Bring your Own Device (BYOD) and the Mobile Revolution – Are You Ready?
BYOD is a term that is tossed around quite a bit as of late, as a way to save money or give end users freedom to choose the platform they want to use. Before you believe all of the hype you need to consider a few items.
The first item to consider is the platforms you are going to support. You can purchase $80 tablets. Are you really going to support that with your BYOD efforts? You should provide a list of platforms that are supported so you can save your employees the headaches.
The second item that you need to consider is how are you going to support those BYOD devices? Since you don’t own them are you going to spend time supporting the device or arrange for someone else to support the device?
Applications. You need to consider how you are going to get the applications to the different platforms. You will need to find something that will render the applications to support phones, tablets, Mac OSX. Currently, software such as Citrix XENServer, 2x Software, and Mokiafive provide this type of support.
Finally, network connectivity and security is a large concern. Since you do not control the device, how are you going to secure it? The best answer is to not allow them on to your production network. You will need some way to segment these devices off from the regular network.
This is just a short list of many items to consider when deploying BYOD.
Who Do You Trust?
Be careful with who you trust. One of the easiest ways to be compromised is to give away your password. Scammers are excellent at what they call “social engineering”. One of the big tips I have is: if someone is asking for information over the phone, ask to call them back to verify the number. If they have a problem doing that, then they are more than likely not legit. This is especially true for credit card and social security numbers. Bottom line: Be careful what you give out.
Education and Technology are Both Required to Battle Phishing Attacks
Cybercriminals typically attempt to steal data using various techniques – malware, hacking, and tampering with hardware.
I believe the more serious attacks are aimed at stealing intellectual property from companies. According to Verizon’s 2013 Data Breach Investigation Report, the threat has switched from the physical theft of hardware to social engineering the employees of the business.
The report discovered that 95 percent of all state-affiliated espionage attacks include a phishing component, the report’s review of 47,000 data-security incidents found.
The data points to a weakness in most companies network security. Most companies have strong anti-spam technology guarding the inbox, but spear phishing attacks still get delivered. That puts your employee’s on the front line of defense as they could be either defending or infecting the network.
Trevor Hawthorn, chief technology officer of phishing-awareness service provider ThreatSim says, “Our customers are doing a lot of the right things that they are supposed to be doing [to filter out phishing], but they are still getting a high number of phishing messages,” he says. “At that point, the end user becomes the last element of defense.”
Phishing awareness allows companies to regularly test employees, raise the awareness of those employees who fail the test, and teach workers proper incident response, such as reporting phishing attempts. Phishing service firms give companies regular reports on how their employees performed in the tests and offer other metrics, such as how quickly employees reported a phishing e-mail.
Having well educated users is a lofty goal, but will it prevent 100% of the attacks? No.
Finding a user who will click on a link in a well-crafted e-mail is a numbers game: “Eventually, the attackers will succeed”, says Kenneth Geers, senior global threat analyst with anti-malware provider FireEye.”The thing with social engineering is, that if the attackers have done their homework, everyone is going to click,” he says.
Both technology-only and an education only approach are both flawed. Combined they both reduce risks.
With regular phishing-awareness campaigns, companies have generally reduced the success of the attacks to the single-digit percentiles, according to ThreatSim. Another phishing-education service, PhishMe, has seen similar results.
Another hopeful trend: Companies are starting to see their employees reporting the phishing attacks before their less security-conscious colleague click on the link, says Aaron Higbee, chief technology officer of PhishMe. Lengthening the time between report and click give the company’s incident response team more time to find and eliminate similar attacks.
“It gives their incident response team a head start of 20 or 30 minutes,” he says.
“On the technology side, sandboxing and virtual analysis environments are improving and are better able to jail potentially malicious files and protect systems from attack. So, adopting both approaches can deepen defenses and result in a cumulative reduction in risk”, says ThreatSim’s Hawthorn.
“Security is not about zero percent risk,” he says. “I don’t think there is a security control out there that guarantees anyone to have a zero percent chance of compromise. But by focusing on your biggest risks, and using defense in depth, you can have the most impact.”
Tool of the Month – Microsoft Exchange Connectivity Tester
Microsoft has a great tool called the Microsoft Exchange Connectivity Tester. It allows you to test to see if you have Outlook Web Access, Microsoft Active-Sync and various other Exchange related items tested.
If you need to test Exchange, you will find the URL located here.
We at TBJ are looking to grow our business and we would like to enlist your help in finding clients who might benefit from our services. For any qualified leads that result in a meeting, you will be entered into a quarterly drawing to win an iPad Mini. Our best leads come from referrals and we would like to reward you.
If you know of someone that you network with that could benefit from our services, use the form below or email us at firstname.lastname@example.org
Captain Security Saves the Day
Smartest Wireless in a Mobile World with TBJ and Ruckus Wireless
November 12, 2013 at 11:30AM Cost: FREE
Have you deployed Wi-Fi only to find that it breaks down at peak hours or does not cover your entire facility? Are you having trouble providing the needed capacity to meet surging demand? Legacy wireless was not engineered for the capacity and high throughput required by the explosion of wireless devices applications.
Most of my clients these days are looking to reduce costs. One good way to do that is to look at your expense budget.
The first thing is to review the maintenance you are paying for your network equipment. Gone are the days where you need to have advanced replacement on everything. Most vendors offer a software update and technical support program at a low cost. The only issue is to replace equipment; typically a 10-20 day turn around. To get around that, you purchase a spare switch. I have seen payback on that anywhere from 1 to 2 years.
The second option is to purchase multi-year support. Most companies will give you a 20% discount if you purchase 3 years of support or longer. Most devices will be around at least 3 years.
A third very good option is looking at a newer solution from an up-and-coming vendor. You will need to do your due diligence on the vendor, but this is a great way to cut expenses. I have seen where you can purchase new equipment and have it be less expensive than a maintenance renewal.
These are just a few ideas on how to reduce you expense budget!
TBJ Monthly Word Find
Solve Our Word Find And You Could Win a $25 Dollar Gift Card
We have these simple rules:
One entry per person per month
One winner each month
Contest Closes on October 31st, 2012
All entries with correct answers will be entered into a Random draw that will determine the winner.