The phrase “Free Wi-Fi” hangs on the front of coffee shops, restaurants and public establishments almost as a lure. But, attached to that lure is a sharp hook studded with risk. Be cautious before taking the bait. Here are our tips for navigating the treacherous seas of free Wi-Fi.
Verify the Network Name
As the old adage goes, “there is no such thing as a free lunch.” Networks, with names like “Free Wi-Fi,” entice us, but before joining, make sure that you verify their legitimacy. Many coffee shops or restaurants have signage indicating network names and passwords and you should always confirm the network name with a staff member before attempting to join to a “free” network. It’s easy and commonplace for hackers to execute Man in the Middle attacks by deploying phony networks with names like “Free Public Wi-Fi” or a variation of the establishment’s name. Check before you connect.
Forget the Network
When you’re done with the network, forget it. Ensure that you log out of any sites or services you were using, go into your device’s settings and select “Forget Network” to hinder device from automatically connecting to a network when you are within range again. If you must check your bank account online on public Wi-Fi, don’t simply close out the app when you are done. Log out of the app or site, close out of the app and forget the network.
Enable Two-Factor Authentication
As opposed to singe-factor authentication, simply entering a username and a password, two-factor authentication requires an additional layer of security before accessing account. This additional layer typically takes the form of something you know, such as a PIN or pattern; something you have, such as an ATM card, or something you are, such as biometric data—fingerprint or voice identification. Certain services—Gmail, Twitter and Facebook—support two-factor identification and it is wise to use this additional security layer in the event that a hacker digs up your password while on public Wi-Fi. As for passwords, avoid using the same password or login credentials across all of your platforms, apps and services.
Use a VPN solution
A surefire way to safely surf the web is with a virtual private network (VPN). The VPN client hinders intruders from easily intercepting your data and activity by encrypting traffic between your device and the VPN server. VPNs typically require no client-side installation or hardware—simple set up. We offer VPN services to meet and scale with all of your needs. Visit our website and find out how your company can benefit from the many features HOB RD VPN has to offer.
Talented job candidates are out there, but unfortunately the perfect candidate for a job in Sydney, Australia, may reside in Lima, Peru, or vice versa. Luckily, with secure remote access solutions, geography is no longer a limitation in connecting top talent from across the globe with work opportunities. Companies with reliable secure remote access solutions not only have a competitive edge in attracting these valuable candidates, but also benefit from the larger candidate pool.
Here are some of the beneficiaries of secure remote access solutions:
Bringing a child into the world can be an overwhelming, tumultuous time when new parents may feel torn between their careers and families. Many parents with new children feel pressured to resume work as soon as possible, then quickly regret the precious bonding time they missed with their infant. Secure remote access solutions enable these parents to witness their child’s first steps while also pursing their own passions with a flexible work from home (WFH) career.
Military spouses or spouses of those with jobs that require frequent relocation can benefit from secure remote access solutions. In lieu of conducting a time-consuming job-hunt at each new location or transferring branches, this group can find a company with secure remote access solutions that enable working from home so that their career continues to grow regardless of location. Additionally the companies that hire military spouses benefit from the talent and expertise they bring to work, thanks to secure remote access.
Part-time Job Seekers
A freelancer with a fulltime job in one location may want to pursue an opportunity in another location. Secure remote access solutions open up a host of freelancing and part-time opportunities across the globe, connecting us and fostering collaboration and creativity like never before.
In an increasingly wired and digital world, flexibility is king. Companies unable to offer WFH options fall behind in attracting and maintaining top talent. Having to relocate for a position costs time and money and many talented candidates are leery of leaving family, friends and their communities behind to pursue a career elsewhere. Secure remote access takes physical location out of the equation, giving companies a competitive hiring edge. Once hired, WFH employees tend to be more productive, less absent from work and more cost-effective for employers, who no longer have to purchase expensive laptops, tablets, phones, printers and Internet services. HOB offers an array of secure remote access solutions guaranteed to give your business a competitive edge in the “war for talent” and to maintain valuable employees who can bring their best to the job, even from a distance.
Visit our website to learn more about our comprehensive Remote Access solutions.
A couple of weeks ago we discussed the importance of network security in supporting an agile workforce. Another aspect of this discussion is mobile device security, as a fortified network is ineffective if data can escape through the mobile devices accessing it. For example, it is commonplace for an employee to fly out the door to a meeting and need to check his or her email while in line for coffee. This poses a threat to corporate data and networks, as data now may travel through foreign and unprotected environments. In order to safeguard mobile devices, companies must adopt robust mobile security solutions. Here are some best practices for ensuring mobile security for today’s on-the-go workforce.
Corporations should require a PIN or password for access to the operating environment on a mobile device. Enterprise application access via single sign-on is probably the easiest way to implement a password policy, as once a mobile device has been validated, further applications can automatically be accessed without the need to enter another password.
For mobile security, Identity and Access Management (IAM) solutions can be very powerful tools. They are the foundation of secure access, ensuring that individuals have access to the corporate data that they need; and nothing else. This protects corporate data from malicious inside hacks conducted by disgruntled employees.
Device and Data Encryption
Encrypting corporate data traveling to mobile devices adds an additional layer of protection if data ends up in the wrong place. For mobile workers, IT administrators should install encryption solutions that give company decision makers the ability to control the flow of data.
Companies that allow remote work can ensure that their employees are not the weak points in the secure system by educating them on basic cybersecurity practices. For example, employees should never access corporate information via public Wi-Fi and instead use a VPN with SSL encryption or equivalent. However, in the chaos of the modern day world, many employees opt for convenience and speed rather than security. Education can emphasize the importance of security.
One of many solutions that HOB offers for the mobile workforce is HOBLink Mobile. HOBLink Mobile allows mobile workers to access corporate data (e-mails, calendars, notes and contacts in Outlook) through a single app downloaded to a mobile device (available for iOS and Android). This means that employees never have to allocate valuable storage space on their mobile devices to view and use corporate data securely. Data is never saved on the device but only displayed to the user. This helps increase security, because no sensitive data will be on the device in case of theft or loss. On top, all data exchanged via HOBLink Mobile is SSL-encrypted and advanced compression methods ensure high performance even over low bandwidths.
Read more about access for mobile workers on our website.
Our customers always knew that our secure remote access solutions were exceptional and now we have additional accolades to prove it. At the 10th annual 2015 IT World Awards, hosted by Network Products Guide, the IT industry’s leading technology research and advisory publication, HOB won three awards for our Remote Desktop Virtual Private Network (HOB RD VPN version 2.1).
Our flagship product, HOB RD VPN (version 2.1), won gold in the “Best Security Software” category, silver in the “Best IT Software” category and bronze in the “Most Innovative IT Software” category.
The awards honor excellence in every facet of the IT industry, people and products included. Nominees went through a rigorous review process conducted by a panel of industry experts before winners were announced.
Here’s what sets our product apart: HOB RD VPN is not your typical SSL VPN. It’s high-performance, enabling convenient, yet secure remote access to enterprise resources and data, thereby decreasing costs and administration effort while increasing productivity and enhancing IT security. Version 2.1 of HOB RD VPN improves accessibility and auto-synchronization of corporate files across different platforms and devices.
Secure remote access is a top of mind industry issue as ever-connected employees demand flexible work environments. Employers must meet this demand while ensuring that corporate intellectual property is safe. Our solution meets both sides in the middle; equipping mobile workers with the access and resources they demand, while gifting industry leaders with peace of mind, knowing that this information remains secure.
We’re extremely proud and humbled to receive industry recognition alongside some of the brightest and best in the business and see these awards as a milestone in our journey to fuse security and flexibility for all of our customers.
Security and flexibility seem to be antithetical concepts. Storing your money in a high security vault may be the safest option, but stashing your savings under your mattress makes your cash easier to access.
Business leaders face a similar challenge when selecting a system that can accommodate a remote workforce, BYOD environment and long distance collaboration while also keeping corporate data and correspondence secure. As employees increasingly expect the ability to work from wherever on whatever device they please, network security becomes increasingly important.
Here are our suggested best practices for optimizing network security for an agile workforce:
Monitor Network Traffic
When employees remotely access a corporate network from multiple personal devices there are more access points across a wider geographical span and therefore more areas vulnerable to potential breaches. Applications that require additional bandwidth may also hinder network speed and reliability. To ensure maximum performance and minimal breaches, businesses must constantly monitor network activity for unusual occurrences and set guidelines for bandwidth usage.
Require an Identify and Access Management (IAM) Solution
An IAM solution will prevent network intrusions via compromised access credentials. An unified identification approach that raises all access to a secure standard will minimize the network security risks associated with remote access work. Single sign-on authentication methods relieve the authorization burden for employees and a company’s IT team. For more information on the benefits of single sign-on IAM solutions, check out our E-book.
Create a Separate BYOD Network
The stress of a BYOD environment on a corporate network slows bandwidth and therefore productivity. Many times bandwidth issues arise from employees conducting personal activities on their devices while connected to the corporate network. Redirecting these devices to the guest network reduces bandwidth for customers and visitors, so companies should instead install a separate BYOD network that also authorizes devices for corporate security compliance before enabling them to connect.
Install Secure Remote Access for Mobile and Remote Work
Finally and most importantly, a secure remote access solution is vital to network security and enabling an agile workforce. Public Wi-Fi networks present a host of dangers to corporate data and applications. An effective secure remote access solution should include a VPN, network access controls and context-aware authentication to prevent unapproved access.
HOB’s remote desktop VPN alleviates many of the burdens associated with supporting a mobile and agile workforce so that enterprise leaders can focus on the benefits, such as increased productivity and collaboration in lieu of fretting about fraud and information theft.
Stay tuned for the next installment of Keeping Up with an Agile Workforce!
In our previous blog post, we gave you a list of steps to take if you have been a victim of a data or security breach. In this article, we will continue this discussion and delve deeper into what to do if you’ve been hacked.
File a Police Report
To protect yourself against excessive financial liability, you need to file a report with your local police department as soon as possible. Your status as an identity theft victim is thus made official, and this creates an official document for you to show the credit bureaus to lock down any activity around your identity.
Reclaim your account
The majority of mainstream, online services (such as Facebook, Twitter, YouTube, Google, Apple, etc.) have tools in place that will help you get your account back after it has been compromised. Generally speaking, you will need to answer predetermined security questions in order to verify your identity before proceeding.
Check for backdoors
The more sophisticated hackers will not just access your account, they will also ensure they can get back in once you’ve gotten them out, by setting up tools. Thus, when you have your accounts back, you should immediately ensure there isn’t a backdoor in another place designed to let an attacker straight back in. Check your email rules and filters to ensure that nothing is getting forwarded to another account without your knowledge. Also, check if the security questions were changed, or if the answers were changed.
Restore from back-up
It is now time to restore your data from back-ups, and bring the system back to normal.
Ask Yourself “Why”?
Finally, while fixing things, take some time to reflect back and ask yourself this question: what was the aim of the breach? If it was your bank account, the answer may be obvious, in other cases, such as email for instance, it could have been for several reasons – from getting password resets on other services, to using it to send spam, to requesting money from your contacts. An attacker may even be trying to gain access to your business. Knowing why you were targeted can help you understand how you were breached.
…But Stay Calm!
Although getting hacked may seem like a nightmare, it is not the end of the world. By following the tips above, you can get up and rolling as quickly as possible.
In our last post on teleworking, we discussed how remote working is gaining momentum and becoming more widespread. If a company implements, or is planning to implement, teleworking policies, there are a series of steps to take in order to address security implications.
Creating a Secure Teleworking Program
Prior to establishing teleworking policies, organizations must address information security issues by first defining requirements for both employees and employers. To ensure the security of teleworking, the following aspects should be considered:
1. The employer must determine whether to issue a company-owned device or allow employees to use a personal device for remote working. If the employer provides a computer, the employer can control what is installed and which activities are allowed or prohibited (such as instant messaging).
2. The teleworking policy should state what software is required for the employee to work remotely and what software types are forbidden on the computer.
3. If the network connections are secured incorrectly, sensitive corporate data can be intercepted during the data transmission between the home and the office network. To mitigate this risk, a virtual private network (VPN) is the best practice for securing communication to the organization’s internal network. When connected to the organization’s network, all transmissions should be encrypted, both coming from and going to the corporate network.
4. f the remote worker accesses the organization’s network from home, the organization should consider implementing a two-step authentication method- using two of the three commonly available authentication techniques (knowledge-based, object-based and ID-based). For instance, using a password and a security token is a good defense mechanism, as it forces an attacker to steal both the password and the physical token to gain access.
5. The operating system and all applications should be kept up-to-date. By regularly updating the device’s operating system with the latest patches and other software fixes, attackers cannot take advantage of software flaws that would otherwise be utilized to facilitate a hack.
6. The teleworking policy must describe what security features must be installed and maintained on the computer. Anti-adware/anti-spyware software, antivirus software and firewalls are just some of best practice security features.
7. Employees should be trained on security procedures.
8. The policy should explain to whom the user will report in case of suspicious activity on the computer. Support personnel should be ready to advise employees on how to configure the computer and the employee’s home networks for utmost security.
In today’s work environment, teleworking is increasingly being discussed as organizations analyze remote workforce options. VPNs create new possibilities that allow people to work from home and connect seamlessly and securely to the organization for which they work. By taking the necessary defensive measures and enforcing a secure teleworking environment, security risks can be minimized.
If you are looking for a reliable teleworking solution, we recommend you to have a look at HOB RD VPN, the comprehensive Secure Remote Access Suite “Made in Germany”. When using HOB RD VPN, companies benefit from SSL-encrypted connections, modern authentication methods and a maximum of usability. More information on HOB RD VPN can be found on our website: www.hobsoft.com
Every week brings about new reports of yet more hacking incidents. Back in August, The New York Times reported that a Russian crime ring had stolen 1.2 billion username and password combinations in a series of Internet heists affecting 420,000 websites. The reported theft was based on the findings of Hold Security, a Milwaukee firm with a reputation for exposing online security breaches.
In addition to stealing 1.2 billion online passwords, the hackers had also collected 500 million email addresses which, according to Hold Security, have the potential to help engineer other crimes.
Creating More Secure Passwords
The above-mentioned cyber attack shows clearly that passwords and usernames can never be 100% safe. Therefore, you should always choose different secure passwords for your personal (online) accounts. If you suspect that your passwords have been compromised, change them immediately. When setting a new password, ensure that your passwords are strong. The following tips are useful for ensuring the strength of passwords:
1. Use combinations
Use combinations of numbers, letters, upper and lower case, and symbols, such as the hashtag. Some services will not allow you to do all of this, but try to use the most number of combinations.
2. Choose long passwords
Although the recommended minimum length is 8 characters, choosing a 15-character password is stronger. However, some services limit the amount of characters you may use.
3. Avoid dictionary words
Avoid words that can be found in the dictionary, even if you add symbols and numbers. Some programs are able to crack passwords by going through databases of known words. One trick is to think of a sentence and turn it into an acronym. For instance, “Keeping your identity safe with more secure passwords” becomes “kyiswmsp”.
4. Use different passwords for different accounts
Since individuals can have hundreds of online accounts, it has become increasingly common to share one or two passwords across accounts or use very simple ones, such as children’s names, favorite sports teams or dates of birth. However, it is best to use different passwords for different accounts, especially if a password unlocks features that involve credit card information or other sensitive data.
5. Make use of multiple passwords
Some services, such as Gmail, give you the option of using two passwords in special circumstances – such as using a particular computer or device for the first time. If you have that feature enabled and try to access Gmail from an unrecognized device, the service will send a text message to your phone with a six-digit passcode for verification. For access, the passcode needs to be entered, after which the code will expire. This means that hackers will not be able to access the account without physical possession of your phone. Even though it is optional, and may be considered to be a nuisance, it could potentially save you from damage later on.
Passwords are the first line of defense in protecting your identity against unauthorized access to your computer. If you think that you must write down your password in order to remember it, ensure that you store it in a safe place, and do not label it as your password.
Hopefully, those 5 tips will help you to protect your passwords from possible future cyber attacks. If you have other tips for creating secure passwords, please go ahead and share them with us in the comments.
Business depends on data and technology, both of which can be abused by cyber criminals. A study conducted by the Center for Strategic and International Studies (CSIS) reported that cybercrime costs the global economy a staggering $445 billion a year. Cybercriminals are gaining momentum by sharing information and launching more sophisticated attacks. Fighting cybercrime requires a holistic approach to safeguarding information.
To avoid becoming a victim of cybercrime and prevent unauthorized access to your data, here are some steps you can take:
Hackers are not the only ones who can gain power from information – by educating yourself on the existing types of scams and how to prevent them, you can stay one step ahead of cybercriminals. After all, cyber security begins with personal responsibility.
Automate software updates
Previously, we mentioned the fact that software updates are important as, apart from product enhancements, updates contain bug fixes and solutions to security vulnerabilities. The good news is that many software programs will automatically connect and update to defend against known risks; therefore it is best to configure automatic updates.
Click with caution
Whether chatting over an instant messenger or checking e-mail, you should be careful not to click on any links in messages from people whom you do not know. The link could download malware onto your computer, or it could revert to a fake website that asks for private information, such as user names and passwords. These data could be used to carry out identity theft or other crimes. The same concept applies even if the message is from someone you do know – you should always be vigilant. Certain types of viruses multiply and spread through e-mail, therefore looking for information that indicates the legitimacy of a message is advisable. Also, exercise caution when downloading any programs.
Apart from practicing safe surfing, you also need to be cautious when shopping online. Before entering your payment information on a site that you have never visited before, do a little investigating to determine if the seller is legitimate.
When it comes to payment, a credit card - rather than a debit card - should be used. If the site turns out to be fraudulent, your credit card issuer may reimburse you for the charges, but with a debit card, the money is lost.
Use Common sense…
Even though our awareness about cybercrime has increased, mainly due to the ongoing revelations by the ex-National Security Agency contractor Edward Snowden, cybercrime is still on the rise. Cybercrimes trajectory is fuelled by common mistakes such as replying to spam or downloading attachments. Therefore, common sense should be used whenever you are on the Internet. You should never post revealing personal information online, or share sensitive information, such as your social security number and credit card number.
…But be suspicious
Even cyber-savvy people still need to keep a guard up for any new tricks and act proactively to protect their safety. Although protecting oneself does take some effort, there are numerous resources and tools that can help. By adopting best practices and a few precautions, you can keep cybercrime at bay.
If you are looking for security solutions for your company, you can find valuable information on our website www.hobsoft.com. You will find several software security solutions “Made in Germany” that will help you protect your corporate network and files.
Consider this common business scenario: a business has invested in network firewalls, modern authentication techniques, latest encryption technology, and other security technologies, but a social engineering attack could bypass all these defenses. A firewall cannot protect against users being tricked into clicking on a malicious link they think came across from an old friend.
What is Social Engineering?
The term “social engineering” refers to the non-technical type of intrusion that mainly relies on human interaction and commonly involves tricking people to break normal security procedures. In simpler words, social engineering can be regarded as a scam or fraud – people are scammed into giving away valuable data, including passwords.
Social engineering is normally considered the easiest and most successful type of attack, and can come in several forms.
In the office
Social engineers may easily physically enter the organization’s building without provoking suspicions. A common practice used by social engineers to enter a secured building unnoticed is to hang out in the smoking area and wait to be let in by an unsuspecting employee.
On the phone
One of the most traditional methods is to call a person and ask them questions - a social engineer might pretend to be a trusted authority. Phone-number spoofing is another common practice amongst social engineers – a different number shows up on the target’s caller ID. The criminal could be calling from his/her home, but the number that shows up on the caller ID seems to come from within the company.
Criminals also take advantage of the Internet. When someone types in a URL that is only one letter off, instantly they can end up with unintended consequences. Rather than going to where they intended, unsuspecting users who make typing errors land on a fake site that has one of the following aims: to sell something, to steal something, or push out malware.
Why do People Fall for Social Engineering Tactics?
Social engineering has been proven to be a very successful method for a criminal to “get inside” an organization. Social engineering works because people want to be helpful and/or benefit themselves. By exploiting human psychology, social engineers find innovative ways of gaining access to buildings, systems or data. Successful phishing attacks generally warn that, “Your bank account has been breached! Click here to log in and verify your account.” This ploy takes advantage of human fear of having a compromised bank account. This psychological trick also helps social engineers to succeed with their criminal activities.
People are fooled everyday by these fraudsters because they have not been sufficiently informed about social engineers. Keeping a watchful eye for social engineering is also part of personal responsibility to prevent cyber attacks. Since social engineering tricks are constantly evolving, awareness training has to be maintained. For instance, as social networking sites continue to grow in popularity, so do the scams social engineers try to use there, targeting Facebook, Twitter, LinkedIn and other social sites. Links that ask “Have you seen this video of you?” take advantage of both human fear and curiosity, making it impossible to resist unless the user is aware that it is a social engineer looking to trap the user into clicking on a bad link.
From small pieces of information, a social engineer can compile an entire profile of a target. This makes the social engineer well poised for an attack to gain access to a facility or sensitive data.
Security is all about knowing what risks there are and how to avoid falling victim; not all threats come from the online front or use technical means to exploit network vulnerabilities. The weakest link in security is the human factor. Social engineering should be seen as a very serious risk and preventative measures should be in place. Prevention involves educating people about the worth of information, training them to protect it, and increasing people's awareness of how social engineers function.