A Look at BYOD in 2016

Happy 2016! It’s a new year, and a time for fresh resolutions to improve your life over the next 12 months, whether that involves running a marathon, getting a new job or taking that trip abroad you’ve been putting off. But for businesses, those New Year’s resolutions should be expressly focused on stronger security. With data breaches, email hacks and password thefts becoming more and more commonplace – and each cyberattack casting wider nets of victims – this is one resolution that can’t be allowed to fall through. This is especially true for organizations adopting BYOD and mobile-friendly policies. Just as developers have taken a “mobile first” approach to creating new apps – designing and optimizing apps from the ground up for mobile viewing and touchscreen interfaces – companies have begun taking the same approach to how their employees operate, whether it’s by allowing them to use their own personal devices in the workplace or utilizing either personal or company-owned devices while working remotely. As CIO.com points out, it’s important that this strategy pays special attention to security. Integrating more wireless and mobile devices into your company may make employees’ lives easier and more convenient, but it can open up serious potential security vulnerabilities if the proper precautions aren’t in place. A secure remote access VPN paired with cybersecurity policies like multi-factor authentication can help defend mobile communications – and protect the personal and corporate data that those communications send back and forth – from external threats. A New Year’s Resolution for Stronger Mobile Security As BNDA notes in its top 10 IT predictions for 2016, more than half...

As the Dust Settles: The Value of Secure Remote Access in the Hours After a Cyberattack

The first 24 hours after a cyberattack are chaotic. The investigations and conclusions will come far down the road, but in the immediate aftermath of an attack, the entire organization is in reaction mode. The public relations team will update media members hungry for additional details. If an attack affects an organization’s own employees, the human resources department will issue alerts internally. The legal team will remain on standby to ensure regulatory requirements are met, offer counsel and guide the organization through the first few days of what is likely to be a process lasting many years. For the IT department, meanwhile, those first few hours are all about containment – discovering the origin of an attack, isolating or stopping its harmful effects, and securing IT systems to assure continuity. Yet, in many cases, victims of cyberattacks aren’t taking these critical first steps. According to a new survey by the SANS Institute, only 59 percent of organizations are able to contain attacks within 24 hours and more than half claim to be dissatisfied with the length of time it takes for them to contain and recover from an attack. Even the federal government doesn’t really have a perfectly coordinated strategy for responding to these events. As last summer’s hack of the Office of Personnel Management (OPM) showed, the government isn’t well equipped to react quickly to emerging threats and successful attacks, and individual agencies don’t always take ownership of a coordinated response. Fortunately, most businesses don’t have such a burden. Most are more agile than the government, and therefore better positioned to respond quickly, even if the findings of...

How Far Does Your Cybersecurity Umbrella Extend?

Network administrators: No matter how impenetrable you think your network defenses are, there are always going to be remote access vulnerabilities that threaten the integrity of your walls. Often, it’s a threat that originates from outside the immediate range of your defenses, and it’s one you may not have any visibility into. Recently, these threats have started to originate from third-party partners – a company’s vendors, suppliers, agencies, firms and other outside service providers. These are often smaller companies with less sophisticated remote access defenses that, when they become a target of cyber crooks, provide a path for an attacker right into the heart of another company’s network. Target found this out the hard way, after its network was breached when attackers gained entry by acquiring network credentials though a third-party HVAC vendor. So did Lowe’s, after one of its vendors backed up customer data on an unsecure server and unknowingly exposed the information to the broader Internet. Goodwill, too, suffered a breach because of a vendor, this time a retail POS operator that acknowledged its managed service environment “may have experienced unauthorized access.” While it may seem odd for big-name companies to provide such privileged access to third parties and, in the process, put themselves in harm’s way – either deliberately or inadvertently – it’s actually quite a common situation. As Brian Krebs reported in the aftermath of the Target breach, large retailers often provide HVAC and energy vendors with privileged network access so they can alert retailers around-the-clock in the event something goes wrong in one of their buildings. As a source told Krebs, “Vendors need to...

Open Haus: Updated VPN Clients and Server

Of all the factors that would prevent an organization from launching a comprehensive remote access security strategy – limited budget, unfamiliarity with emerging threat vectors, lack of employee buy-in – the remote access tools themselves should not be the reason that a strategy has trouble gaining a foothold within an organization. The experience of using a remote access VPN needs to be an easy one – it should be straightforward for network administrators to centrally manage, and simple for users to deploy without interrupting their workflow. As Citrix’s Kurt Roemer recently told eWeek, “The industry needs to preconfigure for security and employ services that keep security settings optimal and balanced against user experience.” In the last month, NCP engineering has issued three product updates, all intended to improve remote access security for enterprises by enhancing administrator features and the end-user experience: NCP Secure Clients, Version 10.02 This update supports users of Windows 10, and is the first IPsec VPN Client compatible with Microsoft’s newest operating system. For users, Version 10.02 of the NCP Secure Entry Clients offers: Optimized Internet of Things (IoT) configuration Alerts when the preferred network is no longer available Improved user experience through a touchscreen-compatible interface The option to eliminate dual network connections Password- and PIN-free logon with machine certificates Meanwhile, administrators benefit from improved troubleshooting, through enhanced search log functionality, and immediate configuration updates. NCP Secure Client – Juniper Edition, Version 10.02 For users who access network connections through Juniper VPN gateways, Version 10.02 of the NCP Secure Client – Juniper Edition offers many of the same enhancements above, while providing seamless and secure remote...

Smaller Scale Is No Defense: Why SMBs Should Assume They’re Already Targets of Cyberattackers

You would be hard pressed to go a month without hearing about a new data breach or major cyberattack in the headlines. These incidents occur with such regularity nowadays that seemingly every industry has been affected – healthcare, education, retail and even amusement parks. There are variations across all these attacks, from the threat vectors themselves to the protections that may have faltered. But, the common thread is that these companies are generally big names with targets on their backs. This trend also tends to overshadow an even more worrisome one: data breaches occurring at small and medium-sized businesses. While SMBs may exist on a relatively small scale, they certainly don’t go unnoticed by hackers. The numbers actually show that three out of four attacks occur at businesses with fewer than 100 employees, and that each incident carries an average price tag of $20,752, according to the National Small Business Association (NSBA). The NSBA’s Jason Oxman elaborated further in comments to the Los Angeles Times last year: “We are absolutely facing an epidemic of attacks on our nation’s infrastructure and attempts to gain access to information. But smaller merchants tend to be easier and more attractive targets for cyber criminals.” This is because SMBs are less likely to be well-versed in security protocols and because they won’t get much attention from the media, thereby allowing the attacks to continue under relative quiet. Compared to enterprises, SMBs may also lack the resources to detect and respond quickly to attacks. The fallout can result in broken websites, bad customer reviews and narrower profit margins – all consequences that can completely devastate...