- May 15, 2016Read more
When I question people of what type of security software they have on their phone, it turns into an ah-ha type moment. “What software?” Then I follow-up with my next question, do you use your phone for banking? Typical answer is yes. When it comes to our desktops and laptops, no one would imagine NOT having some sort of security platform installed. So why do we have this attitude towards our phones?
Consider this statement from Webroot’s 2016 Threat Brief…
By the end of 2015, 52% of all new and updated Android apps were determined to be unwanted or malicious, while only 18% were benign. This is a striking change from the beginning of 2014, when only 21% of new and updated apps were found to be unwanted or malicious, and 27% were classified as benign.
iPhone users often believe that security isn’t necessary since this only happens to PC and Android users. If you are on a phishing site and you enter your banking credentials, does it really matter what platform you are on? Apple users need to review my blog on this.
Threats have more than doubled and our response hasn’t matched.
Here is my list of ways to rethink your smartphone:
1. Think of your Smartphone as a Computer
If we think it’s a computer, then we will treat it like one and do the necessary best practices that we do with our desktop and laptop such as encrypting your device, better and longer passwords and update/patch management to name a few.
2. Install a Security App
There are many free and paid versions. I prefer Webroot’s suite of products due to their cloud based architecture and light system resources. http://www.webroot.com/us/en/home/products/mobile/ Choose a product that has lost device protection, anti-phishing/safe web browsing and the ability to wipe data if you have sensitive information.
3. BYOD Considerations
As more organizations implement or revise their BYOD (Bring Your Own Device) policies, expect more scrutiny towards the phone you bring into the office network. If your phone is jailbroken or rooted, expect that device to be banned from accessing your company network. WatchGuard’s firewall software and wireless access point devices now do exactly just that, prevent unsafe wireless devices from accessing the network.
4. Assume that you can be monitored and no conversation is safe.
The recent 60 Minutes segment illustrates how just knowing your cell number is enough to hack you and listen in.
Recently BlackBerry CEO John Chen was in the news regarding his involvement in an RCMP probe. I do agree that we do need to assist law enforcement when called, however the controversy here as the article states “It would mean that police enjoyed years of access to Canadians’ personal cellphones without the public being any the wiser,”
Even though John Chen mentioned there are no back doors in the network, does it really matter since certain governments have the keys to the front?
I doubt that the majority of us would ever be a target for monitored conversations but at least we know from recent news, our communications are not as secure as we believe them to be.
The biggest takeaway is to ensure that you implement all possible safeguards around your phone. The recent Apple vs FBI battle about encryption has been a cause of concern for many tech companies and a good example of that is the recent move by WhatsApp implementing end to end encryption in their communications. As threats continue to the rise, the emergence of ApplePay and other mobile payment platforms that will change our shopping behaviors, we also need to look and change our behaviors on how we look at security on our smartphone.
BIT helps organizations with wireless deployments and implementing BYOD policies. Contact us for more information.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
- May 6, 2016Read more
We would like to take a moment to thank our newest client, Pristine Property Management for coming on board with BIT Incorporated. BIT will be functioning as the complete RMM and Managed Services Provider and also will be enjoying the benefits of the enterprise-level functionality that our Hosted Microsoft Exchange provides.
Pristine Property Management Inc. provides property maintenance services and competitive packages for Residential, Commercial, and the Municipal sector including Townhouse condos. Pristine Property Management provides a whole variety of services ranging from grounds, snow/ice maintenance to garbage/litter and various landscaping maintenance and a lot more. Pristine Property Management was awarded Toronto’s Board of Trade business excellence award for Business Growth in 2012.
To learn more about Pristine Property Management click here
- April 30, 2016Read more
Cybersecurity & Compliance: The Focus of 2016 – Part 2
Leverage your IT to Get Ahead of Your Competitors
A properly planned and secure IT infrastructure and cyber security plan will now become an asset.
In part one, we outlined how your IT infrastructure can be a competitive advantage. This blog will outline a high level strategy to implement.
1. IT Considerations
Your IT infrastructure will typically consist of hardware and software components. Hardware and software would typically crossover into compliance. For example, if you have network jacks in open areas, they should not be live if you want to be PCI compliant. Group policies for end user staff may help mitigate risks if they are properly defined on what permissions and software are authorized for use. You may want to investigate if your firewall has the latest technologies such as NGFW (Next Generation Firewall) or UTM (Unified Threat Management) to handle rising threats that your typical anti-virus/malware software will not be able to stop. BIT utilizes firewall products from WatchGuard that have both technologies and have pre-built reporting for compliance purposes with its Dimension software.
2. Business Continuity and Disaster Recovery
Only 35% of Small Business have Disaster Recovery Plans. Surprisingly, 70% of the business that do have DRP in place, their backups and plans are not successful. Creating and documenting your DRP is the first step. The plan should include periodic testing, training and also an audit review. In the past few months, ransomware has targeted hospitals and unfortunately in some cases payments were made to restore data and operations. When you calculate the downtime and lost productivity to business, the cost of the ransom is probably a small part.
3. Policies and Compliance
All policies should be documented. Does all the staff know their BYOD policy? You need to double check where IT and regulatory compliance cross over. A good example is where data is stored or hosted. Health based companies in Canada may have to store their data in Canada. To make matters confusing, every province has different rules. If your organization handles credit card transactions, then you need to have a high level awareness of the 12 PCI DSS ( Data Security Standard ) requirements. When implementing policies and compliance it is important to realize that input and involvement would probably require departments from the whole organization rather than just IT.
4. Cybersecurity Plan
Ian Russell from IIAC mentioned that an Incident Response Plan (IRP) should be developed. “If you don’t have a plan, valuable time will be wasted trying to figure out who should be doing what.” The most critical component of your plan involves periodic user awareness training. With ransomware on the rise and record number of CEO fraud committed, awareness training should also be part of a plan and conducted on regular intervals. As larger corporations invest more into security, cyber-criminals will go after easier targets such as SMBs. Even if you have everything from above implemented and documented, there is still no guarantee that your organization could evade an attack. Some organizations have even added cyber insurance policies in addition to typical officer and director insurance and executive may have.
If you want more information on how to prepare your own plan please contact us.
United States Office