Security

Do you need more Security Factors?

Security Factors.png

Chances are, yes, you do.

Security is one of the areas of spending in which the budget rarely gets smaller, because security is important to every organization. It’s critical that only authorized users are able to access enterprise applications and information.

As phishing and other social engineering attacks proliferate, IT departments look for new ways to ensure the person logging in to the account is the person to whom the account belongs. The search for greater security leads most of these departments toward multi-factor authentication.

Three basic factors of authentication

There are three basic “factors” of authentication:

  1. Something you know

  2. Something you are

  3. Something you have

In the most common authentication scheme, a single factor is used. We’re all familiar with the basic username and password combination that introduces everyone to the idea of authentication. That is single-factor authentication, since it’s all about what you know.

For a growing number of companies, that single factor is no longer enough, especially since it involves information that can easily be shared, stolen, or coaxed from a user.

Time to get physical?

One form of authentication most often talked about now is biometrics—that is, using something you are to authenticate an account.

A wide variety of body parameters can be used as authentication factors, ranging from fingerprints and hand prints to facial recognition and iris scans. It’s even possible to use unique characteristics of an individual’s voice to authenticate the individual.

Thinking hardware

One of the critical points of deploying any form of biometric authentication is that workstations must have the hardware necessary to “read” the biometric information.

1. Keyboards

While still not universal, many laptop computers and desktop workstation keyboards are available with fingerprint scanners, though care must be taken when looking at specifications. Some scanners will require more user training than others for reliable, consistent use.

2. Audio/visual

Cameras and microphones built in to laptop workstations can be used for facial- and voice-pattern recognition, while cameras, microphones, and fingerprint readers can be added via USB to either laptop or desktop systems until new, biometric-ready systems can be purchased on the refresh schedule.

Relying on token security

The third factor in authentication is something you have. This is most frequently a one-time token generated by a dedicated device or, increasingly, by an app on a smartphone. In this authentication, after providing a username and password, the user must provide the numeric token displayed on the token-generating device.

In all forms of authentication, IT departments must weigh security against usability. With today’s technology, it would be entirely possible to require four or five different forms of authentication to log in to an account. But how many users have access to information that is so valuable that it justifies a ten-minute routine in order to log in? Adding just a second factor, especially one that can’t be easily shared or stolen, provides significant security with minimal impact on usability.

How can we help secure your information?

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this an interesting read?

Four ways to Enhance your Endpoint Security

Endpoint Security.png

It's quite likely you use several devices, such as a smartphone, tablet, and a laptop or desktop PC, to run your business. Each device, however, represents an access point for threats like viruses and malware. Endpoint security aims to secure these network 'endpoints' so that suspicious online activities are blocked at the point of entry.

The need for endpoint security has risen sharply, particularly in response to the rise in mobile threats and the growing internet of things (IoT). Most vulnerable are small-medium businesses (SMBs) with offsite employees who need to access the company's network. But the reality is that all businesses are at risk, given today’s ever-shifting and undefinable security perimeter.

So, what are today’s SMB leaders doing when it comes to endpoint security? How can you ensure every tech outpost in your business is secure? Here are four key strategies.

1. Remove or limit administrative access

Most employees don't need administrative rights to perform their day-to-day jobs. If an endpoint app does require administrative access to your network, it can be added to a database of approved programs by an access control tool. Limiting administrative access in this manner can greatly limit damage within your core network caused by an attacker who is targeting the endpoint device.

2. Use advanced authentication

Many successful endpoint breaches are the result of employees using the same password across multiple sites. If just one site is compromised, it's only a matter of time before your business network is broken into. Two-factor authentication fixes this problem by requiring extra credentials to access the system, such as a fingerprint scanner, token code, smart card or additional questions. This blocks attackers even if the password has been stolen.

3. Keep your systems up to date

New security vulnerabilities are being discovered all the time. Hackers are constantly keeping watch – and using them against SMBs to find out which ones neglected to patch their systems. If you use various endpoint devices in your business, it's important to ensure your business apps, anti-malware programs and other security tools are kept up to date with the latest security patches and virus definitions.

4. Conduct security training and awareness sessions

A recent IBM study found that 60 percent of business data breaches originate from employees, with about a quarter of these being accidental. Ongoing awareness and training on security best practices, in areas such as data encryption, password security and BYOD (bring your own device), can help keep your network safe.

As your data network gains more endpoints, the number and variety of cyber risks will only increase. These steps will help to ensure that your SMB is better protected and more resilient against online attacks.

We can help you prepare for the worst

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg

Cloud or Dedicated Server?

Cloud or dedicated server.png

Should you be entrusting your data to the cloud or keeping it down to earth on your own servers? This is a decision facing every CIO, and it’s one they’ll be forced to justify and revisit regularly for the foreseeable future. That’s because there’s been no knock-out blow in the argument between the cloud and the in-house server. There’s plenty to be said for both, which means there is no blanket answer. Each individual company must make a decision based on what makes the most sense for the business.

Looking cloudward

Surely the chance to ditch your servers and outsource to someone who is steeped in server management seems like a gift from the universe. The arguments in favor of cloud computing are easy to make, especially to someone frustrated by the intellectual overhead and raw cost of maintaining their own servers.

The promises of the cloud include the following.

  • You pay only for what you use, so it’s incredibly flexible; you can scale up or down at will.

  • Security, upgrading, and server configuration are in the hands of experts.

In these days of everything being “as-a-service,” the idea of owning anything like a server seems downright old-fashioned. If Uber can run the world’s largest taxi service without owning any taxis, why on earth would you need to own servers?

Where to look closely

There are a few things you need to factor in to make sure you’re comfortable with any potential compromises.

Power: Cloud providers can’t match the power of a dedicated server that’s properly configured.

Speed: The scalability of the cloud has to do with getting more or less storage, not faster storage, which might be a concern when another customer is flogging the server you’re on.

Latency: If your cloud host uses dispersed locations or it’s not nearby, you might have latency issues

Taking a dedicated approach

The promise of cloud computing is most clearly seen in companies meeting one or more of the following criteria.

  • Tight budgets

  • Growth they can’t predict

  • Business-to-consumer models

  • Jobs that don’t need lots of computer power or storage or much time to run

A company that has a business-to-business model or has well-established usage needs and predictable growth will likely find running its own servers cheaper and more efficient. This is something you can quickly run the numbers on, and the results might surprise you, considering that “cheaper” is a clarion call of the cloud industry.

The issue of security

It’s also worth running the decision through the filter of security. Hackers fish where the fish are, which makes cloud hosts attractive targets. You’re not just outsourcing server configuration, you’re trusting another company with your security. If security is a concern, you’re probably better off keeping your servers in-house, where you can tailor security to your needs. Current Technologies can help you determine which solution would provide more value to your business and then set up a custom solution for your business.

Need help deciding or implementing?

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg

Keys to Mobile Security

Mobile Security.png

Business mobility is sitting high up the priority list for CIOs in 2019. New research shows 64 percent of enterprises rank improving mobility and mobile security as a top priority. They see mobile access as key to improving employee talent, internal communication, making decisions faster and cutting costs. Mobility, however, comes with challenges. Top of that list is security.

Worries include:

  • Data leak prevention

  • Intrusion detection and prevention

  • Managing access to data

  • Preventing data loss when devices are lost

The concerns of IT leaders are easily justified. 82% of those surveyed said mobile devices can access most of their corporate data. As more enterprises introduce bring-your-own-device policies, more data will be put at risk.

88% of Android devices are vulnerable

University of Cambridge computer scientists recently found that the infrequent release and user reluctance of security updates for Android devices has left 88 percent of them vulnerable to at least one of 11 critical security flaws.

Apple is not in the clear either. The nature of iOS makes it hard for the same analysis to be done on iPhones and iPads, but the researchers said they expected the same level of vulnerability in the Apple ecosystem.

The sources of the danger

An employee downloads something infected with malware or connects to an unsecured WiFi network. The routes to compromise are many and easy to conceive. Once the malware is installed, it begins hunting for or capturing corporate data using the device’s access.

The greatest concern in these scenarios is the general lack of visibility that IT administrators have into potential mobile security issues. Most malware cases go unnoticed until it is too late.

Mitigating risk

Given that the growth in mobile usage is unstoppable (desirable, in fact), mitigation of risk is the only remaining approach.

A separate network for BYOD devices gives you a checkpoint to make sure personal devices and mobile apps are validated. A master security policy can set out exactly what information mobile devices can access. Secure mobile access solutions with context-aware authentication, network access controls and a virtual private network help keep access to only authorized users and mobile apps located on validated devices.

Also:

  1. If you develop and deploy your own enterprise apps, put them through a security vetting process

  2. Treat mobiles like laptops permanently connected to a network outside your control

  3. Know what applications your staff use to access your data

  4. Where possible, encrypt data at both ends of the transaction

  5. Protect data first and the device second. (Your mobile data management system should allow you to wipe a device remotely. Losing data on a server is a far bigger headache — loss of business, furious customers, lawsuits…)

We are here for your security needs!

Name *
Name

We Value Your Feedback

Was this information helpful?
Wast this an interesting read?
CurrentTech_Horizontal.jpg

3 Ways Spending Less on Hardware will cost you

Desktop Computer 3.0.jpeg

How “Cheap” Machines Become Expensive


Everyone in business IT knows that budgets are shrinking. In an environment with fewer dollars, it's tempting to look at low price tags as the most important specification any hardware can carry. The problem, as we are reminded frequently, is that total cost of ownership (TCO) cannot be ignored. More importantly, the total benefit of ownership is a metric that IT managers must take into consideration seriously when specifying the details of servers or workstations. 

There are multiple aspects to TCO for hardware, and most of them have nothing to do with whether the hardware is likely to break and need service. For our purposes, let’s assume that any workstation you buy is going to be an absolute rock of reliability and quality. That still doesn't take away three ongoing costs of owning your workstations. 

1. Lost Productivity

You've heard that time is money, well one of the primary ways in which the cheapest priced machine can become expensive over time is through the lost productivity that accompanies the minimal performance.

Managers focused on nothing but purchase price might criticize the organizational cost of a few seconds per operation or the inconvenience caused to an employee by a desktop workstation compared to a laptop, but over the course of a workstation's lifetime, those seconds and minutes add up.

2. Reduced Effectiveness

Workers who have to deal with daily frustrations from underperforming or poorly configured workstations are less effective.

Human memory is poor, especially after the fifth meeting of the morning. Handwritten notes are better than nothing, but notes typed into a laptop are surely best. That isn’t possible for workers away from their desks if their computers can’t follow them.

There are still organizations with managers who consider laptop and other mobile computers as luxury items. IT managers might want to point out that mobile computers can increase information accuracy, improve productivity, lower network infrastructure costs, and enhance security in return for their perceived luxury.

3. Security and Network Infrastructure

Considerations such as network infrastructure cost should be considered in TCO calculations, especially when WiFi has become nearly ubiquitous, and the costs of running cable continue to rise.

IT managers who want to seriously tilt the table in the direction of mobile endpoints can discuss the cost of potential data breaches through physical intrusions. The average desktop-based client infrastructure is far less secure than an infrastructure and policy framework that has:

  • Most laptop and mobile devices locked in drawers or cabinets at the end of the day

  • The rest in the possession of employees trained in security

Moreover, connecting to central assets through a VPN can be far more secure than the average desktop-based client infrastructure.

Decisions based solely on minimum purchase price can come back to haunt an organization for years. Current Technologies specializes in consulting with your business, finding out your needs, analyzing all options and bringing you the solution best fit for your business.

Get Your Solution Today

Name *
Name

We Value Your Feedback!

Name *
Name
CurrentTech_Horizontal.jpg

Pros VS. Cons of a Bring Your Own Device Policy

BYOD.png

Securing Your BYOD Policy


Work practices have undergone a revolution in the digital age. Networked devices and more mobility have blurred the line between work and home as vast numbers of people perform their jobs across multiple platforms, often far from the office.

An accompanying phenomenon is the bring your own device (BYOD) policy which allows employees to use their own laptops and smartphones in the office or, alternatively, to use those devices to work from home.

BYOD has its pros and cons, and organizations that already have a policy in place or are contemplating implementing one need to tick some boxes to make sure it runs as smoothly, and most importantly, securely as possible.

The Good

BYOD has obvious advantages for staff who like the convenience and familiarity of working on their own devices. It could also lead to productivity gains, as users have an affinity for their own personal devices and how they use them.

Personal laptops, tablets, and smartphones are usually more cutting edge, given that companies often don’t update their desktops for years on end. BYOD also allows staff to carry only one or two devices around with them, rather than different ones for work and personal use.

BYOD policies can save organizations money, as they don’t have to spend as much on their IT hardware while allowing workers increased mobility.

The Bad

Having said that, BYOD practices are not free from security concerns. More and more mobile devices provide greater scope for ways to breach a company’s IT infrastructure.

Some employees may not be as stringent as they should be about the information they bring home that could be highly sensitive or confidential. Once they take it out of the office, there’s nothing stopping them from sharing it across devices, networks, emails or even showing it to their family and friends.

Disgruntled employees about to walk out the door pose an even bigger threat. If they are leaving to work for a competitor, BYOD makes it easier for them to take intellectual property with them. Alternatively, if an employee uses a smartphone to access the company network then loses it or it's stolen, an unauthorized person could retrieve unsecured data on the device. Staff can also sell their devices or give them away and forget to wipe company data beforehand.

And The Necessary

A good BYOD policy should contain two critical components: an application or software program for managing the devices connected to your organization’s networks, and a written agreement that clearly states the responsibilities of employers and staff.

For example, IT departments wishing to monitor the use of personal devices must ensure that they only monitor activities that access company information.

Software developers and device manufacturers are constantly releasing security patches and updates for threats such as viruses and malware. BYOD policies should have the necessary processes in place to automatically apply those patches across all the agreed BYOD devices.

Additionally, organizations can simplify the whole process by limiting the number or make of devices allowed in their BYOD programs and the systems they have to support. Supporting a broad range of devices could become an administrative nightmare.

The IT department should also have permission to remotely wipe the device if it's lost, the employee leaves or if it detects a data breach, virus or any other threat to its infrastructure.

BYOD should satisfy employees and management alike, as long as there's a clear understanding of everyone’s responsibilities. Before settling on the best BYOD policy for your organization, it's worth getting input from employees, HR, IT, finance, legal and anyone else who has a stake in the matter.

How Can We Help Your BYOD Policy?

Name *
Name

We Value Your Opinion!

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg

9 Network Vulnerabilities You Should Address Now

start_the_year_on_a_secure_note795x313.png

Finish the year on a secure note

Research from Spiceworks, a network of IT professionals, highlighted more than 70% of respondents rated security as their top concern for 2018. With the hacking epidemic on the rise, here are nine things involving hardware and software that can be done to help stop you from worrying about your business' security.

Hardware

Sure, software is the greater hacking risk, but many hardware vulnerabilities are software-based. Older equipment is often missing new built-in security features like:

  • Unified Extensible Firmware Interface (UEFI) with Secure Boot

  • Self-healing basic input/output system (BIOS)

  • Pre-boot authentication (PBA)

  • Self-encrypting drives

That’s why you should be auditing and planning to remove:

  1. Computers with conventional BIOS- They can’t run Secure Boot, which helps to prevent malware loading during the boot process.

  2. Computers lacking pre-boot authentication or a trusted platform module (TPM), which stop the operating system from loading until the user enters authentication information, such as a password.

  3. Old routers, which can have easily hacked vulnerabilities.

  4. Drives that don't self-encrypt- Self-encrypting drives (SEDs) need a password (in addition to the OS login password), and the technology automatically encrypts and decrypts data on the drive.

On a side note, old drives leave you vulnerable in another way: you could lose data when they fail, which they will.

Software

Getting your hardware straight will almost always involve spending money, but fixing up software could be as simple as running those free updates you never got around to. Here’s what to look at:

  1. Unpatched or out-of-date operating systems- Windows XP has been beyond its support period for nearly three years but is still running all over the world despite there being no updates, no technical assistance, and limited efficacy with anti-virus. And old operating systems always have fewer security features than new ones.

  2. Unpatched or out-of-date productivity software- It’s highly risky to run unpatched versions of Microsoft Office, especially older versions like Office 2002, Office 2003, and Office 2007. They can give a hacker access to the rest of a system, with particularly catastrophic consequences if the user has administrative privileges.

  3. Legacy custom applications- If running an old version of Office is a risk, imagine the danger of running legacy custom software, particularly if you’re no longer doing business with the vendor (or the vendor is no longer in business). When your legacy software was being coded, the vendor probably wasn’t thinking of the sort of security attacks that are common today.

  4. Unpatched web browsers- No browser is entirely free of security vulnerabilities. Common vulnerabilities include URL spoofing, cross-site scripting, injection attacks, exploitable viruses, buffer overflow, ActiveX exploits, and many more. Always, always run the most recent version.

  5. Out-of-date plug-ins- Everybody loves a plug-in, but they have a high potential for disaster, especially if you’re not running the latest versions.

Outdated Hardware or Software Shouldn't Stop You

Name *
Name

We Value Your Feedback!

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg

IT Standardization Is Key For Any BYOD Policy

Devices.jpeg

It may have been inconceivable ten years ago, but it didn't take long for today’s workers to get used to bringing their own technology to work. Driven by claims that they can work more productively on their own devices, workers now take bring your own device (BYOD) policies for granted, even though they have created management and security headaches for IT administrators.

Businesses have long standardized their equipment to make it easier to swap in new PCs when old ones break or need to be upgraded. Yet the lack of control over laptops and other BYOD devices is challenging this practice, presenting issues for IT administrators and the integrity of business data.

Administrators often have no way of finding out, or improving, a device’s security profile. This leaves businesses exposed when a new software vulnerability is discovered since administrators have no way to patch or upgrade the software on users’ personal devices; studies regularly attribute most security breaches to unpatched vulnerabilities that had been fixed years ago but were never applied to users’ devices.

Standardize Your Apps

These problems create a compelling case for standardization—if not of the devices themselves, then of the applications that they are running. It’s not just about making system administrators’ lives easier, but by mandating a consistent set of applications, for example, it’s easier to help employees communicate smoothly and effectively regardless of where they go or what device they’re using.

Standardizing productivity applications ensures that documents can be easily shared and used, minimizing the need for costly and time-consuming manual entry of information. It also reduces the need for staff training and making it easier to move employees between locations. It also reduces the number of applications needing support. With the average business already running well over 100 different applications, any reduction in complexity can only be a good thing.

Consolidating your applications also offers considerable cost benefits: you’re likely to be able to spend less on licensing costs than you would when buying multiple applications, and because you’re buying an application for a large number of users you will have better bargaining power with your suppliers.

Consider Cloud Solutions

It’s worth noting the value of cloud-based productivity tools in meeting these goals. Although some users require sophisticated productivity tools for certain jobs, in most environments users could make do just as well with a cloud-based tool such as Microsoft Office 365 or Google Apps. These store data in a central place where all users can easily access, view, and change information from any device, at any time.

The BYOD cat may already be out of the bag, but by standardizing your IT applications and infrastructure, you can reduce costs while remaining competitive, and improve flexibility. By identifying the best opportunities for standardization, you’ll be able to reduce technology-management overheads and ensure that your users are more productive, more often.

How Can We Help Your BYOD Policy

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg

5 Reasons The Workstation Is Key To Manufacturing

Manufacturing Computer.png

Modern manufacturing is as much about reducing manual processes and innovating with digital prototyping and 3D printing as it is using machines to make a physical product. Modern manufacturing operations now require a high degree of computing power. Desktop workstations are ideal for providing a high level of computing power with a visual interface for an engineer or operator.

Evolution of the Workstation

For many years, the engineering workstation was a device category in its own right. Distinct from regular home and business PCs, the workstation was designed and built for high-end computation and graphics applications. They also included:

  • 64-bit processors (when PCs were 32-bit)
  • Large amounts of enterprise-grade memory
  • Discrete graphics capability
  • Plenty of local storage

In addition to the high-end hardware, workstations were also characterized by their Unix operating systems in a world where most people used Windows. As PC technology matured, 64-bit CPUs became a standard. Fast forward to today where the modern workstation is functionally equivalent to a high-end desktop, but it is still very relevant to manufacturing industries and technology development.

Workstations for Modern Manufacturing

With workstations now readily available, CIOs must evaluate the use cases for workstations and how they can complement ubiquitous mobile computers. In manufacturing, the business case for workstations remains solid.

1. Performance

The processing power, memory, and storage of workstations are superior to portable computers, and this is important where the immediacy of operational parameters is crucial. Workstations can also be "clustered" to deliver far greater performance than regular PCs.

2. Design and Visualization

The high-end graphics capability and large display options of workstations make them well suited to manufacturing where visual design and monitoring are central to operations.

3. Prototyping

Manufacturing is moving from traditional physical prototyping to the new era of digital prototyping. Products are designed then "tested" in a simulated environment using the known properties of the materials. Using workstations for digital prototyping can significantly reduce production costs and the time to market.

4. Security

Workstations have the added advantage of being able to be locked down and located in control rooms away from sensitive manufacturing equipment. Many manufacturing operations restrict mobile devices on site for reasons of fire safety and interference protection.

5. Application Support

Mobile device platforms are catching up, but the platform support and user experience of workstations is a much more complete environment than what portables offer.

The engineering workstation is alive and well in manufacturing and continues to offer a strategic advantage over other computing options. It's up to CIOs and IT managers to put them to best use, including for innovative programs like visualization and prototyping. Current Technologies' partnership with Dell allows for us to quickly bring you high powered workstations allowing you to begin maximizing productivity. If you are not currently using desktops for activities like monitoring lines, prototyping, or design you are missing out on a huge opportunity for growth.

Discover How Desktop Workstations Can Help You

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg

Helpful Hackers- They Do Exist

Hacker.png

Business IT systems are complicated, you know that. You've invested in security for your systems, but you're worried that there are still holes in your defense, weak spots between all the bits and pieces that make up your total networking and computing infrastructure. How can you feel confident in your security? You have to welcome a hacker into your midst.

It sounds counter-intuitive, welcoming a hacker (or team of hackers) to come and break into your network and your most sensitive data stores. But that's exactly what pen-testers (short for penetration testers) do—launch non-harmful, sophisticated attacks and probe to see if your network can handle the worst the world has to throw against it. Pen tests are almost always valuable, but to get the most from the exercise there are several things you can do.

1. Turn Them Loose

Too many pen tests are hampered because the client places significant limits on what the pen testers can do. One frequent example involves spear-phishing and social engineering. Will you let the pen testers send email messages to employees trying to tempt them into giving up network credentials or privileged information?

Some companies say they do not want to risk embarrassing employees, so they forego testing the human element of the network. If you do not run these tests, you lose valuable opportunities to see how well corporate training has been put to use by employees. The key is to not single out employees and treat any successful spear-phishing attacks as opportunities for education, not punishment.

2. Define Goals Before You Start

Is the purpose of the test to inform regulatory compliance efforts? Are you trying to see where weaknesses lie before starting a new security purchase cycle? Do you want to give your InfoSec team information before they begin revisions to the corporate security policy? Is this just part of your regular cycle of testing the effectiveness of your security?

Being clear about what you want to achieve from the test, and communicating that information clearly to the pen testing team, will help make sure the pen testers are working with you to be most effective.

3. Do Not Hire Them

Some executives resist pen testing because they worry that the results of the test could become subject to the discovery process in the event of a lawsuit. That is a legitimate concern, but there's a way around it.

Let your law firm hire them. If outside counsel hires them and delivers the report to you, then it is privileged communication and is immune from legal discovery. You get the results, everyone gets protection, and everyone (on your team) is happy.

“Hiring” a team of hackers can be the best thing you do to strengthen your network security. Do your homework on the firm you hire and follow the tips above, and you'll end up with a sound picture of where your security is doing its job—and where you should start immediately patching the holes. Our team at Current Technologies specializes in building state of the art security systems to your specification. If you already know where the holes are from a pen-test, it will be a breeze to have us patch them up for you.

Need Help Passing Your Pen-Test?

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this information helpful?
CurrentTech_Horizontal.jpg