Monthly Archives: March 2016

For those in the information security realm, the last couple of years have felt like a never-ending stream of cyber threats and data breaches. Retailers, networks, governments, banks, and everyday citizens have all been affected by these breaches.

Heading in to the future, network security is looking at seven security trends that will dominate in the coming years. There’s not a lot that’s new, but what is there will increase in complexity and sophistication. To combat threats and to stay ahead of network security threats, information security professionals need to understand these seven trends.

Mobile Workstyles

Installed mobile devices is set to surpass installed-based desktop and notebook PCs for the first time. As people’s lifestyle’s become more connected, so do their workstyles. When businesses provide the ability to work when, where, and on a device of the employee’s choice, both the employee and the business win.

A word of caution: every day, thousands of mobile devices are lost or stolen. These devices may have valuable company data stored on them. Make sure you have a data recovery process in place in the event a mobile device is lost or stolen.

Cloud Forecast

According to a Voice of IT report from Spiceworks, approximately 60% of small-to-medium sized businesses are utilizing cloud-based services. For the company just getting started, using the cloud is easy. For those businesses that have been around for awhile, expect a transition phase as you go from IT applications and operational systems to the cloud. You may be straddling both traditional IT networks on-site and cloud-based deployments for a few months while you transition.

More Hackers

Cloud computing has many benefits for companies, but as advances in cloud computing and open-source software are gaining ground, the bad guys out there are also keeping up on the technology. Hackers and those who wish to exploit your company data are embracing these technologies to alter the volume, virality, and velocity of their cyber attacks. It’s estimated over 70,000 new malware variants are created each year.

It’s not all doom and gloom for companies utilizing cloud-based technology. In many respects, cloud computing is more secure than traditional IT infrastructures and has the potential to reduce hackers or viruses from attacking your data.

Privacy and Regulation

Many governments have already created regulations that impose conditions on the safeguard and use of Personally Identifiable Information (PII). When organization fail to sufficiently protect users, there are steep penalties. As a result, networks will start treating privacy as both a compliance and a business risk. New processes will help reduce regulatory sanctions and business costs, like loss of customers due to security breaches and damage to the company’s reputation.

Companies are already seeing increasing plans for regulation around the storage, collection, and use of information. This trend will continue to develop. Resources will be put in place to respond to security regulations being put in place.

Managed Security Front and Center

For most businesses, identifying IT network security systems in a timely manner requires 24/7 coverage of the environment. This can be expensive, especially since security professionals require regular training to keep current with new technology.

In the future, companies will start seeing a more proactive approach to managing security networks and incident response. Many businesses will engage the services of a managed security provider, as these providers have a depth and breadth of insight. It’s important to prevent what you can and manage inevitable compromises. This includes optimizing detection and response capabilities.

More Engagement

One of the biggest areas networks will change in future years is more engagement with an organization’s people. After all, a company’s greatest asset, while also a vulnerable target, are their people.

In the past, information security has been built on changing behavior to reduce the risk. The theory was when employees have knowledge, they will know their responsibility for reducing risk to the company. However, this has been a losing proposition. Instead, we’ll start seeing organizations make positive security behaviors as part of the business process, transforming employees from risks into the first line of defense for security. Organizations will start shifting from promoting awareness of the security problem to creating solutions and embedding information security behaviors that affect risk positively. The goal will be for businesses to embed behaviors that will result in “stop and think” as a habit and part of the organization’s security culture.

The era of modern business networks began over 20 years ago. Today, IP-based device are rapidly changing inside and outside the walls of business, making networks increasingly difficult to manage, scale, adapt, and secure. Understanding these new trends will help your company shape the future of network security.

When most people think about the benefits of cloud computing, the first thing that comes to mind is saving time and money. While it’s true that businesses will save time and money when switching to the cloud, the cloud also has the potential to change the way you do business on a daily basis.

According to a study done by consulting firm Emergent Research and the company Intuit, the percentage of U.S. small businesses using cloud computing is expected to increase by more than double during the next six years. Currently 37 percent of businesses use cloud computing, with projections rising to nearly 80 percent. Widespread adoption of cloud computing is projected to have a transformative effect on not only small businesses, but on large corporations as well.

Remote Employees

One of the biggest impacts cloud computing will have on businesses in the next few years is the ability to employee a mobile workforce. Businesses will easily be able to operate with employees in different locations. This allows companies to have flexible staff levels. What we’re seeing is the cloud in enabling a model that allows a team to form up, accomplish a task, and then de-form. People are able to pool their resources together and work in a shared workspace.

More Productive Employees

Having workspace applications available on cellphones, laptops, and tablets allows mobile workers to remain productive while on the go. Utilizing cloud applications enables employees to respond to business needs in a timely manner and to remain competitive. Providing a mobile workforce with the tools needed to be productive outside the traditional office setting helps them to be more efficient, while helping the company to gain more visibility to better manage costs and activities.

Increased Visibility and Streamlined Processes

Cloud computing services not only benefit workers, but they also support internal departments, such as finance, accounting, and human resources. With cloud technology, accounting professionals gain increased visibility into employee business expenses, facilitating a greater insight into employee spending patterns. This visibility enables companies to take the steps necessary to reduce overall expenses. Cloud services can also help streamline processes such as submitting expense reports and vendor communications, because all of the information is available from any device.

Lack of cloud computing services can also negatively affect the ability to properly staff the business. Having a mobile workforce enabled by cloud applications lets managers complete reports and process approvals during downtime. Normal activities like waiting to board an airplane, waiting for a meeting to start, or riding in a taxi are now turned into uptime, instead of downtime since key administrative tasks can be accomplished on the go.

Conduct Business Internationally

It wasn’t many years ago that only the large enterprises had the capacity to operate business internationally. To run a global business, large network systems were required. Now, even the smallest businesses can conduct business around the world from sourcing parts from China to selling products in Europe. As cloud computing grows, the ability to expand corporations internationally will grow as well.

Better Collaboration

A mobile workforce is beneficial to the company, but it’s also a plus for employees. Going to work no longer means sitting at a desk in an office space with hundreds of other people all day long. Collaborative work, sharing documents, and even holding meetings can all be done via the cloud.

Every member of the staff can save and access important files and work on a project simultaneously, without stepping foot into a physical office. From an administrative point of view, businesses can implement permission controls, to keep processes and policies in place.

Strengthened Security

There are many fears and concerns over security when it comes to cloud computing, but the fact is that cloud services reduce the risk of security failures. Backing up data can happen in real time, instead of at a facility offsite. In many respects, cloud computing is more secure than traditional IT infrastructures and has the potential to reduce hackers or viruses from attacking your data.

To increase your data security odds when using the cloud, keep a few tips in mind:

• Always use a strong password
• Employ encryption
• Know your cloud service provider
• Read your user agreement

For those not using cloud computing, the lesson is simple. In six years, 80 percent of competing business will adopt some form of cloud computing. Those who don’t adopt cloud computing will put their businesses at risk for falling behind.

Security breaches have been a popular news items the last couple of years. Despite the headline stories about security leaks and hacker attackers, many businesses are still unprepared and not properly protecting their data from a variety of security threats. According to Trustwave’s 2014 State of Risk Report, 476 surveyed IT professionals said a majority of businesses had no or only a partial plan in place for controlling and tracking sensitive data.

So what can your company do to better protect your data and your customers’ sensitive data from security threats? Take a look at four reasons your company data may be at risk and the solutions to protect your important data.

Risk #1: Careless Employees

A careless employee who forgets his unlocked laptop in a taxi is as big of a risk to a company as a malicious hacker. In addition, employees who are not trained in security best practices, those who have weak passwords, or click on suspicious links pose an enormous security threat to your company systems and data.

The solution: Train employees on security best practices and offer ongoing training and support. Some employees may not know how to protect themselves from online threats, unknowingly putting your business at risk. Training sessions are essential to help employees learn how to manage passwords and avoid phishing scams.

You’ll also want to make sure your employees have strong passwords on all devices, including laptops, tablets, and smartphones. Passwords are your first line of defense, so make sure employees use strong passwords. Strong passwords include upper and lowercase letters, symbols, and numbers. Remind employees it isn’t best practice to use the same password for each registered site. Using a different password for each site and changing that password every 30 to 60 days is essential.

Risk #2: Disgruntled Employees

Right along with carless employees is the risk of disgruntled employees. Internal attacks are one of the biggest threats facing your data and systems. Disgruntled employees, especially those on the IT team with knowledge of how networks work, access to admin accounts, and access to data centers can cause serious damage, both to your data and your company reputation.

The solution: Mitigate the risk of privileged account exploitation by identifying all accounts and credentials and immediately terminate those that are no longer in use or those connected to employees no longer at the company. You’ll also want to closely control, manage, and monitor all privileged credentials. Companies should also implement the necessary protocols and infrastructure to track, log, and record account activity to allow for a quick response if there is any malicious activity.

Risk #3: Unpatched or Unpatchable Devices

Unpatched or unpatchable devices are routers, servers, and printers that have software or firmware as part of their operation system, but a patch for a vulnerability in them was not created or sent. The hardware could also be designed to not enable patches. This leaves your devices vulnerable in your network and giving attackers an open invitation to use your device to access your data.

The solution: Start a patch management process to ensure that devices and software are always kept up to date. The first step is to check your technology and look on your network to see what is, and what isn’t current. You can do this with vulnerability management technology. Then, ensure there’s a policy in place where all employees agree not to use a certain piece of equipment if the patch is outdated.

Risk #4: Mobile devices

While mobile devices, like smartphones and tablets, make working remotely easy, data theft is at high vulnerability when employees are using mobile devices, especially their own, to share and access data. According to a BT Americas study, mobile security breaches have affected more than 68 percent of global companies in the past year.

As more employees use their own smartphones and tablets to get work done, companies face a risk of exposure from those devices if the device installs an app with malware or Trojan software.

The solution: Ensure there is a carefully planned policy in place about using personal mobile devices for business operations. With a mobile device policy in place, employees can become educated and companies can better monitor emails and documents that are being downloaded to mobile devices. Monitoring will provide companies with the opportunity to see into their mobile data risk and quickly pinpoint any exposures.

On a similar note, companies should implement mobile security solutions that protect both corporate data and access to corporate systems, while still respecting user privacy. This will ensure that corporate data and configurations stay encrypted and under your IT department’s control, adding an extra layer of defense against hackers.

Don’t leave your important company data unprotected. Get informed about the above risks and then take the steps necessary to ensure your data is safe and protected.