A Look at BYOD in 2016

Happy 2016! It’s a new year, and a time for fresh resolutions to improve your life over the next 12 months, whether that involves running a marathon, getting a new job or taking that trip abroad you’ve been putting off. But for businesses, those New Year’s resolutions should be expressly focused on stronger security. With data breaches, email hacks and password thefts becoming more and more commonplace – and each cyberattack casting wider nets of victims – this is one resolution that can’t be allowed to fall through. This is especially true for organizations adopting BYOD and mobile-friendly policies. Just as developers have taken a “mobile first” approach to creating new apps – designing and optimizing apps from the ground up for mobile viewing and touchscreen interfaces – companies have begun taking the same approach to how their employees operate, whether it’s by allowing them to use their own personal devices in the workplace or utilizing either personal or company-owned devices while working remotely. As CIO.com points out, it’s important that this strategy pays special attention to security. Integrating more wireless and mobile devices into your company may make employees’ lives easier and more convenient, but it can open up serious potential security vulnerabilities if the proper precautions aren’t in place. A secure remote access VPN paired with cybersecurity policies like multi-factor authentication can help defend mobile communications – and protect the personal and corporate data that those communications send back and forth – from external threats. A New Year’s Resolution for Stronger Mobile Security As BNDA notes in its top 10 IT predictions for 2016, more than half...

IoT: Get Security Right The First Time

Let’s start building security into the Internet of Things now, before everything becomes connected — and hackable. The Internet of Things (IoT) is weaving itself into the fabric of everyday life, including smart grids, smart meters, connected cars, and devices for the home. Gartner reports there are more than 2.5 billion connected devices today, and by 2020, there will be more than 30 billion. While there’s excitement about IoT’s potential to create new business and boost productivity and convenience, the technology community can’t forget about security. If there’s one thing IT professionals know, it’s that if something is connected to the Internet, someone will try to hack it. Unfortunately, the technology industry has a long history of ignoring security in the rush to open new markets, and we may see it happen again with IoT. We’ve already witnessed instances of hackers exploiting security holes in smart TVs and baby monitors. In some cases, IoT may be able to use existing security technology, such as encryption. Encryption can be used to authenticate devices and, when used with VPNs, can safeguard sensitive data in transit. [All work and no play make the IoT boring. See Playing Games With The Internet Of Things.] Although VPNs are most often thought of as a technology to secure communications with corporate networks and the Internet, they can just as easily be implemented within devices to support machine-to-machine (M2M) communications and more innovative forms of connectivity. However, encryption also comes with its own drawbacks. Consider key management, for example. As billions of connected devices get rolled out, there is a looming logistical challenge to secure and manage encryption keys. A...

Stop the Bleeding: How Enterprises Can Address the Heartbleed Bug

By now, you’ve likely heard about the recently discovered Heartbleed bug. At its simplest, this bug allows cyber criminals to exploit a flaw in technology that encrypts sensitive information, making all types of communications sent over an “HTTPS” connection, including emails and online credit card payments, as easy for them to read as this sentence. But that’s not all – once that sensitive personal and/or company data is obtained, cyber criminals can then use the stolen online personas to gain access to other password-protected areas, such as online banking accounts, social media channels and corporate networks. Security expert Bruce Schneier said that “on the scale of 1 to 10, this is an 11.” Understandably, there’s a lot of media attention being given to this topic. But before hitting the panic button, read on to see how exactly your enterprise, or even you personally, might be affected. What’s the Heartbleed bug again? Secure sockets layer (SSL) and transport layer security (TLS) are widely used protocols that secure a wide range of communications across the Internet, from IMs to remote access, and Heartbleed is a vulnerability specific to an open-source implementation of these protocols aptly called OpenSSL. The bug gets its name from the nature of its attack, which involves piggybacking on an OpenSSL feature known as heartbeat. By exploiting this susceptibility, cyber criminals can compromise users’ cryptographic SSL keys, making what should be encrypted communications appear in plain text. Why it’s a problem According to Neil Rubenking of PC Mag’s SecurityWatch, the website “that was created to report on Heartbleed states the combined market share of the two biggest open...

Ransomware Looks to Blackmail Enterprises

When most people think of threats to their computer systems and networks, the usual suspects come to mind — malware and keystroke loggers that are meant to steal passwords to remotely access corporate networks and online accounts. Then, of course, there are the viruses designed simply for the sake of destruction, rendering one’s computer little more than an expensive, oversized paperweight. But perhaps the most dangerous threat of all is one that, while it has been around for a long time, is only now coming into prominence. It’s called “ransomware,” and if it sounds scary, that’s because it is. CryptoLocker is a well-known example circulating today. Ransomware is an accurate moniker, as this breed of malware encrypts the contents of your computer and then its creator offers to provide the decryption key — for a nominal fee, of course. Thinking of booting up in safe mode and deleting the ransomware from your computer? That’s all well and good, except your files are still encrypted and you still don’t have the key to unlock them. Ransomware Threatens Enterprises on Multiple Levels Encrypting your most important files isn’t the only method that cyber criminals employ, however. They can also place files on your computer that put you in an awkward position. Common practice includes downloading indecent materials on a computer that one uses for work. Employees fearful of losing their jobs for having illicit content found on their devices are that much more likely to pay the “ransom.” And if it works against one employee, cyber criminals have good reason to suspect that others in the same organization will acquiesce, meaning...

Why Enterprises Are Struggling So Much with Encryption

Encryption. For most organizations, the need for it is very apparent, but for some reason, its implementation often falls well short of goals and expectations. The obvious question here is: why? A recent Ponemon Institute study took a closer look at what exactly is giving enterprises such a headache when it comes to efficiently using encryption. The results were interesting, to say the least. According to InformationAge, the research, which included more than 4,800 business and IT managers worldwide, unsurprisingly revealed encryption use is on the rise, as companies try to stay ahead of growing privacy and compliance regulations, consumer concerns and increasingly sophisticated cyber attacks. In fact, 35 percent of organizations now have enterprise-wide encryption, compared to 29 percent last year. What was surprising, however, was the apparent objective shift, “For the first time, the primary driver for deploying encryption in most organizations was to lesson the impact of data breaches, whereas in previous years the primary concern was protecting the organization’s brand or reputation.” An alarming fact found in the study is only 20 percent of organizations polled think they are obligated to disclose data breaches, and of those, nearly 50 percent believe that because the data is encrypted, that circumvents the need to publically acknowledge an infiltration occurred. While the ethics of those policies are certainly subject to debate, a bigger problem perhaps is that all organizations surveyed are challenged with simply finding their sensitive data, as more than 60 percent agree that discovering exactly where it resides is the greatest challenge to deploying an encryption policy. More than half also agreed managing keys and certificates...