The phrase “Free Wi-Fi” hangs on the front of coffee shops, restaurants and public establishments almost as a lure. But, attached to that lure is a sharp hook studded with risk. Be cautious before taking the bait. Here are our tips for navigating the treacherous seas of free Wi-Fi.
Verify the Network Name
As the old adage goes, “there is no such thing as a free lunch.” Networks, with names like “Free Wi-Fi,” entice us, but before joining, make sure that you verify their legitimacy. Many coffee shops or restaurants have signage indicating network names and passwords and you should always confirm the network name with a staff member before attempting to join to a “free” network. It’s easy and commonplace for hackers to execute Man in the Middle attacks by deploying phony networks with names like “Free Public Wi-Fi” or a variation of the establishment’s name. Check before you connect.
Forget the Network
When you’re done with the network, forget it. Ensure that you log out of any sites or services you were using, go into your device’s settings and select “Forget Network” to hinder device from automatically connecting to a network when you are within range again. If you must check your bank account online on public Wi-Fi, don’t simply close out the app when you are done. Log out of the app or site, close out of the app and forget the network.
Enable Two-Factor Authentication
As opposed to singe-factor authentication, simply entering a username and a password, two-factor authentication requires an additional layer of security before accessing account. This additional layer typically takes the form of something you know, such as a PIN or pattern; something you have, such as an ATM card, or something you are, such as biometric data—fingerprint or voice identification. Certain services—Gmail, Twitter and Facebook—support two-factor identification and it is wise to use this additional security layer in the event that a hacker digs up your password while on public Wi-Fi. As for passwords, avoid using the same password or login credentials across all of your platforms, apps and services.
Use a VPN solution
A surefire way to safely surf the web is with a virtual private network (VPN). The VPN client hinders intruders from easily intercepting your data and activity by encrypting traffic between your device and the VPN server. VPNs typically require no client-side installation or hardware—simple set up. We offer VPN services to meet and scale with all of your needs. Visit our website and find out how your company can benefit from the many features HOB RD VPN has to offer.
A couple of weeks ago we discussed the importance of network security in supporting an agile workforce. Another aspect of this discussion is mobile device security, as a fortified network is ineffective if data can escape through the mobile devices accessing it. For example, it is commonplace for an employee to fly out the door to a meeting and need to check his or her email while in line for coffee. This poses a threat to corporate data and networks, as data now may travel through foreign and unprotected environments. In order to safeguard mobile devices, companies must adopt robust mobile security solutions. Here are some best practices for ensuring mobile security for today’s on-the-go workforce.
Corporations should require a PIN or password for access to the operating environment on a mobile device. Enterprise application access via single sign-on is probably the easiest way to implement a password policy, as once a mobile device has been validated, further applications can automatically be accessed without the need to enter another password.
For mobile security, Identity and Access Management (IAM) solutions can be very powerful tools. They are the foundation of secure access, ensuring that individuals have access to the corporate data that they need; and nothing else. This protects corporate data from malicious inside hacks conducted by disgruntled employees.
Device and Data Encryption
Encrypting corporate data traveling to mobile devices adds an additional layer of protection if data ends up in the wrong place. For mobile workers, IT administrators should install encryption solutions that give company decision makers the ability to control the flow of data.
Companies that allow remote work can ensure that their employees are not the weak points in the secure system by educating them on basic cybersecurity practices. For example, employees should never access corporate information via public Wi-Fi and instead use a VPN with SSL encryption or equivalent. However, in the chaos of the modern day world, many employees opt for convenience and speed rather than security. Education can emphasize the importance of security.
One of many solutions that HOB offers for the mobile workforce is HOBLink Mobile. HOBLink Mobile allows mobile workers to access corporate data (e-mails, calendars, notes and contacts in Outlook) through a single app downloaded to a mobile device (available for iOS and Android). This means that employees never have to allocate valuable storage space on their mobile devices to view and use corporate data securely. Data is never saved on the device but only displayed to the user. This helps increase security, because no sensitive data will be on the device in case of theft or loss. On top, all data exchanged via HOBLink Mobile is SSL-encrypted and advanced compression methods ensure high performance even over low bandwidths.
Read more about access for mobile workers on our website.
Security and flexibility seem to be antithetical concepts. Storing your money in a high security vault may be the safest option, but stashing your savings under your mattress makes your cash easier to access.
Business leaders face a similar challenge when selecting a system that can accommodate a remote workforce, BYOD environment and long distance collaboration while also keeping corporate data and correspondence secure. As employees increasingly expect the ability to work from wherever on whatever device they please, network security becomes increasingly important.
Here are our suggested best practices for optimizing network security for an agile workforce:
Monitor Network Traffic
When employees remotely access a corporate network from multiple personal devices there are more access points across a wider geographical span and therefore more areas vulnerable to potential breaches. Applications that require additional bandwidth may also hinder network speed and reliability. To ensure maximum performance and minimal breaches, businesses must constantly monitor network activity for unusual occurrences and set guidelines for bandwidth usage.
Require an Identify and Access Management (IAM) Solution
An IAM solution will prevent network intrusions via compromised access credentials. An unified identification approach that raises all access to a secure standard will minimize the network security risks associated with remote access work. Single sign-on authentication methods relieve the authorization burden for employees and a company’s IT team. For more information on the benefits of single sign-on IAM solutions, check out our E-book.
Create a Separate BYOD Network
The stress of a BYOD environment on a corporate network slows bandwidth and therefore productivity. Many times bandwidth issues arise from employees conducting personal activities on their devices while connected to the corporate network. Redirecting these devices to the guest network reduces bandwidth for customers and visitors, so companies should instead install a separate BYOD network that also authorizes devices for corporate security compliance before enabling them to connect.
Install Secure Remote Access for Mobile and Remote Work
Finally and most importantly, a secure remote access solution is vital to network security and enabling an agile workforce. Public Wi-Fi networks present a host of dangers to corporate data and applications. An effective secure remote access solution should include a VPN, network access controls and context-aware authentication to prevent unapproved access.
HOB’s remote desktop VPN alleviates many of the burdens associated with supporting a mobile and agile workforce so that enterprise leaders can focus on the benefits, such as increased productivity and collaboration in lieu of fretting about fraud and information theft.
Stay tuned for the next installment of Keeping Up with an Agile Workforce!
Would you hand out your name, social security number and email address to a total stranger on the street? Probably not. However, when it comes to giving out the same information online, we are somewhat less adamant. Is it really easy to gain information on an individual from seemingly trivial data? How could your online presence be used against you? In this article, we answer these questions and discuss how to mitigate these risks.
Would You Give Out Your Email Address?
A social experiment conducted by People’s ID Bot Project and London agency Abundance has shown how incredibly easy it is for fraudsters to glean a disturbing level of personal information online, by simply using an email address. Bar customers wrote their email address on a sham mailing list, then researchers used their email addresses to evaluate the target’s details online. Within a matter of minutes, the researchers had gathered so much private information on the individuals that they succeeded in convincing the patrons that they had known them for years. Would the same have happened to you?
Sharing Your Life Online
The shocking experiment highlights the dangers of leaving yourself open to online identification fraud – it reveals how easy it is for a stranger to research individuals. People should be aware of the how much of their personally-identifiable information is freely available online. In the wrong hands, this information is used to commit identity theft or sold to other criminals. Usually, the victim is only made aware after a crime has been committed against them.
Often, people disclose all types of personal information on the Internet that allows identifying data to be deduced. Social media services such as Facebook, Twitter and Instagram are libraries of personal minutiae – school and work chatter, snapshots of family vacations, and books read are just the tip of the iceberg. Such seemingly superficial pieces of self-revelation can gradually be gathered and reconstructed by computers to help create a picture of a person’s identity, sometimes even down to the Social Security number.
How to Prevent Victimization
People can increase their defenses against identification in social networks by implementing tight privacy controls on information in personal profiles. Unfortunately, an individual’s actions are not sufficient to protect privacy in the interconnected world of the internet. In today’s online world, personal privacy is no longer an individual phenomenon; although you may not disclose personal information, your online friends or colleagues may do it for you, denoting your gender, education or employer, location, and interests.
The Web offers us excellent value and convenience, however it is important to be vigilant in protecting our online identities. It is essential to exercise caution and implement these simple adjustments to online behavior in order to prevent victimization. People should exert more caution with personal details – it is by obtaining such data that the process of identity theft starts.
In one of our previous blog posts, we started our discussion with cybercrime prevention tips. In the following article, we shall further provide advice on how to prevent cyberattacks, with a more in-depth focus on mobile technology and deployments.
Many cybercrime attacks can be avoided with the implementation of straightforward preventative steps. Cyber criminals prefer to attack easy targets, thus the more difficult you make their job, the more likely it is that they will move on to an easier target.
By implementing the following precautionary measures, you can effectively fight cybercrime:
- Protect your computer with security software
Several necessary security software elements are required for basic online security. Antivirus programs and firewalls are just two examples of security software essentials. Generally, a firewall is the first line of cyber defense, as it controls who and what can communicate with your computer online. Firewalls block connections to unknown or phony sites, and will prohibit certain types of viruses and intruders. Antivirus software monitors all online activities such as e-mail messages and Web browsing, offering protection from viruses, worms and other types of malicious programs. More recent versions of antivirus programs also protect from spyware and potentially damaging unwanted programs, such as adware.
- Secure your mobile device
Mobile devices, such as smartphones and tablets, are also vulnerable to cyberattacks; these devices are attacked by cyber criminals in a similar way to computers. A more in-depth look into smart phone security can be found here.
When smartphones are used for business purposes, a number of safety practices should be followed, such as not saving any sensitive business data directly on the device, to prevent unauthorized data access.
- Turn off location settings
Numerous smartphones, tablets and even some digital cameras now come GPS-enabled, allowing geotagging (the addition of GPS coordinates to your online posts or photos) is especially popular with photos. A geotagged photo is the most marked threat for the user’s personal privacy and security.
The problem with such location-based services is not the information they provide, but rather the information they might also provide to other parties. Providing information about your current location is risky, but even more precarious, the data may be permanent and searchable, allowing criminals to build up a clear picture of your activities through time.
To mitigate these risks, the best thing to do is to completely disable the location settings when requested by applications and refrain from using geotagging. Alternatively, in some cases, these may be turned on only when you specifically need it, then turned off again immediately after; even in this scenario, only a restricted number of friends should be able to see the information of where you are and where you have been.
- Secure your offsite workers
Offsite workers, such as teleworkers and remote workers, including vendors and customers, making use of any type of mobile device (e.g., laptops, smartphones and tablets) should be equipped with remote access solutions or other modern solutions, so as to assure a secure access to the corporate network.
- Back up critical dataAlthough this is not strictly a way to prevent cybercrime, backing up critical data is a crucial step in the event of an attack. Recovery of data and return to normal operations is essential for business continuity; any down time to mission-critical systems may be harmful. Details of the backup processes should be part of the business continuity and disaster recovery plans.
The most really effective steps taken by a computer user to avoid being a victim of a crime render the user’s computer somewhat less convenient to use. Every user must balance how much security is considered enough to keep unauthorized intruders at bay. The German software developer HOB offers its customers the perfect balance between user experience and security. The Secure Remote Access Suite HOB RD VPN allows users to remotely access corporate files and servers from anywhere, at anytime. Due to SSL-encryption and modern authentication methods, HOB RD VPN offers its users a maximum of security. The recent Common Criteria (EAL4+) certification is yet another independent proof for the high security level of HOB RD VPN. If you are interested in learning more about HOB products, please visit our website www.hobsoft.com.
In our earlier post on remote access technology, we discussed various aspects of VPN (virtual private network) technology. This article will further examine how VPNs offer staff and business partners a reliable and secure connection to highly-sensitive company resources using unsecure connections, such as the internet.
1. VPNs Play an Important Role in Mobile Workplace Strategy Deployment
VPN technology is a vital part of a mobile workplace strategy. VPNs allow an employee to gain access to the corporate network with the same speed and controls as their in-office counterparts. Modern VPNs are so reliable that a growing number of network managers are choosing to deploy VPNs even when the employee is in the office. This strategy is a reasonable approach if employees use their personal mobile devices on the company site. In this case, the access via VPN on site prevents viruses and other malware from compromising the company network, and can also prevent employees from establishing a second Internet connection whilst being connected to the company network (anti-split tunneling). These security measures help overcome the security risks so that employees can benefit from anywhere and anytime access.
2. VPN Connections Fail Frequently and Require Repeat Log-ins
VPNs offer high availability and single sign-on techniques to ensure that users can connect to a multitude of services by only entering their password once. VPNs present in the market resume automatically after a loss of connectivity rapidly and without the need of user intervention. Some VPNs also ease network roaming. For instance, an employee’s authenticated state may be kept during a brief loss of connectivity, or reinstated transparently via single sign-on. Furthermore, today’s solutions ensure that data are not lost in the case of a connection interruption.
3. Once an Employee has Remote Access, He or She Can Access the Company Resources Forever
Network managers can prohibit employees’ access to the company resources once employment is terminated. Modern VPNs facilitate this process by allowing central administration and configuration.
Furthermore, while the employees are working for the company, IT administrators can define roles and rights for each user – this also includes the possibility to completely deny access from an external site under a specific situation, such as in the case that an employee wants to access data from a public Internet café. This ensures that each user can only view and access the data he or she is intended to.
4. VPNs Management Policies are Difficult to Administer
To simplify administration, VPNs can use central policy managers and integrate with enterprise authentication servers and directories. Given the multiple access methods, endpoint security checkers and other policies, it is possible that policies may become cumbersome. It is up to the network administrator to use his or her authority sensibly to achieve the desired security level without rendering the VPN challenging to manage. Today’s VPNs are relatively simple to manage and give network managers various options that ensure that users gain only access to appropriate information.
Remote Access: The Future of the Workforce
Remote access technology has vastly improved since its inception, and organizations are increasingly deploying VPN technology, benefitting from enhanced security features whilst being user-friendly.
If you are looking for a performant and innovative remote access solution, we can recommend you our Remote Access Suite HOB RD VPN. HOB RD VPN is the comprehensive solution for remote access to your central data and applications, at any time and from anywhere, with almost any end device. As a pure software solution, HOB RD VPN is highly scalable and supports many different platforms.
Moreover, we would like to invite you to download our free e-book: Debunking Myths about Remote Access Technology. It contains useful information about the advantages of remote access solutions and showcases how you can benefit from implementing a remote access solution in your company.
The dependence on mobile browsers to accomplish security sensitive operations is increasing. With this comes an increase in mobile cyber threats, as cybercriminals are now moving beyond computers and shifting to mobile handheld devices.
A phishing survey reported that the number of phishing targets increased from 2012 to 2013, indicating that e-criminals are spending time looking for new opportunities. Mobile phishing occurs when identity thieves collect the user's information, including financial or account information such as user name and password, Social Security Number, date of birth, and credit card information from mobile devices, for the purpose of committing fraud or other illegalities.
Limitations of Mobile Devices
Specific limitations of the mobile platform make mobiles susceptible to phishing attacks:
1. The mobile device’s much smaller screen size constrains the ability of the mobile browser to entirely display any anti-phishing security elements a website may contain. Most mobile browsers in use today simply lack any room to incorporate security indicators and certificate information that alert users of site identity and the presence of strong cryptographic algorithms, as is done with their desktop counterparts. This leaves users unable to verify whether the website they are logging into is legitimate or not; a critical security flaw rendering mobile browsers unsafe.
2. The permanent default browsers preinstalled on certain phones are another limitation. Their ability to automatically start up and display links the user opens makes it less difficult for cybercriminals, who can now focus on only one browser to exploit.
This combination of a radically reduced screen size and absence of security indicators makes it difficult for users to determine the security standing of mobile browsers, and makes mobile browsing more dangerous for average users, since it provides a false sense of security. Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers.
Advantages of Mobile Devices:
However, the mobile platform also has some benefits that reduce the concern of mobile phishing:
1. The mobile platform allows phishing targets, including online shopping and banking sites, to develop their own apps for customer use. Assuming there are no spoofed apps and there is a mechanism for constant updates, these legitimate apps facilitate more secure exchanges of information between organizations and their customers.
2. Mobile browsers are increasingly becoming more powerful, and are able to process and run complex scripts. Websites that involve login details may take advantage of this fact to implement better security measures.
Protection Against Mobile Phishing
One can prevent mobile phishing from taking place by adopting and following the following best practices:
1. Avoid opening links in emails, especially from suspicious or unknown senders. One should always verify the legitimacy of the email messages received.
2. Utilization of official apps. If the website one is trying to log in to has an official app, one should use it rather than the browser.
3. Checking the permissions of all the downloaded apps. One should exert extreme caution when choosing which apps to download, as some apps may be requesting too much data, which could result in a violation of privacy.
4. The URLs of the websites one visits should be manually typed in and subsequently bookmarked for future visits. This procedure eliminates typographical errors in the URL that can be directed to a phishing website.
5. Installation of a security solution. Modern solutions for mobile devices enable secure access to data located in the corporate network, without the data ever being downloaded to the device. This eliminates the risk of phishing.
The direction of cybercrime is shifting towards the “post-PC” era, as cybercriminals follow where the users and their money go. Cyberattacks on mobile devices can be prevented by adopting mobile computing best practices.
In our previous post on IT security, we discussed four key findings from a data breach study conducted by Ponemon Institute. In this article, we will further discuss these four key findings and outline preventative measures to avoid security breaches.
Key Findings (Continued)
5. Cybercrime Costs Differ by Company Size, but Smaller Organizations Sustain a Significantly Higher Cost than Larger Organizations
While everyone is vulnerable to cyber-attacks, smaller organizations are more at risk. A common cyber-attack is the theft of sensitive data, and for a small organization, the loss of project files or customer databases can put them out of business.
Smaller companies (employees<20) should implement a VPN for secure connectivity anytime, anywhere. Due to their ease of use and versatility, SSL VPNs are well-suited for small companies allowing users to only access specific applications and services, and providing access to Web applications, Windows Terminal Servers and their applications or internal network connections.
6. Information Theft, Followed by the Costs Associated with Business Disruption, Represent the Highest External Costs
Annually, information loss and business disruption (or lost productivity) account for 43% and 36% of external costs, respectively. (In the context of this study, an external cost is one that is created by external factors, including fines, marketability of stolen intellectual properties and litigation)
Setting up strong network security is therefore crucial. Increasingly, more organizations are adopting SSL VPNs, which ensure a secure network connection through the use of encryption, single-sign on options, and firewalls.
In order to minimize costs associated with business disruption, it is imperative that all organizations have a contingency plan in place that outlines how to contain and recover from a substantial security breach. The IT staff must quickly solve the issue, hopefully restoring data from backup files, and returning systems to service without any significant downtime. Nonetheless, any downtime can be disastrous in the case of mission critical systems.
7. Recovery and Detection are the Most Costly Internal Activities
Combined, recovery and detection account for 49% of the total internal activity cost per year; cash outlays and labor account for most of these costs. This highlights the importance of back-ups. A data-backup policy is especially important if the organization has several laptops or other mobile devices that can be lost or stolen. To avoid data theft from loss or stolen mobile devices, no data should be downloaded to the device, but rather all data is completely and securely located in the central corporate network.
8. A Strong Security Policy Minimizes the Cost of Cyber Attacks
As expected, businesses that invest in a strong security policy and system are better off than their counterparts. This stresses the importance of a strong security policy, which provides the plan for the overall security program adopted by the organization.
As cybercriminals have become more sophisticated in their tactics, fighting cybercrime has become increasingly challenging for organizations worldwide. Although sustaining an organization’s security posture or compliance with standards, policies and regulations also comes at a cost, the benefits of strong security measures outweigh the plausible costs incurred by cyber-attacks.
Author: Hazel Farrugia
Recently, the sophistication of cyber-attacks has grown significantly. Cybercriminals are specializing and sharing intelligence so as to steal sensitive data and disrupt critical business functions. Consequently, the topic of cybercrime has been kept top of mind as the repercussions of a cyberattack are costly and potentially very damaging.
The study, 2013 Cost of Cyber Crime Study: United States, was conducted by the Ponemon Institute and sponsored by HP Enterprise Security Products.
1. Cybercrimes are Still Costly for Organizations
The average annual cost of cybercrime per organization was $11.6 million, an increase of 26% over the average cost reported in 2012. Considering this increase in cost, IT security should be a top priority for all organizations, as there is no single failsafe solution to protect against cybercrime.
2. All Industries are Susceptible to Cybercrime
The average annual cost of cybercrime appears to differ according to industry segment; organizations in financial services, defense, and energy and utilities experience markedly higher crime costs than organizations in retail, hospitality and consumer products. The organizations facing higher security threats are not only at risk for financial loss due to cyber-attack, but are also more vulnerable to phishing attacks that could compromise sensitive customer data such as credit card, bank account and social security numbers.
3. Denial of Service Attacks, Malicious Code and Web-based Attacks are the Most Costly Cybercrimes
These are responsible for more than 55% of all cybercrime costs to organizations. Denial of Service (DoS) is an attack which renders information or data unavailable to its intended recipients. Organizations using VPNs can mitigate such risks by configuring access control lists, a method of defining access rights according to user (such as a file directory or individual file).
Malicious code is a piece of executable code designed to harm a computer or its information, or prevent normal computer operations. Malicious code can come from various sources, such as the Internet, infected diskettes, files received via electronic mail, and worms that exploit several system vulnerabilities. It could also be introduced via a disgruntled insider, who has physical access to a computer or network.
A multilevel strategy is required to effectively defend against malicious code, including physical security, password management, product selection, configuration and maintenance, user awareness and education, up-to-date anti-virus software for servers, clients, and electronic mail and adequate system backups. Web-based attacks focus on an application itself, as application vulnerabilities could provide the means for malicious end users to breach a system's protection mechanisms. Generally, such attacks take advantage or gain access to private information or system resources. To mitigate Web-based attacks, firewalls, reverse proxies, and intrusion detection and prevention systems (IDPS) should be used, which actively monitor for attacks and attempt to block or change the environment, thus preventing further attacks from reaching the protected application or system.
4. Cyber-attacks Can Be Costly if Not Resolved Rapidly
The results show a direct and positive relationship between the time required to contain an attack and the organizational cost. The results also demonstrate that both the cost and the time taken to resolve an attack increased from the previous year. Failure to resolve the problem quickly leads to prolonged business disruption and gives competitors a distinct advantage.
The results of the study reveal that no one is immune cyber-attacks, which have the potential to inflict significant financial and reputational damage to the targeted organization. Stay tuned for Part 2 where we shall further discuss the findings of this data breach study and how organizations should protect themselves from becoming a victim of cyber-attacks.
Author: Hazel Farrugia
Remote access solutions are gaining prevalence as organizations are adopting the mobile workforce strategy, benefitting from increased productivity and reduced expenses. When evaluating and planning a VPN solution, it is essential to understand the security risks that are associated with this technology.
Top 3 Remote Access Security Concerns
In fall of 2013, HOB conducted a research survey on the state of remote access in the US. Over 200 CTOs and CIOs were polled, and findings revealed three main concerns regarding remote access security issues.
1. Hackers gaining access to the Network during Employee Remote Access Solutions
Hackers have succeeded in breaking through two-factor authentication and identifying and exploiting vulnerability in a Web application to access an enterprise’s network. Therefore, it is not surprising that 66% of the polled respondents are concerned with hackers gaining access to the network during employee remote access sessions.
Organizations should implement safe and reliable VPNs which provide an adequate level of security, without compromising performance.
2. Employees accessing the Network through their Personal Devices
Today, mobile devices such as smartphones, laptops and tablets have become an integral part of everyday life. As more organizations implement remote working policies, IT managers have less control over enterprise data from numerous devices. Furthermore, determining which devices are accessing which systems and data has become increasingly difficult.
The repercussions of data breaches resulting from lost or stolen devices can be severe. In addition, IT managers generally lose data access visibility when multiple personal, unmanaged devices are connecting to the network simultaneously.
This highlights the importance of a comprehensive mobile workforce security policy, which should also include who is responsible for device maintenance and support, and which security measures should be implemented.
3. Errors by the IT Team leaving the Network open to Intruders
Cyber-attacks are increasing in sophistication and frequency; the costs associated with cyber-attacks are not limited to monetary costs, but also encompass reputational loss and diminished competitive advantage. Security holes unintendedly created by the IT team may potentially lead to the exposure of sensitive enterprise data, financial fraud or even bankruptcy.
The results indicate that enterprises require new strategies in order to combat and prevent advanced cyber-attacks; IT teams should be wary of software and systems use and investigate any suspicious behaviors that are known to be associated with malicious activity.
As organizations make use of remote access to satisfy various business needs, securing the corporate network becomes priority. The findings of this study stress the importance of a robust mobile workforce strategy.
If you would like to learn about the state of remote access in the USA, please download our free eBook “The State of Remote Access in the US”.