on larger devices. Global shipments of touch-screen displays are expected to double from 1.3 billion in 2012 to 2.8 billion in 2016. Already, touch-screen displays have moved from smartphones to tablets to, increasingly, desktops and laptops. Even as far back as 2013, one in 10 laptops were already equipped with a touch screen. Given this landscape, any program that runs on smartphones, tablets or computers now needs to be touch-screen compatible – that is to say, it requires a touch-screen compatible, graphically intuitive display that can also be scaled to whatever device the user has. Users demand this functionality, and users of NCP engineering’s remote access VPN clients now have access to just that for employees working on-the-go on a range of devices. How It Works Enhanced touch-screen compatibility is a core update to the latest version of the NCP Secure Clients that is intended to improve the user experience on touch-screen devices, such as Windows tablets and smartphones. Displays within NCP VPN clients are also intuitive and easy-to-use. Independent of the device or operating system, all remote access VPN clients provide... read more

How Far Does Your Cybersecurity Umbrella Extend?

Network administrators: No matter how impenetrable you think your network defenses are, there are always going to be remote access vulnerabilities that threaten the integrity of your walls. Often, it’s a threat that originates from outside the immediate range of your defenses, and it’s one you may not have any visibility into. Recently, these threats have started to originate from third-party partners – a company’s vendors, suppliers, agencies, firms and other outside service providers. These are often smaller companies with less sophisticated remote access defenses that, when they become a target of cyber crooks, provide a path for an attacker right into the heart of another company’s network. Target found this out the hard way, after its network was breached when attackers gained entry by acquiring network credentials though a third-party HVAC vendor. So did Lowe’s, after one of its vendors backed up customer data on an unsecure server and unknowingly exposed the information to the broader Internet. Goodwill, too, suffered a breach because of a vendor, this time a retail POS operator that acknowledged its managed service environment “may have experienced unauthorized access.” While it may seem odd for big-name companies to provide such privileged access to third parties and, in the process, put themselves in harm’s way – either deliberately or inadvertently – it’s actually quite a common situation. As Brian Krebs reported in the aftermath of the Target breach, large retailers often provide HVAC and energy vendors with privileged network access so they can alert retailers around-the-clock in the event something goes wrong in one of their buildings. As a source told Krebs, “Vendors need to... read more

Open Haus: Updated VPN Clients and Server

Of all the factors that would prevent an organization from launching a comprehensive remote access security strategy – limited budget, unfamiliarity with emerging threat vectors, lack of employee buy-in – the remote access tools themselves should not be the reason that a strategy has trouble gaining a foothold within an organization. The experience of using a remote access VPN needs to be an easy one – it should be straightforward for network administrators to centrally manage, and simple for users to deploy without interrupting their workflow. As Citrix’s Kurt Roemer recently told eWeek, “The industry needs to preconfigure for security and employ services that keep security settings optimal and balanced against user experience.” In the last month, NCP engineering has issued three product updates, all intended to improve remote access security for enterprises by enhancing administrator features and the end-user experience: NCP Secure Clients, Version 10.02 This update supports users of Windows 10, and is the first IPsec VPN Client compatible with Microsoft’s newest operating system. For users, Version 10.02 of the NCP Secure Entry Clients offers: Optimized Internet of Things (IoT) configuration Alerts when the preferred network is no longer available Improved user experience through a touchscreen-compatible interface The option to eliminate dual network connections Password- and PIN-free logon with machine certificates Meanwhile, administrators benefit from improved troubleshooting, through enhanced search log functionality, and immediate configuration updates. NCP Secure Client – Juniper Edition, Version 10.02 For users who access network connections through Juniper VPN gateways, Version 10.02 of the NCP Secure Client – Juniper Edition offers many of the same enhancements above, while providing seamless and secure remote... read more

Smaller Scale Is No Defense: Why SMBs Should Assume They’re Already Targets of Cyberattackers

You would be hard pressed to go a month without hearing about a new data breach or major cyberattack in the headlines. These incidents occur with such regularity nowadays that seemingly every industry has been affected – healthcare, education, retail and even amusement parks. There are variations across all these attacks, from the threat vectors themselves to the protections that may have faltered. But, the common thread is that these companies are generally big names with targets on their backs. This trend also tends to overshadow an even more worrisome one: data breaches occurring at small and medium-sized businesses. While SMBs may exist on a relatively small scale, they certainly don’t go unnoticed by hackers. The numbers actually show that three out of four attacks occur at businesses with fewer than 100 employees, and that each incident carries an average price tag of $20,752, according to the National Small Business Association (NSBA). The NSBA’s Jason Oxman elaborated further in comments to the Los Angeles Times last year: “We are absolutely facing an epidemic of attacks on our nation’s infrastructure and attempts to gain access to information. But smaller merchants tend to be easier and more attractive targets for cyber criminals.” This is because SMBs are less likely to be well-versed in security protocols and because they won’t get much attention from the media, thereby allowing the attacks to continue under relative quiet. Compared to enterprises, SMBs may also lack the resources to detect and respond quickly to attacks. The fallout can result in broken websites, bad customer reviews and narrower profit margins – all consequences that can completely devastate... read more

Seamless Roaming or Always On: The Remote Access VPN Feature Digital Nomads May Be Missing

In remote working environments, the Digital Nomad isn’t tied to a desk or cubicle, but he has close relationships with his coworkers. The Digital Nomad works exclusively from mobile devices that connect wirelessly to the Internet, and she’s still able to finish all her tasks on time. For now, these workers are generally the exception to the rule, but that may not be the case for much longer. One-third of business leaders anticipate that by 2020, more than half of their full-time workforce will be working remotely. It’s not difficult to see why remote work is so popular. Today, Digital Nomads can be more nomadic than ever, setting up new mobile “offices” wherever there’s a network connection. They don’t even need a hard surface to put their device on or an outlet to plug into. But, what they do need for security purposes is a remote access VPN to enable a secure connection back to the corporate network. VPNs are reliable, but the problem is, network interruptions have long seemed inevitable. They get in the way and disrupt the user’s computing session. That’s when a VPN feature known as seamless roaming or always on comes into play, allowing a user to move between different networks without losing the connection. The Value of Seamless Roaming Whether you’re a finance executive fighting dead zones as you work on your laptop from a train, or a sales professional working from an airport across a spotty Wi-Fi connection, each time there’s a network disruption, the user has to manually restart the VPN connection to continue working. This is why seamless roaming is no... read more

NCP engineering Earns ‘Champion’ Rating in techconsult Report

This year, cyberattacks are expected to rain down at a rate of more than 117,000 per day, adding up to more than 42.8 million total incidents. As these attacks are launched and subsequently investigated, the root cause of many of them will turn out to be the result of employee action – basic human error – such as accidentally violating a remote access policy. With these figures in mind, the new report “Security Solution Vendors 2015,” conducted by German analyst firm techconsult, analyzes the entire network, data, storage and endpoint security landscape, while identifying top providers and solutions that are on the front lines protecting businesses from these 42.8 million attacks. The report bodes well for NCP engineering and our remote access VPN solutions. Techconsult found that NCP “dominates” the network security space, while highlighting how NCP’s Secure Enterprise Solution “win…clearly against the competition” from other VPN solution providers. This assessment is reflected by NCP’s presence in the “Champion” quadrant, comprising all security solution vendors, based on evaluations from the market and users, as well as experts. NCP also earns a “Champion” rating when only network security vendors – those with VPN, external firewalls and Unified Threat Management (UTM) solutions – are assessed. NCP is the top solution provider in this quadrant, and we stand out for our 100 percent user satisfaction rating. In the Virtual Private Network quadrant, NCP again earns top marks and a “Champion” rating, with the report noting, “NCP has been able to set itself above the rest with the experts’ evaluations based on its excellent solution assessment as well as its company-specific framework conditions.”... read more

How One Challenging Gig with My Band Prepared Me for a Career in Cybersecurity

Sometimes, connections between work and play appear when they’re least expected. You wouldn’t expect, for example, a guitar-shredding metal-head to carry over much from his time on stage to his career in cybersecurity, but that’s exactly what happened to Julian Weinberger, CISSP and Director of Systems Engineering for NCP engineering. Julian isn’t performing in the U.S. anymore, but during his time in Germany, one gig in particular brought so many challenges that he still thinks about it today. We sat down with Julian to discuss what happened that night. What specific event involving your band has taught you the most about working in security and business continuity? A few years ago, after hustling to line up free gigs, I landed my first paid performance. Unfortunately, I ran into myriad unanticipated issues: a string on my first guitar broke, my backup guitar didn’t work, my cable made weird noises, and, as if that wasn’t enough, my in-ear system stopped working. Although none of these issues were my fault, they wreaked havoc on the gig – and when you’re hired to entertain, you risk not being paid if you’re unable to deliver, regardless of the circumstances. It’s similar with enterprise network security. If things break — and they will — you need to be prepared with a plan to fix it. So how did you respond on stage? And what did that teach you about security? When performing on stage, technical difficulties must be fixed within seconds, and it’s the same case with security. For instance, if your microphone cuts out – or worse, your organization is faced with security issues... read more

Open Haus: Automatic Hotspot Logon

If you were a hacker targeting a network, which would be most appealing – a network contained in a residential building, an office or corporate facility, or a public place? The information contained on the network of a residential building probably wouldn’t be particularly valuable, and it would also be well-protected. You’d face even more security if trying to attack a corporate network, so that probably wouldn’t be your best option either. You’d probably target a public network – one in an airport, coffee shop or hotel – over which users dealing with sensitive information would try to connect, perhaps without having the same security protections they would have if they were in their home or office. Public networks can be vulnerable, and they do make popular targets. Consider all the possible threats – from snooping and evil twin schemes to narrowband jamming and replay attacks – hackers can deploy against these networks. It’s also important to consider that there are now many more public hotspots than there were even a few years ago – global Wi-Fi hotspots are expected to triple from 1.3 million in 2011 to 5.8 million this year. For business users in particular, hotspot connections are ideal for when they’re at day-long events (when using mobile data on their phone or tablet would quickly drain their battery) or when they travel abroad (to avoid costly roaming fees). For these users, and for anyone else who relies on hotspots for secure remote access, NCP engineering has integrated Automatic Hotspot Logon into its NCP Secure Client. How It Works A safeguard protecting the end device against attack... read more

OPM Breach Shows Need for ‘Nimble’ Government Network Security

No matter how you look at it, the Office of Personnel Management (OPM) is on the hook for revealing the records of millions of Americans. The only question is how many millions. If you believe the agency’s own report, then it’s 4 million. Four million current, former and prospective government employees whose personal information became public following a cyberattack conducted throughout the early part of this year. The numbers are even worse if the reports from the Associated Press, Bloomberg and other prominent news sources are accurate. They claim the number of victims is closer to 14 million. Although the OPM investigation is still ongoing, the federal government has already begun the task of investigating and explaining the attack. As White House Press Secretary Josh Earnest told reporters last week: “Protecting the computer networks of the federal government is a daunting challenge. It does require the federal government to be nimble, something that’s difficult when you’re talking about an organization that’s this large.” Earnest is right. When you’re talking about the federal government as one body, it’s difficult to imagine it being fleet-of-foot and responding effectively to new and emerging cyberthreats. On a smaller scale, though, there are plenty of government agencies, at all levels, that are getting the job done locally, and taking proactive steps that should prevent them from becoming the next OPM. Let’s look at one government agency in Iowa that’s upgraded its remote access and, in the process, is protecting its network. Read Case Study Lessons from the Heartland Iowa Vocational Rehabilitation Services (IVRS) is a state agency, headquartered in Des Moines, that partners with... read more

[WEBINAR] Two-Factor Authentication for Tighter VPN Security

If you think that passwords for online profiles are effective at preventing security breaches, consider these two new statistics: The average person has 19 passwords Four in five people say they forget their passwords To counter password forgetfulness, users often take steps that leave network administrators cringing. They may duplicate one password over multiple accounts. They could use birthdays or other numbers that can be easily guessed. Or they might write them down, sometimes in plain sight. Actions like these make it that much easier for attackers to successfully breach a network, and indeed, many recent breaches share a common origin – an employee’s password that was copied, discovered or given away. To counter this wave of password theft, an avalanche of popular sites and apps, including Google, Amazon, Facebook and now even Snapchat, have replaced one-dimensional passwords with a form of user login credentials that help better protect sensitive information. Download Whitepaper Enter two-factor authentication. This approach combines two (or more) methods of credentials authentication to establish the unambiguous identification of each user, including: Something Users Know: Password, PIN, one-time password (OTP), certificate Something Users Have: Token or calculator (with OTP), soft token, text message (with OTP), machine/hardware certificate, smartcard, trusted platform module (TPM) Something Users Are: Fingerprint, face recognition, iris recognition, keystroke dynamics Network administrators have all these options at their disposal, and the idea is to pick at least one form of authentication from two of the lists. An administrator may even pick a factor from all three lists, or combine multiple items from each. With this additional protection, users gain the convenience of anywhere-anytime access without... read more

NCP Channel Alliance Partner Program Takes Center Stage at Channel Link 2015

Given that three in four executives now say Bring-Your-Own-Device (BYOD) initiatives pose the greatest security risk to their companies, it shouldn’t be surprising that companies have tasked their IT departments with finding effective ways to guarantee secure remote access for users. Often, this means network administrators have to identify partner vendors that can provide secure remote access solutions, including VPNs. Here at NCP engineering, we’ve heard enough customer success stories to know that our NCP Secure Entry Clients are the centerpiece around which any remote access infrastructure should be built. That’s why we’re proud to be attending Tech Data’s Channel Link 2015, June 17-20, in Dallas, where we’ll be sharing information about our Channel Alliance Partner Program. The program, which has been in place since 2009, now includes 42 North American partners – 14 of which are new – that are able to access services from NCP, including business transformation training, advice on how to better incorporate cloud solutions into their current offerings, and training to simplify hosting and managed services concepts. NCP’s appearance at Channel Link comes just a few months after we reached a distribution agreement with Tech Data, one of the world’s largest wholesale distributors of technology products. Through the agreement, NCP is better able to meet demand from North American service providers in the channel for secure remote access. Specifically, end users are able to tap into our market-leading remote access VPN client, equipped with one-click logon, a fast connection, and always-on reliability. Together, the Channel Alliance Partner Program that we’ll be featuring at Channel Link, along with the Tech Data agreement, showcase NCP’s ability... read more

Two’s (or More) Company: How to Use Two-Factor Authentication the Right Way

These days, you need a password to access every aspect of your digital life, and we all know how problematic that can be. You can either come up with a unique (albeit difficult-to-remember) password for every website, or use easy passwords, or even duplicates, that leave your accounts insecure. Fortunately, many prominent websites today – Dropbox, Google, Apple, Facebook and PayPal – all support a security approach known as two-factor or multi-factor authentication. And it’s easy to see why. This process enhances security by adding another step (or more) to the user verification process, making even risky passwords much stronger. That’s because in addition to the factor that a user knows (a password), every login attempt requires the user to supply a factor he or she owns, such as a one-time access code or PIN sent to their mobile device via SMS text or email, and/or one that reflects who they are, like a fingerprint. Through this relatively simple extension of the traditional authentication scheme, a lost or stolen password becomes plain useless to a hacker. No successful login is possible without the additional factor or factors. If your security demands are higher than average, it’s also important to generate the second authentication code, or OTP, only when the user has already started the session and the first factor has been exchanged successfully. It might be simpler to implement and roll out tokens with pre-fabricated codes, but this kind of implementation is inherently easier to compromise, but is still almost impossible to break. As a rule, token solutions require a seed that contains the base data for generating the... read more

Why Outsourcing Remote Access Management Isn’t the Answer for SMBs

“How do you keep your data secure when you’re a data anchovy in a sea of hacker sharks?” When the Wall Street Journal’s John Bussey posed this question in 2011, the corporate network security landscape was drastically different. Employees weren’t using company-managed smartphones at a rate of 64 percent. Nine out of every 10 employees weren’t keeping sensitive business information on devices they use for both work and personal matters. Yet, even then, SMB network administrators were concerned about their security, and feeling like vulnerable little fish with bigger, more aggressive fish circling. So concerned, in fact, that according to Bussey, many were reluctant to outsource network security services to a managed service provider (MSP), even though these companies would have both the expertise and resources required to keep their networks safe. At the time, many SMBs thought that the “hard disk under the receptionist’s desk” strategy was more effective than handing over control to a third party, even though these MSPs could provide data encryption, threat mitigation and other critical security services. SMBs thought to themselves: “Yes, but what if the host isn’t entirely well-protected? Or what if a peer company within the shared environment was attacked? Or what if hackers prioritized these target-rich environments?” These were real concerns then, and they still are now. So, should network administrators consider tapping into MSPs for network security in our current environment? The core issue is a common one in network security – convenience vs. security. The Debate The convenience vs. security debate comes to how SMBs go about securing communications. On one hand, SMBs could opt for convenience and... read more

Open Haus: VPN Path Finder

Whenever Katelyn O’Shaughnessy checks into a hotel, room size isn’t anywhere near her top concern. As she told the Los Angeles Times in a story about the hotel preferences of Millennials, “You can put me in a closet; as long as there is Wi-Fi, I’ll be happy.” If you were to survey hotel users, you’d probably find many of them share O’Shaughnessy’s perspective. These days, if you’re traveling, whether for work or for business, Wi-Fi is a necessity. And it can’t just be any Wi-Fi. It needs to be high-speed, reliable Wi-Fi that facilitates secure remote access through any mobile device. Unfortunately for travelers, the reality is that many hotels – and other public places that provide network access through hotspots – restrict user access settings by blocking IPsec ports and only allowing Internet access to web browsers. This is a major constraint for road warriors trying to access their corporate networks remotely via a VPN, as they could find themselves unable to establish a connection. To overcome this obstacle, NCP engineering developed VPN Path Finder – a proprietary remote access technology that automatically establishes a connection wherever Internet access is possible, providing the user with anywhere, anytime connectivity. How It Works Path Finder – recently recognized with a patent – is a central feature of the NCP Secure Client Suite. With Path Finder, users achieve highly secure mobile computing in every remote access environment, even across unknown networks like those you might find in a hotel, café, or on a plane or train. Whenever a public network has a firewall setting that blocks native IPsec traffic, Path Finder... read more

NCP engineering and Tech Data Expand Secure Remote Access to SMB Market

In what’s being described by the president of the National Small Business Association (NSBA) as “a step in the right direction,” the U.S. Congress decided to take up legislation that would help the small business community better protect itself from network security threats. During a hearing by the House Small Business Committee last Wednesday, NSBA President Todd McCracken went on to say, “Any legislation should provide clear, simple steps for companies to follow when their data is breached.” This support is imperative, McCracken said, because more than half of U.S. small businesses now say they have been victims of a cyberattack. Given this rocky landscape, small businesses – which often have less sophisticated network defenses – need help. And now, NCP engineering is better able to meet North American SMB demand for secure remote access through a new distribution agreement with Tech Data, one of the world’s largest wholesale distributors of technology products. The agreement expands NCP’s North American partner network and offers Tech Data’s SMB solution providers NCP’s Secure Entry Clients through its Advanced Infrastructure Solutions (AIS) division. Tech Data’s ecosystem also includes major VPN gateway vendors, including Cisco, Check Point and WatchGuard, which complement NCP’s solutions well. For now, the go-to-market strategy initially targets SMBs through Tech Data’s network of resellers, and will evolve to include the enterprise market, as NCP engineering CEO Patrick Oliver Graf told ChannelBuzz. He said, “[Going] SMB would let Tech Data see revenue success very quickly, which is an important objective.” The agreement will help SMBs be more proactive in protecting their networks – an important step, given that the average cyberattack... read more

How to Resolve the BYOD Stand-Off between Employees and IT

“Try to please everyone, and you’ll end up pleasing no one.” This is one of those classic, ubiquitous statements that can apply to any number of situations. Take the Bring-Your-Own-Device (BYOD) trend. To the employees whose jobs are made easier and more convenient by BYOD, the appeal of these initiatives is obvious. That’s why demand for BYOD is expected to increase by 25 percent between 2014 and 2019, driven by the consumerization of IT and increased mobile data speeds that meet enterprise-acceptable levels. Yet, on the other side of the spectrum, are the IT departments tasked with enforcing BYOD security frameworks. The same things that employees see as beneficial about BYOD – convenience and freedom of choice – are exactly what make IT departments so fearful. The two groups are fundamentally at odds. Users want, and demand, access to a broad range of personal mobile devices in the workplace. They want to be able to safely access work files on their phones while on-the-go and work from their homes on their personal laptops. Meanwhile, IT departments are tasked with protecting network security at all costs, and that means they are the ones who have to say “no,” and who have to restrict the technology employees are permitted to use in the workplace. That’s how BYOD “pleases no one” – users are frustrated by what they perceive to be restrictions on free use, while IT feels like it’s constantly engaged in an uphill fight against employees who frequently, both purposely and unwittingly, violate best practices around secure remote access VPN and BYOD. It’s the classic case of unstoppable force (in... read more

Open Haus: Friendly Net Detection

The prevalence of remote work has climbed steadily over the last decade thanks to advances in technology and attitudes towards the practice. According to Global Workplace Analytics, teleworking has increased about 80 percent between 2005 and 2012. Still, only a few million Americans consider their home, or somewhere other than an office, to be their primary place of work. What’s holding remote work back? A lot of it is cultural, as well as logistical, but there are also lingering security concerns. Despite the convenience of the practice, accessing the corporate network remotely doesn’t carry with it quite the same guarantee that a user’s end-to-end connection to the network is entirely secure. That’s why NCP engineering’s Remote Access VPN solution is equipped with Friendly Net Detection (FND), a technology that automatically recognizes safe, friendly networks or unsafe, unfriendly networks, no matter where the user may be, thereby protecting end devices against Internet attacks via 3G/4G, Wi-Fi and LAN. How it Works FND is a component of all NCP Secure VPN Clients, and since the FND server is installed independent of the VPN gateway, it’s therefore agnostic to any particular operating system or third-party vendor gateway. Once installed, the FND client is configured within the VPN client’s firewall settings. The feature works by forcing the network to identify itself to the end user’s device, and then dynamically activating or deactivating the appropriate firewall rules and security mechanisms, depending on whether it’s a known/secure/friendly network or an unknown/insecure/unfriendly network. If the FND client is successful in its attempt to contact and authenticate the FND server, then it can confirm that the device... read more

IT Security? “Yes Please,” says Uncle Sam – But Offers No Tangible Help

When it comes to IT security, government agencies around the world are aware of the challenges and risks small and medium-sized enterprises (SMEs) face. So it only figures that they offer help, in the form of initiatives aimed specifically at SMEs. Germany has one of the most active administrations in this respect, as it finances or supports a whopping 21 initiatives. And while the U.S. government would do well to follow Germany’s lead and further IT security by offering numerous assistance programs to SMEs, unfortunately, a recent study from management consultancy Detecon International shows that most U.S. initiatives are focused on admonitory finger-wagging rather than hands-on help with implementation. Yet, hands-on help is exactly the type of assistance that would have the biggest impact on raising the security level of SMEs. Most German public initiatives prioritize awareness of the issue at the upper management level. However, only a small part of the surveyed initiatives – 35 percent – can be mapped to concrete measures within the Federal Office for Information Security (BSI) IT baseline protection catalogs. Furthermore, 36 of 56 assistance programs analyzed lack a concrete goal with achievable benchmarks for success. Instead, they focus on information security as a whole and therefore try to pursue many targets at once, with a shotgun, light-handed effect. Naturally, IT security has to be approached holistically. There is no use securing remote access for employees with a VPN when a company’s Wi-Fi network is open and therefore accessible from outside the enterprise. But because SMEs have usually only limited resources at their disposal, it is important to prioritize and focus on the... read more

Stay up to date

Subscribe for email updates

Connect With Us

Contributing Member

Want to contribute?

Want to contribute? Drop us a line at