Posts Tagged ‘security’

4 ways to protect your business online

SecurityConnected for Business shares helpful tips on passwords, protecting your Twitter account and how to defend against spam. This article originally appeared on Connectedforbusiness.ca.

Did you know online fraud costs Canadians US$3 billion per year? And that the growing popularity of smartphones, tablets and open Wi-Fi networks are making us more vulnerable to online fraud and other forms of cybercrime?

These figures, from an October 2013 report by security-software firm Symantec Corp., are a startling reminder for us all to be careful as technology changes. According to Symantec’s Canadian director of consumer solutions, Lynne Hargrove, cybercrime rates have doubled since 2012, with offences ranging from credit-card fraud to identity theft.

If you run a small business, the costs associated with fraud can cripple, or even sink, your company. But there are simple ways to help protect your website, email and digital devices from breach. These aren’t new tips; you’ve heard them before. But perhaps now is a good time for a reminder on the basics of online protection. Grab a seat. Class is in session.

1. Create Crack-Proof Passwords

From mobile devices to desktop computers, servers to cloud computing, everything seems to require a password these days. And while it may be tempting to use the simplest passcode, this is a bad idea. After all, if someone can guess it, then you’re inviting potential harm into your business. As a general rule, don’t use a birthday or maiden name. Instead, use a mixture of numbers, upper and lowercase letters, and symbols for a password that’s at least eight characters long.

Tip: Think of a phrase that’s easy for you to remember. Now take the first letter of each word in the phrase and this is your password. Include caps and numbers where possible or add them to the end.

Example: 2 out of 3 ain’t bad / Password: 2oo3ab – OR – Bruce Springsteen sings Born in the USA / Password: BSsBitUSA

2. Change Your Passwords Frequently

It’s this simple – the longer you use the same password, the more vulnerable you are to attacks. So, by changing your passwords monthly, or every 60 days, you’re making it that much harder for a hacker to figure it out.

3. Don’t Respond To Spam

We all deal with spam, and while some of it goes directly into our spam filters to be deleted, other phishing schemes can be much more subtle and dangerous. You might even receive a spam message where the sender is one of your contacts. If you do receive something odd from a contact, reply to the person in a separate, new email. Also, it goes without saying, don’t ever reply to spam, even out of spite. Simply delete.

4. Change Your Permissions If Your Twitter Account Is Hacked

If your Twitter account is compromised, log in and change your password. Select a brand-new passcode. Then, while logged in, revoke all connections to third-party applications that you don’t recognize. As a preventative measure, you can also install login verification. To log into Twitter, you will need to enter your password, and then enter a separate, six-digit code sent to your smartphone. This way, if someone tries to access your account, they won’t be able to sign in.

How To Set Up SMS Login Verification

1. Log in to Twitter and go to your security and privacy settings.

2. Select the option to “send login verification requests to my phone.”

3. When prompted, click OK, send me a message.

4. Once you receive the verification message, click Yes and enter in your password when prompted.

category iconCategories:
share this 0 comments

The risks and rewards of BYOD

BYOD risks & rewards imageWhen it comes to BYOD (bring your own device) support in organizations, there is often a great divide. From a security perspective, dealing with personal mobile devices on the network can create security holes that are tricky to fix, because locating the source device is not always easy. On the other hand, many organizations realize that personal mobile devices are part of the workplace culture and, if supported with the right policies, can help employees be more productive.

Sadly, a very small percentage of organizations have a formal policy in place when it comes to security and mobile devices, especially for BYOD.  This pushes a problem upon IT departments, because they are tasked with both securing the device and also managing the ability to support a wide variety of devices.

From a security perspective, having many Wi-Fi devices (mainly tablets) on the network can create a risk.  Employees want to access the corporate network from their device, but managing individual password requests is incredibly time consuming (not to mention the password reset support required).  Throw in contractors, temporary employees, vendors and other guests and… you get the idea.

When users are connected with unsecured devices, they are also a risk, as they can inadvertently allow access to the corporate network through malware installed on the device, or in the case of loss or theft.  Once the Wi-Fi network has been breached, it will be much easier for unauthorized users to gain access to the network from outside the premises.

The main reluctance arises on the IT infrastructure side. These folks are responsible for securing and troubleshooting all devices that are considered business devices. The certification of business devices is a long and arduous process, and employees are increasingly particular regarding which devices they wish to use.

Here are a few tips for businesses considering extending mobility to more of their workforce through programs like BYOD:

  • Put a formal policy in place that defines the company’s rules for mobility.
  • Implement a mobile device management solution to secure and manage all devices connecting to the company network.
  • Limit the list of devices that you support to lighten the load of the IT team.

Extending mobility to more employees is not all risk and no reward. Internal applications, such as conferencing, expense management, analytics or social media marketing, can help increase productivity and collaboration if implemented properly. It’s much easier to push out new information and marketing content to employees via applications than it is to rely on your company intranet. Some MDM solutions enable app distribution through a secure “enterprise app store”.

Finally, mobile devices can help extend business functionality. We’re seeing this especially in retail, in regard to accepting mobile payments. This type of application can be built to integrate with banking, accounting and other customer-related applications. If you are already investing in a mobile solution, extending this type of functionality to all employees who will benefit from it can yield better ROI.

Are you considering implementing a BYOD policy? What risks concern you?

category iconCategories:
share this 0 comments

How to protect your company data

SecurityConnected for Business writer Bryan Borzykowski shares five ways businesses can help prevent computer fraud. This post originally appeared on Connectedforbusiness.ca

It’s a lot easier and cheaper to prevent computer fraud than you might think. Here are five ways to stop cyber-criminals from stealing sensitive data.

Update anti-virus software

While most people know that they need to install anti-virus software on their computers, it’s also important to upgrade these programs when new updates are released. Sunil Mistry, a partner at KPMG Enterprise in Toronto, says that many business owners fail to do this. “There are constant viruses and phishing emails that figure out ways to get through anti-virus software and into an inbox,” he says. “The updates make sure that any gaps are covered.” Anti-virus software should send any potential phishing scams – emails that ask you to click on a link and enter information – to your spam folder and delete any emails that have viruses attached. Users will typically get an alert when a new version is released, so there’s no excuse not to upgrade.

Wipe data off old computers

Business owners often throw out old computers, but many fail to erase the sensitive data that’s on the hard drives, says Mistry. “You could have a bunch of passwords on it, or an Excel document with credit card information that someone forgot about,” he says. Wiping hard drives of data is becoming more important as computers become cheaper, he says. Companies can now upgrade systems every couple of years. With many companies donating or selling the old computers, you never know if it will fall into the wrong hands.

Use encryption software

If you’re sending sensitive data – such as customer information to a supplier – via the internet, you need to install encryption software. This puts a “casing” around the data and essentially turns it into meaningless numbers, making it harder for hackers to steal information that’s travelling from one place to another. “Encryption hides what’s being sent,” he says. “It prevents anyone from trying to access that data.” These days, most anti-virus companies offer low-cost encryption services, says Mistry.

Log off computers

It can be hard to stop an angry employee from stealing information – they’re in the building, after all. One of the best ways to prevent fraud by a staff member is also the simplest: make sure people log out of their computers when they leave their desks. “That’s a big one, even for us at KPMG,” Mistry says. Small businesses are especially at risk, since it’s easy to tell when the boss goes on a lunch break. Often times, no one else may be around. “If you don’t have the right people there, you can easily be taken advantage of.” Logging off makes it significantly harder for a fraudster to quickly grab information.

Lock down computers

Computer fraud doesn’t always occur via insidious emails or a quick transfer of data to a USB key. Mistry has heard of numerous companies that have been compromised after someone walked out of the building with a computer. It may seem outrageous, but it’s not hard to steal a company laptop. He recommends actually bolting down computer hardware. “Lock down the laptop to the leg of a desk,” he says. “People aren’t going to get cable cutters to get it.”

category iconCategories:
share this 1 Comment

How Mobile Workers Will Change Your Business

This post, written by Melissa Campeau, originally appeared in Profitguide.com.

A new IDC Canada report suggests organizations will rethink policies, security and collaborative tactics as teams go mobile

If you haven’t seen all your employees in one room since the holiday party, welcome to the new mobile norm. It’s been projected that 73% of employed Canadians will be at least somewhat mobile by 2016. But empowering staff to work anywhere, any time will necessitate a change in business practices over time.

A new report by IDC Canada predicts the Canadian mobile worker population will grow from 69% to 73% by 2016. The study, based on multiple sources including Statistics Canada labour force data and a survey of 500 Canadian executives, defined a mobile worker simply as someone who is not always working at a desk. “They could be a travelling executive, a sales rep, a field worker, a telecommuter, working on location or just working from a Starbucks a few hours each day,” says Krista Napier, senior analyst and tracker lead, mobility for IDC Canada.

While businesses of all sizes have experienced an uptick in the number of mobile workers, IDC research shows small companies in Canada are much more likely to have on-the-go employees than their larger counterparts. Specifically, says Napier, workers in smaller companies are more likely to spend at least three days a week away from their office, whether in the field, on location or working from home.

With this evolution, the report predicts significant changes to the way businesses operate. And because small businesses are already wading into the deep end of the mobility pool, they’re likely to experience the forecasted trends first.

Planning specifically for mobile expenses will become the norm, if it’s not already. “Smaller companies will need scalable and affordable solutions for dealing with a more mobile workforce,” says Napier.

Businesses will also look to develop a framework for mobility, suggests the report. A policy for mobile work could provide a guideline for managers and employers to understand expectations, security issues and more. This might also include extra training, Napier notes, to make sure workers know how to get the most out of their mobile devices.

While there are clear benefits to mobile work, less face time with colleagues could translate into fewer impromptu brainstorm sessions and exchanges of ideas. Organizations will look to counter this, suggests the report, by making greater use of collaborative tools including social networking sites, video conferencing and webinars.

Not surprisingly, businesses are likely to lean more on the cloud, as workers become increasingly mobile. With employees able to access data more easily and independently, IT professionals will be able to spend more time developing business-enhancing initiatives instead of focusing mainly on maintenance, the report notes.

And finally, weaving loss-prevention solutions into mobile strategies will be more and more necessary, since an increase in mobile workers can amount to an increased risk of exposed information. “Security around both the hardware and the data residing on them will become more complicated as trends like BYOD (bring your own device) continue to proliferate,” says Napier. “They will need to be addressed.”

To see the original article, go to Profitguide.com 

 

 

category iconCategories:
share this 0 comments

Managing mobile technology while travelling for business

Tips for business travel with RogersThis week we bring you part II of our series on managing mobility costs while travelling as a small business. In our last post, we talked about how to find the right plan that “fit” your travel activity and use of mobile devices. This week, we look at making sure you have a secure wireless internet connection when on the go.

How to set up a secure connection to internet and data services outside the office

We expect to be able to access the internet wherever we are for whatever we need. However, when you are on the road or travelling abroad for business, accessing the internet can be challenging. Not only may connections be slower, but you are also at a greater security risk, especially when connecting to public networks or using a public computer.

The key to using the internet securely when traveling is to understand the additional risks, use caution and be prepared.

Control your own internet in public Wi-Fi zones

Public Wi-Fi is often the most convenient choice – especially if you want to check a quick email in a coffee shop. However, cyber-hacking software and wireless eaves droppers are on the rise, creating a point of vulnerability for public Wi-Fi users.

You can create a secure internet connection by using a mobile internet product like a mobile internet stick, hotspot or hub. These products offer a personal connection with automatic encryption to protect your information while you’re online. To learn more about how protect your device from security threats, read our Security eBook.

Invest in a data plan

Sometimes business travelers use Wi-Fi when not on their provider’s network to avoid high roaming charges. If you equip your international travelers with smartphones or tablets with roaming data passes and travel packs for roaming, concern disappears and they can stay connected and keep their data protected from prying eyes.

To learn more about Rogers’ data plans and what is right for your business read our Wireless Data vs. Wi-fi whitepaper.

A checklist for ensuring a secure internet connection on-the-go

Regardless of the devices you travel with – a laptop, netbook, smartphone, iPad, or all of the above – there are a few simple steps you can take to secure your public internet connection. Here’s a check list to consider:

  • Make sure your security software is up-to-date, before every trip, or at least every few weeks, it’s a good idea to check the “software updates” on your device to check if a new one is available. If there’s a new one, download it.
  • Use strong passwords. Use a strong combination of letters, numbers and/or special characters and change your passwords frequently.
  • Encryption is the key to keeping all of your information secure online. To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire account could be vulnerable. Look for https on every page you visit, not just when you sign in.
  • Don’t be fooled by access fees – paid hotspots are often unencrypted and just use a captive web portal to prevent access if you haven’t paid yet.

If there additional topics you would like us to cover, please let us know in the comments section.

For more information on mobile internet products, travel packages or other Rogers products visit: www.rogers.com/businessroaming.

For more information on security for individual operating systems, please visit the following:

Lauren is a regular contributor to RedBoard Biz

category iconCategories:
share this 0 comments

An introduction to BYOD for small business

Photo from Flo Tech Blog (http://blog.flotech.net/blog)

By now, you’ve probably heard about “Bring Your Own Device,” or BYOD, a growing trend of employees bringing their personal mobile devices to their place of work and using them to access company resources like email and file servers. While this can prove to be challenging for IT departments to manage, there are some real benefits to allowing employees to work using their “home device,” including greater levels of efficiency and less need for IT assistance.

If you think about it, using your personal stuff for work purposes (and vice-versa) is nothing new – particularly for small business.  Most fleet policies, for example, allow employees a choice between a company car (which even the government acknowledges could be used for personal purposes) and some sort of compensation for choosing to simply use their own vehicle. Taking a step back, employees have been taking work home (regardless of IT policy) for centuries, and certainly in the decades since personal computers became ubiquitous. (And really, isn’t that just Bring Your Own Office?)

Naysayers will point out, of course, that security for mobiles devices, unlike cars and homes, is evolving at an incredibly fast pace. And while you might have a car stolen or a house break-in, you are unlikely to lose either at a bar.  Additionally, with hackers and malware, there are lots of ways security/privacy can be compromised without the end-user ever knowing it. Indeed, users running cloud applications can be in violation of NDA’s without a device even being lost.

But if you ban the practice, what benefits will you miss out on? Survey respondents consistently report greater levels of confidence and efficiency when users operate their “home device.”  More than simple productivity efficiency, this comfort level also leads to reduced need for IT assistance as users are already familiar with the ins and outs of their current model. As Cisco revealed in study results from May of this year:

BYOD is just the gateway to greater business benefits. Over three-fourths (76%) of IT leaders surveyed categorized BYOD as somewhat or extremely positive for their companies.

These benefits also include savings opportunities for hardware and, according to London-based Nasstar, a positive “BYOD policy brings in the SMB talent” and fosters “better workplace morale.”

And can a BYOD ban even work? In an Avande survey of over 600 business leaders and CIOs, nine out of ten respondents indicated members of their staff were already doing it (with or without company blessing). The Cisco study showed 95% of respondents in the US already allow BYOD.  As Gina Smith writes in the 10 Myths of BYOD in the Enterprise, myth 10 is preventing BYOD in the first place:

You can’t stop it. It’s game over and already happening, Virtual Works’ CEO Ed Lacabucci told me recently, and he’s right.  A wholesale revolution is coming…

What all writers suggest, is that users need:

For a good link-survey and analysis of the current writing and reporting on BYOD, see also Peter Silva’s article BYOD – The Hottest Trend or Just the Hottest Term.

What’s your BYOD experience? Are you considering it, avoiding it or is it old news?

Brook is a new contributor to RedBoard Biz

category iconCategories:
share this 3 Comments

The case for tablets with wireless data

The Case for Tablets with Wireless Data Tablets are proving their value in business everyday in situations where neither smartphones nor laptops can match them for convenience or impact.  In fact, more than half of all companies are now using tablets somewhere in their organization.

When purchasing tablets for your business, connectivity is an important consideration. Should you choose a 3G, 4G or LTE tablet with a data plan, or will a Wi-Fi only model meet your company’s needs? The short answer: it depends on how you will use them.

Here are three good reasons why you should consider investing in tablets with wireless data.

Harness the full value of your device with wireless data

Wi-Fi only tablets make sense in fixed locations, such as hotels, restaurants, health care facilities and campuses, where a secure Wi-Fi network has been implemented. But wireless data can make your mobile workforce more productive, better able to serve customers, and bigger contributors to the bottom line. Here are some examples:

  • Drivers can complete and submit logs using touchscreens while they’re on the road.
  • Managers can use remote monitoring solutions to keep an eye on their premises from anywhere.
  • Service technicians can download work orders without visiting the office, and update them as the work is completed.

 Wi-Fi hotspots can pose a security threat for your business

When employees use public Wi-Fi hotspots, they can introduce points of vulnerability into your organization’s overall security solution. Wi-Fi hotspots are unencrypted and can publicize your login credentials and data – strong security policies can help. But are you prepared to take the risk?

The total cost of ownership of Wireless Data can be less than Wi-Fi

While Wi-Fi only devices typically cost less than versions with wireless network connectivity and don’t require a data plan, paying for Wi-Fi even occasionally can drive up your total cost of ownership.

  • A user with Wi-Fi only tablet who is paying for Wi-Fi approximately 3 times a month for 1 year will cost more than a user with a 4G and a $21.81 per month Rogers Flex Rate plan.
  • A user with a Wi-Fi only tablet who paying for Wi-Fi 4 times a month for 1 year will cost more than a user with a 4G tablet and a $36.81 per month Rogers Flex Rate plan.

Beyond the cost of using Wi-Fi, what is the cost of not being able to send a proposal, work order or transaction while mobile between hotspots? Can your business afford the “lost opportunity cost”?

For more on cost of ownership, click here to read our whitepaper.

Geoffrey is a regular contributor to Redboard Biz 

category iconCategories:
share this 0 comments

5 Questions with Steele Financial

RedBoard Biz Series: 5 Questions with Barbara Steele, Steele FinancialFor the most recent installment of our “Five Questions with…” series, we spoke with Barbara Steele at Steele Financial, a company that deals with financial security and protection products such as life, disability and critical illness insurance. As a financial advisor, Barbara provides financial education and retirement counseling to families and business owners.

What’s your elevator pitch?

My job is to make people wealthier and more secure without them having to take more risk.  I honestly feel that this cannot be done without challenging the current financial status quo.  I do this by teaching people about how money really works and I put them back in control.

What business challenges keep you up at night?

Staying in touch with existing clients and finding new ones.

What role does technology play in your operations?

Technology is huge in my business, I use a cell phone, tablet, cloud computing and a hosted voice solution – it helps me stay in touch from anywhere and it allows more automation. Mobility allows me to reach more people better and faster and it helps me to broadcast my message to a wider audience

How do you stay up to date on technology and industry trends?

I stay on top of things by taking chances and trying new ideas. I also hire those people who I know can do things better than me – I have an SEO expert working on my website positioning and have just hired a woman to assist with a social media plan. I plan to hire someone to manage my website, but I will continue to write my own articles and newsletter. There are so many good companies producing stellar new ways to reach the public.  I try to find out who they are.

What one quote inspires or defines your business approach and why?

The quote on my business card is “Experience is one thing you can’t get for nothing” – Oscar Wilde. It essentially describes my feelings about where I currently am in my business – I work extremely hard for my clients, and it’s worth it. It has given me the experience that I can now use to improve other people’s lives.

Lauren is a regular contributor to Redboard Biz

category iconCategories:
share this 0 comments

Mobile wallet 101: The basics of contactless payment

These days everyone is talking about the mobile wallet and how consumers will be able to pay with their mobile devices. Some technology experts are advocating for mobile wallets, claiming they have the next breakthrough for future payments.

But why are people going to choose to tap and go with their phones rather than swipe their credit cards? And what benefits does the mobile wallet give to retailers? Here’s a primer on the mobile wallet and some of the major advantages for businesses.

How it works:

You have probably seen or used contactless payment terminals at local stores, gas stations or restaurants. This technology, known as NFC or near field communications, allows customers to tap their credit card near an NFC terminal, and in a few seconds their transaction is complete.  Many different mobile operating systems, as well as device manufactures, are adapting this technology to be able to support NFC on mobile devices with a concept called “mobile payment”.

Why does it matter?

Different banks and credit card companies have been issuing contactless cards for years, but the concept of a “mobile wallet” takes this technology one step further.  Essentially, it provides a place where a variety of different credit cards, coupled with assorted loyalty programs, can be bundled together into one easy-to-use service. In no time at all, customers will be able to quickly scan their phone for the right “card”, instead of rifling through their wallet for the right payment method. Eventually, this technology will go beyond payments, allowing stores and customers to keep ID documents, transit passes and all other traditional wallet items securely on the mobile device of their choice.

Is it secure?

The good news is using your phone as a mobile wallet is arguably safer than carrying a real wallet, with remote locking, data encryption, memory protection and passwords keeping your information safe on your device. While much of this technology hasn’t been rolled out for merchants and consumers yet,you’ll soon start to see these services more and more.

What is the benefit?

So, what are the benefits for business? There are lots.

  • Easier and more affordable ways to create loyalty programs for customers.
  • New ways to send vouchers and coupons.
  • Great potential for tracking buyer habits and customer analytics.
  • Possibility to leverage Location Based Services (LBS) in and around stores.
  • Easier refunds and charge-backs.
  • Cheaper transactions (for both consumer and merchant).
  • Very simple deployment for merchants
  • Enable businesses to go paperless

And lastly, where and when?

The notion of mobile wallet has been around for a while, but the technology is real and is already being used in many different parts of the world.  Businesses can prepare for this new wave of payments with many different strategies, but being aware that it is coming is the first step.

For more information about mobile wallet take a look at the following resources or leave us a comment and we will be sure to answer your questions.

UPDATE (May 15, 2012, 1:17 pm): Today, we announced an agreement with CIBC to launch Canada’s first mobile payment solution, allowing Canadians to pay with their CIBC credit card at the checkout counter using their Rogers “Near Field Communications” (NFC)-enabled smartphones. This means that later this year, Rogers customers will be able to use this payment capability at merchants across Canada where contactless credit card payments are accepted. For more details, check out our post on RedBoard.

Lauren is a regular contributor to RedBoard Biz

category iconCategories:
share this 1 Comment

Manage your business’s privacy with mobile app protection

Mobile security tips from RogersAs devices become more intelligent and mobile technology is used more frequently in your business, mobile security is essential. In the past few weeks, we’ve been sharing mobile security tips that can help you whether you are a small business owner or manager of the IT department.

Recently, we wrote posts about security tips for  BlackBerry, iPhone and Android. Today we’re talking about security on mobile applications for business and how to stop them from accessing off-limit data.

Apps can be essential for day-to-day business. Before downloading them to your device, it is essential to know the full capabilities of these programs, including the amount of information they may take from you or your employee’s device.

Here’s how adding apps to your regular mobile security check can help keep your business safe:

  • It helps prevent staff from unintentionally exposing your network and devices to viruses and hackers.
  • Helps to limit the downloading of malicious, pirated or repackaged applications from unofficial websites.
  • Helps to ensure that apps on business-used devices are not accessing sensitive business data without your permission or knowledge.

What can you do today?

  1. Say ‘no’ to app permissions
    Some apps are able to access users’ locations and contacts. Make sure users know when to say ‘no’ to  apps that are requesting this kind of information access.
  2. Create a pool of approved apps
    Define app download policies and make sure users only download (and update) approved software.
  3. Use application access control software
    Not all apps are what they seem. But there are tools that can be downloaded for free or purchased to help monitor how your device is behaving and, if it sees something suspicious, can quarantine and can even remotely wipe it.

Want to learn more?

  • Watch this video from No Panic Computing to learn how to change Facebook privacy settings to stop it from accessing employee information.
  • Check out Mobile Application and MDM tips in our mobile security e-book.
  • Find out how mobile apps access personal data and explore security with this report from Lookout Security.

Are you using apps for business? What security features have you found useful?

Lauren is a regular contributor to Redboard Biz

category iconCategories:
share this 0 comments