by Felicien | Sep 9, 2017 | Education
Here is a description of how Mobile Device Management Platform is being used to boost security in small and big firms all around the world.
Mobile device management (MDM) is a term used to administer mobile devices such as tablets, smartphones, laptops, and desktop computers. MDM is usually implemented using third party software.
Why it is Necessary.
MDM is used to ensure that employees are productive and that they do not breach company policy. Most organizations use the MDM platform to control the activities of their employees that might have an effect on their operations. Such a platform is mainly concerned with segregating corporate data, securing documents, emails, and enforcing corporate policies. Most of the areas it deals with are to do with the security of an organization. The implementation can be on-premises or via the cloud.
Some of its functionality can include the configuration settings of applications on mobile devices. In recent years, providers of MDM platforms have added desktops and laptops to the list of devices they manage.
By protecting and controlling the data and the settings on applications for all devices connected to a network, MDM can cut down support costs and the risks a business is exposed to. The primary goal of an MDM platform is to optimize security in an organization while cutting down cost. With mobile devices flooding the market and a part of business operations, having a tool that lets you monitor the device is necessary.
Find the Balance with MDM.
Data security and preventing data leaks have been the main driving force for MDM platforms. In recent years, a lot has been achieved in this area. The various MDM platforms can manage the security of devices without reducing functionality. The MDM works for both corporate-owned devices and personal devices. With a robust control of your security, you can prevent the loss of sensitive data that could have an impact on your competitiveness.
Have some Clear Goals in Mind.
As you search for an MDM platform, you will discover that there are many of them out there and they all have unique approaches to managing the security of your data. All of the approaches will have their weaknesses and their strengths. However, you need to understand the goals you have before making your choice. One of your main goals should be to secure your data while providing a simple and efficient user experience for users of the network.
Improve the Security of Your Data.
When an organization decides to implement an MDM, security is usually their primary goal. Some of the measures that an organization can take to improve security are to enforce encryption and a passcode. Additionally, it should have a means to wipe the device if it is stolen or lost. These are the basic features offered on a standard MDM platform. However, some advanced MDM platforms such as Maas 360 also have some extra features. For instance, it can restrict copy pasting, taking screenshots, blacklist, and whitelist apps, and even limit the access time of some apps by the time of day.
With the rise of infections amongst mobile devices, it is important to get only the best. It is estimated that there are 16 million infected devices around the world at any given time.
Some of the Measures an Organization Can Take to Secure Mobile Devices.
While an MDM platform is great, users still need to take some steps to ensure that they are secure. Here are some of the things organizations can do to stay safe:
Hold seminars to educate employees about app security. Inform employees about the dangers of downloading third party app and the risks of having weak device permissions on a device.
Restrict employees to downloading applications from authorized sources only. This can be sources such as Google Play, the App Store, and the organization’s app store. The rule needs to be enforced at all times when possible.
Act quickly if something goes wrong. It is important to have automated policies for mobile devices when it is discovered that a device is compromised or has a malicious app installed.
Keep Work Data separate from Personal Data.
If an organization decides that it will make use of an MDM platform, employees may raise issues to do with the privacy of their data. For instance, they may wonder if the organization will now have access to their private emails, their photos, and texts. On some of the most sophisticated MDM platforms such as MaaS360, it is possible to create user environments that keep personal and work data separate.
This is known as containerization. In essence, the MD creates a sandbox where all company activities are supposed to take place. When the employee leaves the sandbox or has their device stolen, a selective wipe can be done to ensure that all corporate data is removed from the device. Personal data will not be affected by the wipe. It is important that all employees understand the importance of MDM platforms in securing organizational data.
The Benefits of Central Management.
Whether the IT department runs the MDM platform or the work is outsourced, the ability to manage everything from a central point is ideal for efficiency. It also eliminates the cost and headache of trying to manage each device individually.
Picking the MDM.
While many SMEs continue to embrace MDM, many of them know that a one size fits all solution is not possible. Besides that, with evolving security threats, it is important to choose a platform wisely.
Get the right experts to help you make your choice. They can help you make just the perfect choice for your security needs. Besides that, they can contribute to managing the MDM for you. Trying to choose from among the top vendors of MDM platforms by yourself can prove to be quite a nightmare.
Summary.
Employee’s devices are here to stay, and they will continue to play a crucial role in the workforce. It is thus up to businesses to come up with a way to manage them before they cause a major security breach. MDM platforms are the perfect tool to ensure that an organization can reduce the risk of leaked data.
by Felicien | Sep 8, 2017 | Education
It seems like every day there is a new phishing scam or ransomware virus making headlines and giving business owners and individuals alike something new to worry about. Cybercrime is on the rise, and the perpetrators are coming up with new tricks and tactics as fast as cyber security professionals can uncover them.
A new malware infection seems to be targeting Australians using the popular Go Via website. This much-used toll payment provider gives users a fast and convenient way to take care of toll fees racked up during their daily commute and other travels. Recently, an email claiming to be from Go Via is making the rounds, and it has IT professionals concerned.
The email contains a message similar to this:
Subject: your go via tax invoice statement now
Dear Client
Your go via tax invoice statement is now available for download
If you have a post-paid account, ensure your monthly invoice is paid by the due date to avoid unnecessary fees.
To view previous tax invoice statements, login to your account using your account number and PIN at govia.com.au
You can view up to 18 months of tax invoice statements online anytime, at no extra cost.
While the reply address appears to be legitimate, the link informing the recipient that their statement is “available for download” does not. If you were to hover your mouse over the hyperlink, it would reveal that it directs you not to the Go Via website, but rather to someone’s personal Office 365 account. Specifically, to an unknown individual’s SharePoint account. If you were to click on this link to download the promised statement, the only thing you would be receiving would be a malicious infection.
Incidents like this serve as a reminder to constantly stay on alert when checking your inbox. Even when an email looks to be legitimate, it’s always worth taking an extra minute or two to carefully read through the message and double-check that any attachments or embedded links are what they claim to be before you click.
Hovering your mouse over a hyperlink, even one that doesn’t appear to have been altered (meaning it appears as a web address) will reveal where the link actually leads. If the revealed link doesn’t match the hyperlink, leads to a different domain, or leads somewhere entirely different from where the hyperlink text implies, DO NOT CLICK. Often the only thing you need to do is open an infected link to activate whatever malicious payload its attached to, meaning that once you end up on a strange site and realize something is off, it’s already too late.
Taking the time to practice smart email behavior and training your employees to do the same can protect your business against scams and cyber attacks that have the potential to do serious damage.
Want to learn more about the steps you can take to protect your business against cyber attacks and phishing scams? Contact Xstra Group today at {email} or {phone}. We’re the IT professionals {city} businesses trust.
by Felicien | Sep 8, 2017 | Education
Consumer Credit Score Giant Equifax At The Center Of What May Be The Worst Data Breach In History.
Atlanta-based consumer credit score provider Equifax announced Thursday that the company had been the target of a major data breach. This breach is thought to have occurred between mid-May and July of this year, with the breach finally being discovered on July 29th. Equifax took immediate steps to determine exactly what had happened and how hackers were able to gain access to the affected files.
In a statement released by Equifax Chairman and CEO Rick Smith, the breach was confirmed, and an explanation was offered to the more than 143 million affected consumers. It’s been advised that Equifax has been in ongoing contact with law enforcement, and has been fully cooperative with their continued investigation into the incident in an effort to locate the offenders.
A comprehensive forensic review was completed by a top cyber security provider, which uncovered the source of the breach and the number of files involved in this incident. It appears that the hackers responsible exploited a US website application vulnerability to access information that includes names, Social Security Numbers, and drivers’ license numbers, as well as a few hundred thousand credit card numbers. While the bulk of the affected users are US residents, Equifax has stated that some Canadian and UK users were also impacted.
It was also discovered that while this is still one of the worst data breaches ever to have occurred, hackers were not able to gain access to any of Equifax’s core data bases.
In an attempt to protect their customers and put forth maximum effort where damage control is concerned, Equifax is offering a complete identity theft protection package to each affected US consumer completely free of charge. A dedicated call center and web page have been created for consumers to get updated information on the situation, and take advantage of the identity theft protection package. Consumers are advised to get in touch with Equifax as soon as possible to determine if they are among the 143 million users impacted by this data breach and start taking steps to protect themselves from any potential consequences.
Equifax has vowed to invest even more into their cyber security systems in order to stop an event like this from ever occurring again. They’ve stated that their focus is on looking after their customers and doing everything they can to keep any possible damage resulting from this incident to a minimum. While it may feel like too little, too late for some, Equifax has made a real effort to step up and take responsibility for what has happened.
That being said, for affected consumers, the nightmare is only beginning. Data that has been stolen more often than not finds its way onto the dark web, and even if the hackers responsible were so inclined, there is no getting that data back once it’s hit the criminal marketplace. As this breach gave hackers millions upon millions of Social Security numbers with vital information like full names, addresses, and dates or birth attached to them, they’ve been able to create neat little identity theft packages to be sold off to the highest bidder.
When a data breach involves passwords or login credentials, a victim can change that information with relative ease and put the breach behind them. When your entire identity has been compromised, that’s not so easy. And while Equifax is offering free protection to US data breach victims, that complementary protection – as mandated by regulators – only needs to be offered for a full year after the incident is made public. At the end of that year, victims are left hoping that nothing is done with their data from that point on. And that’s rarely the case.
Credit card numbers can be replaced, but your Social Security number and date of birth are tied to you permanently. You can’t change your identity. This means that consumers involved in this data breach will remain at risk of identity theft and all of the headaches that go along with it for years to come. Bank loans taken out under someone else’s name using your information, or credit cards activated under your own name to be used by a stranger are both very real possibilities for those who have had their information stolen during this massive Equifax data breach.
At its core, this incident serves as a stark reminder of the ongoing dangers we face in a digital world. Cyber security is constantly evolving, but so are the criminals who are in search of ways to circumvent that security. The smallest vulnerability can lead to a major catastrophe, and while a company like Equifax has the capital available to rebound from even this disaster, a smaller business would collapse under the financial and reputational damage.
Want to learn more about the steps your business needs to be taking to keep a data breach incident like this from happening to your customers? Contact the {company} team at {email} or {phone} today. We’re the cyber security experts businesses in {city} trust.
by Felicien | Sep 8, 2017 | Education
Unless you properly prepare for tropical storms and hurricanes in advance, not only your property and business, but your life could be at risk. This may require evacuating. Plan your evacuation in advance, especially if you live in a hurricane-prone area.
Have your Evacuation Grab Bags ready to go. Make sure they’re waterproof and easy to carry. Essentials include:
2 gallons of water per person, per day for at least 3 days (including animals).
Non-perishable foods, and a can opener for canned foods.
Pet food and bowls.
Clean clothes and toiletries.
Your medications (for at least 7 days).
A First-Aid Kit.
Important documents in a flame and water-proof container.
Cell phones, chargers and battery backup.
Cash in small bills ($100 or more).
A flashlight and extra batteries (LED flashlights last longer).
A Battery-Powered Radio.
Spare car and house keys.
Whistle to signal for help.
Dust masks to filter contaminated air, and plastic sheeting and duct tape to shelter-in-place.
Moist towelettes, garbage bags and plastic ties for personal sanitation
A map with your evacuation route marked
A wrench or pliers to turn off utilities before you leave.
When you’re ready to evacuate, keep these tips in mind:
Take roads less traveled. There are often secondary highways and state/provincial roads that go to the same place as major highways or interstates. Use Google Maps to plan your evacuation route.
Use the Gas Buddy App to know where you can find gas when travelling. Be sure to fuel up at every single opportunity.
Install the Zello app on your smart phone. Make sure your family members, coworkers and friends do this as well. It’s faster than making a phone call, and saves time texting and emailing. Plus, you can tune into public channels that provide emergency information.
Don’t wait until the last minute. Use Expedia or hotels.comto book hotels in advance. You can always cancel it if you don’t need it. if needed.
Unless you have a safe deposit box at your local bank, store your valuables, paperwork and jewelry in your dishwasher. It’s waterproof and built into your cabinets so it won’t blow around.
Be safe everyone.
For more information, visit:
The National Hurricane Center
Ready.gov
The Red Cross
by Felicien | Sep 8, 2017 | Education
Equifax Security Breach of 143 Million Private Records Rocks Consumer Confidence and Injures Corporate Image
You would expect that a company – like Equifax – that is entrusted with vital information and tracking information of peoples purchase history would have iron-clad cybersecurity to protect its data.
Apparently not.
On September 7, 2017, Equifax came out with the truth.
They had been hacked.
From mid-May through to July, cybercriminals had access to the addresses, social security numbers, drivers license numbers, and birthdates of Equifax “customers”- that’s pretty much everyone – in the USA, Canada, and the UK.
The September 7th, 2017 press release from Equifax states that nearly half of the population of the United States – 143 million people – have had their private information compromised by the Equifax breach.
Equifax maintains that relatively few Canadian and UK consumers’ private information was impacted and that they are working with the Canadian and UK regulators to comply with the necessary regulations surrounding breach transparency.
But that’s not the worst news…
As part of this Equifax cyber intrusion, 209,000 people had their credit card information stolen, AND according to Equifax, the breach also impacted 182,000 people who had private information contained in Equifax Dispute Documents.
(Are you looking for professional help with securing your private or corporate data? Let the professional cybersecurity experts of {company} take this worry off your mind! Contact us now at {phone} or {email}
The Equifax public relations bulletin regarding this breach tells us that they finally discovered the intrusion and theft of consumer’s private information on July 29th, and that following the discovery of the breach, they hired an independent cybersecurity firm to investigate.
That investigation apparently took a little over a month to complete, because the public wasn’t informed that their private information had been compromised until the September 7th press release.
What is Equifax doing about it?
Their Chairman and CEO, Rick Smith, recorded a public apology and defense of Equifax’s actions in this matter.
They set up a website for you to check to see if you are among the millions of people whose information was stolen. equifaxsecurity2017.com
They have offered a free year of credit monitoring and ID theft protection
They have set up a call center to handle the flood of calls from concerned consumers. 866-447-7559
That’s the official response from Equifax.
Here’s the problem.
They went for over a month without notifying the public that something very important and valuable – their private information – may have been compromised.
Ironically, the website that they have set up for you to check to see if you are one of the 143 million people affected by the breach asks you to give your social security number – again – to Equifax.
The free year of credit monitoring and ID theft protection is offered THROUGH Equifax.
Equifax is only notifying the people whose credit card numbers or Dispute Documents were seen by the criminals – not everyone affected.
To add insult to injury, according to TechCrunch and Bloomberg both report that three Equifax Executives dumped a portion of their Equifax stock BEFORE the news of the breach went public.
TechCrunch states, “The transactions in question were initiated by Chief Financial Officer and Corporate VP John Gamble, who sold $946,374 worth of shares; President of U.S. Information Solutions Joseph Loughran, who dumped $584,099; and President of Workforce Solutions Rodolfo Ploder, who sold $250,458 in shares. As Bloomberg notes, these transactions were not pre-scheduled trades and they took place on August 2, three days after the company learned of the hack.”
While Equifax has come out with a statement insisting that these men had no knowledge of the breach at the time of the trades, it still looks more than a little fishy.
So, what is the average consumer supposed to make of all of this?
Well, to put it in perspective, this isn’t the biggest case of a corporate entity being breached by cybercriminals. In 2016, Yahoo disclosed that 1.3 billion user accounts had been hacked in two separate incidents in 2013-2014. Wikipedia records that the criminals involved stole, “names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords.”
So, this kind of breach – and corporate delay in disclosure – has happened before.
In an effort to calm public outrage over this breach, Equifax’s CEO, Rick Smith said, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
Rick Smith has a led Equifax since 2005 and has a good track record as a corporate leader and a conscientious and caring citizen. According to his Equifax bio, his “is currently a trustee for The Boys & Girls Clubs of Metro Atlanta and has formerly been a director of the Operation HOPE global board, director of the YMCA of Metropolitan Atlanta, and a Trustee of the Woodruff Arts Center.”
Although Equifax has hit some speedbumps in the rollout of their response to this crisis, it seems that the issues seem to mostly center around transparency, messaging, and public relations, not the leadership of Rick Smith.
Time will tell whether Equifax will be able to regain and hold on to public confidence. At the moment, their biggest statement defending their systems is,
“The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”
What should you be doing about this breach?
Pay attention to your credit cards and any new credit applications opening in your name. If your credit card sites provide alerts to your smartphone, set them up.
If you trust Equifax with your Social Security number, go to equifaxsecurity2017.com and check to see if they count you in the group that has had their information stolen.
If you feel confident in Equifax, take advantage of their credit monitoring offer – if not, subscribe to another credible organization’s credit monitoring services.
Wait – the whole story has not been told on this breach yet. Further reporting in the media will continue to shed light on this unfolding narrative.
Want to know more about how to protect yourself and your business from cyber crime? Contact the cyber security professionals at {company}! {phone} or {email}
