Small Businesses according to American Express Open
As you can see, some of the items on this list are things that you can install onto your computers to help protect you from the bad stuff, the others are things behaviors that if followed would greatly reduce your risk.
Because mobile devices were traditionally complex and expensive, they were relegated only to companies that provided those devices. However, as devices got easier to use and more affordable, people began to purchase personal devices. As this number grew, people wanted to use one device for both personal and business. So many small business owners are now need to make a choice. BYOD or COPE? Or “Bring Your Own Device” vs. “Corporate Owned, Personally Enabled”.
The Typical Solution – BYOD. According to the CDW Small Business Mobility Report for 2012, nearly 9 out of 10 of small-business employees use their personal mobile devices for work. But how do you support and more importantly secure all of these devices? The scary thing is that most small businesses don’t even try! The survey found that only 1 out of 5 small businesses have deployed (or plan to deploy) any systems for managing and securing employees’ personal devices.
The Alternative – Is COPE Any Better? A minority of small businesses has implemented a Corporate Owned, Personally Enabled (“COPE”) policy instead. They buy their employees’ mobile devices, secure them, and then let employees load additional personal applications that they want or need. And the employers control what types of apps can be added too. And the “personally enabled” aspect of COPE allows employees to choose the company-approved device they prefer while permitting them to use it both personally and professionally. COPE is certainly more controlled and secure, but for a business with a limited budget, buying devices for every employee can add up pretty quick. If you go the COPE route and are large enough to buy in volume, you can likely negotiate substantial discounts.
Security Concerns With BYOD. If you have client information that must be kept secure or other industry specific regulations regarding the security of client data, then COPE is likely your best approach. It takes out any gray area of whose data is whose. Plus there is a certain comfort level in being able to recover or confiscate any device for any reason at any time to protect your company without any worries of device ownership.
Advice For BYOD Companies. Despite the numerous advantages of COPE, most small businesses will still choose BYOD because it can save them money. Here are 2 of Lawrence Reusing’s (GM of mobile security at Imation) important rules for BYOD. Consider these when creating your mobile device policy.
Have you ever had one of those days when you head into the office looking forward to a “calm everything is as it should be day.” …and then your network crashes and your stress level goes through the roof? If so then you know how this unsuspecting used car salesman feels on a surprise test drive with NASCAR star Jeff Gordon.Give us a call we will make sure you network is as reliable as your Grand Dads’ old Buick.
Although these recommendations will certainly help speed up your systems, it’s not a silver bullet. If your computer network is seriously out of date or constantly crashes or is painfully slow, find an IT support provider. Then it’s time to “Keep Calm and Call Triada Networks.”
Most small businesses and startups try to go it themselves when it comes to computer support. Many companies will pick the partner that is the most tech savvy or has a younger family member to help bridge the technology generation gap; heck they set up your home wireless network, right? Depending on your sophistication, you may be able to get away with it. However, here are some signs that may show that you are ready to look for outsourced IT support.
When your technology isn’t working, your business isn’t either. This isn’t just a motto or a throw away marketing line. We know this is true about our customers which is why we take making sure your computer networks are running optimally and available, very seriously.
If you are interested in a FREE Network Report Card, give us a call at 201-297-7778 or visit http://triadanet.com/free and fill out the form. We will come to you and provide a no-obligations assessment of where your computer network stands and hand you a report card.
Businesses have different challenges when it comes to authentication. We’ll break this down in several areas.
Password policies are a set of rules defined by a business to enhance the security of their computer assets. The policy can take many forms and there are various schools of thought that say whether complex passwords or longer passwords are better. Regardless of what a business’ policy is, weak passwords may result in unauthorized access and compromise. All users of your systems: employees, senior executives, contractors, and vendors should be included in your policy.
Administrator accounts are the most sensitive in your company. However, most businesses never change them. We recommend that the main “root” or “administrator” account is not used, but individuals that have been provided their own administrator account separate from their every-day account. These accounts should be changed at least once a quarter. Each account should be documented with what access levels they have in a secure database. These accounts should be periodically audited for access.
Service accounts are special accounts used by processes or programs that need a special level of access. These too are rarely changed in most organizations. Like the administrator accounts, these should be documented with what access levels they require and no more. These passwords should be changed at least once a quarter or whenever anyone who has access to these accounts leaves the firm.
User accounts, or standard accounts, are used by every day employees, contractors, etc. These accounts should be at least changed twice a year.
Passwords can be a combination of lower case, upper case, numbers, and symbols. At least three of these four should be used and passwords should be at least 15 characters. This length with complexity and a longer time between changing accounts strikes a good balance One recommended way to deal with this is to use pass phrases. Phrases are typically easier to remember and type in than a cryptic set of symbols, letters and numbers which will more likely end up on a post-it note. A Pass-phrase examples could be a famous quote, a passage from a book, a line from a movie, or a joke.
A history of passwords should be kept so they cannot be re-used too frequently. For example, if you set your password history to be 6 and you change your password once every 6 months, it will be over 3 years before you can use the same password. However, if someone changes their password in succession to bypass that, it would defeat the purpose. So make your password histories long AND define a minimum password age of at least 1 day.
If you are an administrator or a business owner, you probably have tons of passwords that you have to remember. We reviewed some personal password managers in http://triadanet.com/is-your-password-12345/. Some of these have enterprise versions as well such as LastPass. Many people will use an Excel spreadsheet that is password protected or encrypted using a program such as TrueCrypt. There are also some stand alone password managers like KeePass. KeePass will encrypt all your passwords and will help you generate very random ones as well. You can protect your KeePass vault with a password, a keyfile, or some other method.
We actually use a different method. We have a central password manager that we can access securely over the web. The connection to this password manager is protected as is the data that is stored there. We can then “check out” a password when it is needed and then enforce changes to passwords for administration accounts and service accounts. Accounts on the password system will be given access to certain vaults. So if an employee leaves the firm, you know right away what passwords they have access to and can take appropriate steps to change them. You may wonder, well that’s all well and good, but what if your password on the vault is compromised, doesn’t that leave you vulnerable because now all of your passwords are exposed? The answer is yes potentially. However, by protecting the Password management system with a Two Factor Authentication method such as a software or hardware one-time-password token, or a usb dongle, you mitigate against that possibility.
Passwords are the most popular way to configure systems for access control. Although Two Factor systems, biometrics, etc. are gaining ground, we still need our passwords for now. So safeguard your keys to the kingdom with passwords that are long enough, complex enough, and change often enough.
That’s it! Now you know how to leave us, I mean, anyone a review. In the future we will discuss how to create your own Google Local page.
You and your employees’ confident in the security systems and products is the #1 threat to your network. It doesn’t matter what anti-virus software or other safe-guards you are running if your employees do not surf safely. This will result in porn pop-ups or more nefarious spyware that will quietly steal information. Websites promising free stuff, result in theft of information like your mother’s maiden name, high school, etc. used to answer common security questions leading to theft of otherwise secure data. Think before you click!
No one can deny the popularity of social networking sites like Facebook. Threats range from malware (eg. viruses, worms, spyware) to scammers trying to steal your identity, information and money. Businesses are using these sites to communicate with their colleagues and clients, so blocking outright is no longer an option. Educating your employees and enforcing a strong acceptable use policy.We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network access.
Mobile is the largest growth area in computing. Mobile devices such as smartphones and tablets are growing at an incredible rate. These small mobile devices often contain sensitive business data and they are easily lost or stolen. Be sure to password protect and encrypt data on all mobile devices whenever possible. Ensure you include mobility and BYOD (Bring Your Own Device) in your acceptable use policy and your enforcement system.
Although the cloud is many things, in its basic form it involves using the Internet to access and store your data. When you use programs that store their data online such as email, Facebook, DropBox and others, you are working in “the cloud.” Using the cloud for automated off site backup has rapidly gained popularity and is just the beginning. Companies like Microsoft and Google envision the day when we will use inexpensive terminals or devices such as tablets instead of computers to run programs and access data located somewhere on the Internet. Data should be secured not only where it is stored but as it is transmitted over the Internet.
Passwords are the least expensive way to keep people out of systems they should not have access to. Unfortunately most companies to not properly set password policies to prevent the use of weak passwords: such as dictionary words or information about the person that can be simply found by doing a couple of Internet searches or looking at social networking sites.
The flip side of the password issue is that if you force employees to select very complex passwords that are difficult to remember, they will write them down on those yellow sticky notes and stick them to their monitor or under their keyboards. Security professionals that do security assessments and penetration testing, call these “yellow gold.” By checking dumpsters or waste baskets for these sticky notes, an attacker will gain knowledge to your password patterns.
Ok, so if you can’t select weak passwords and you shouldn’t select complex passwords because employees will write them down, what should you do? What is a good password? Armstrong and Simonson state the obvious: “a good password is easy to remember, but hard to guess.” (Armstrong, 1996) One effective method would be to use a pass phrase. Perhaps a line from your favorite movie: “I made him an offer he can’t refuse.” If your systems or application cannot support long passwords, use the first letter of each word: “Imhaohcr” You can make this further complex by replacing certain letters with similarly looking symbols or numerals: “!mh@0hcr” This makes it something easy to remember, but hard to guess. A website that I like to use for generating easy to remember passwords is actually one meant for kids, called dinopass.
But because passwords are cheap, they are also inexpensive to break into. Attackers have many tools at their disposals to crack passwords. A password is a one factor authentication system in that it uses something you know, your password. A two factor authentication system adds a second factor to reduce your exposure. A second factor can be something you have like a token that generates one time passwords or something you are like a fingerprint, iris or retina scan, face recognition, etc. You must decide as a business owner if the additional expense of adding such a system to protect your assets. But if it can prevent a loss of customer data, it may well be worth the expense.
One difficulty we all face is the multiple accounts we need to maintain. People have used several methods to cope. Using the same password on multiple accounts common but is not great idea. A less than secure website for example that gets compromised could reveal your account information for a more secure system, like your bank. An alternative way to this is to use separate passwords for your important and sensitive systems vs. ones that are less so. This minimizes the impact for a breach, but it still will leave multiple systems vulnerable. Adding a known password along with a pattern related to the system that you are accessing, such as an abbreviation of a website name.
A better solution would be to use a password manager. A password manager can generate random passwords for each system or website that you need and is protected with a single password. The key to this is of course the strength of that “master password.” Replacing the master password with a two-factor solution as described would provide an additional layer. One such password management system is LastPass, another is 1Password, which up until recently, was only available on the Mac platform.
Businesses have a similar and yet more complex concern. But more on that later…
Bergen County including Northvale, Norwood, Harrington Park, Old Tappan, Emerson, Englewood, Closter, Demarest, Westwood, Paramus, Dumont, Hillsdale. Pearl River, Ridgewood, Englewood Cliffs, Closter, Fort Lee, Hackensack, Teaneck, Montvale, Oradell, River Edge
Rockland County including Nanuet, Piermont, Orangeburg, New City, Nyack and Spring Valley.
Westchester, Stamford CT, Morris County, and Manhattan
201 Firenze Street
Northvale, NJ 07647