Mobile Malware Is A Bigger Problem Than Ever

There was a time when people didn’t have to worry about getting computer viruses on their cell phones. Nowadays, with the exponential growth of mobile technologies, including application development options, mobile malware has become a problem, and it can be a big problem for your business. Today, we’ll take a look at the growing mobile malware market, from the threats to what you can do to keep it from being a problem for you.

What Is Mobile Malware?

Mobile malware works a lot like you’d expect it to. You downloaded a piece of code that is designed to be malignant in some way. Typically, people utilize their requisite app store to download applications, but occasionally users will download files from other sites, and they can carry mobile malware with them. The forms of mobile malware include:

• Drive-by downloads – Sometimes when you open an infected email or visit an infected website, you can be saddled with a drive-by download threat. These can deliver anything from spyware, adware, malware, or even a bot that can use your mobile device to perform their vicious bidding.
• Mobile phishing – Everyone is constantly exposed to phishing, but not always on mobile. Since more computing is done on mobile devices today than ever before, hackers’ tactics have changed. To deliver mobile malware, scammers will use applications, which are disposable on mobile, to trick users into providing their account numbers, personal information, and passwords.
• Viruses and Trojan Horses – Sometimes you can download a rather innocuous file only to find out that you have downloaded a virus that will mine your device for passwords and financial information.
• Madware – Often seemingly useful programs may come with some type of spyware or adware on it. Madware, short for mobile adware, works like PC adware, collecting user information including location, passwords, contacts, and device usage.
• Mobile Browser Exploits – A device’s mobile browser isn’t a failsafe. Any behavior that could put you in harm’s way on a PC, can do the same on mobile.

How to Avoid Mobile Malware

Any nefariously designed software can present major problems for users and businesses, alike. The best bet to keep from being infected with mobile malware is to follow these suggestions:

• Install mobile security software – Just as your antivirus helps you avoid malware; mobile security software will accomplish this.
• Download apps from official stores – Most people don’t download apps from third-party sites, but if they do, they could find themselves inundated with malware. Don’t risk it.
• Keep all applications updated – The newest versions of mobile apps are typically protected with the newest threat definitions. Making sure your software is patched and up-to-date is important.
• Use a mobile firewall – Yes, there are mobile firewalls that you can download on your phones.

By being cognizant of the proactive steps you need to take to avoid mobile malware, you will be less likely to deal with it.

What To Do When Your Phone is Infected?

There are a lot of solutions to help you get malware off your mobile device…but avoiding it in the first place is even better. Block malware attacks before they happen; our Mobile Malware Attack Cheat Sheet shows you exactly what to look for-and to avoid-to protect yourself and your data.

Download the Cheat Sheet here.

Lost Employee Smartphone? 7 Steps You Need to Take Now

“Hey boss, I lost my smartphone.”

How well have you prepared for this moment? It will happen sooner or later. If your company has a plan in place, no big deal. If not, you may suddenly get that sinking feeling in your gut…And well you might. You now have three big worries:

Compliance Issues –If your employee had access to information covered by any number of regulations, your company could be subject to stiff penalties. One employer we know of wound up with a $900,000 fine.

Data Security –Sensitive company data in the wrong hands could spell disaster. Access to your network, secure sites, proprietary files, work-related e-mails and corporate secrets may now be out of your control. You must move quickly to prevent serious financial harm.

Employee Privacy and Property Concerns –If a valued employee had family photos and movies on the device, and you remotely delete all data on the phone, you may now have a disgruntled, or even uncooperative, employee. Especially if company policy regarding BYOD (bring your own device) and data loss were not clearly stated and agreed to up-front.

So how do you prevent a relatively minor incident from blowing up into a big problem? Here are seven smart measures you can take right now to prepare for the day an employee smartphone is lost or stolen:

1. Install a mobile device management (MDM) system on any employee device to be used at work. This software can create a virtual wall separating work data from personal. It facilitates any security measures you wish to impose. And to protect employee privacy, it can limit company access to work data only.

• Determine which devices will be allowed and which types of company data people may access from them.

• Require that employees agree with an Acceptable Use Policy before they connect to your network. Make sure these include notice as to conditions in which company data may be “wiped” –i.e., destroyed. Also include specific policies regarding device inspection and removal of company records.

• Put strong data protection practices in place. Require use of hard-to-crack passwords and auto-locking after periods of inactivity. Establish protocols for reporting lost or stolen devices. Mandate antivirus and other protective software as well as regular backups.

• Designate someone at your company to authorize access to software and critical data. This person can also be your main point of contact for questions about BYOD policy and practices. It might also work well to distribute a resource page or FAQ document to your employees.

• Establish a standard protocol for what to do when a device is lost or stolen. Both Android and iOS phones have features that allow device owners to locate, lock and/or “wipe” all data on their phones. Make sure your policy requires that these features are set up in advance. Then, when a device is lost or stolen, your employee can be instructed to take appropriate action according to your protocol in order to protect company data.

• And finally, your best protection is to implement a well-crafted Acceptable Use/BYOD policy in advance. Develop it in partnership with risk management and operations personnel, as well as legal counsel and IT professionals, to come up with an effective and comprehensive plan.

Download a Mobile Device/Acceptable Use Policy Template here to get started.

Don’t risk waiting until an incident occurs! Begin the process with our template, and contact us anytime for help clarifying and developing a “bulletproof” policy to keep your data safe. Contact us today 216-503-5150.

5 Ways Your Employees are Probably Putting your Company Data at Risk

The biggest block to protecting your company’s data is employee ignorance about cybersecurity. In fact, your employees are probably compromising your data right now and aren’t even aware of it.

In case you haven’t read the reports, a statement from one of the many companies recently forced to close its doors following a cyber-attack involving one of their own employees brings the point home:

“Code Spaces will not be able to operate beyond this point. The cost of resolving this issue and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility.

”Root cause of the disaster? Very likely a phishing attack that one of their own team members unwittingly played a key role in. If you want even a ghost of a chance that your data remains safe and secure, you MUST be aware of the five ways your employees are probably putting your company at risk right now:

Risky Passcode Practices

A good rule of thumb is, if you can recall a password, it’s probably not safe. Require the use of a random password generator to keep weak passcodes from being the weak link in your data’s defenses. Invest in a company-wide password protection system. And wherever possible, use two-factor authentication for logins to critical sites.

Working Outside A Secured Network

It’s great that your team loves to collaborate. Just make sure it’s done in a secure network. E-mail-sharing and file-sharing over a non-secured network can lead to leaks. Train your team to share sensitive messages

only within a secure company network. Even better, invest in encryption and collaboration tools that keep your data extra-safe while in transit. After all, great teams need to collaborate. Just make sure it’s getting done without putting your data at risk.

 E-mail Naïveté

Most people are aware by now that clicking on unknown links in an e-mail can lead to trouble. Yet clever hackers are sending ever more appealing e-mails that trick the unwary into clicking. Insist that no attachments from unknown sources are to be opened. And require that users on your network look up unknown links before blindly clicking on them.

Unattended Devices

Walking away from an open laptop in a coffee shop is a recipe for disaster. Yet even at the office, stepping away from a workstation can expose sensitive data to snoops. Insist that wherever your team works, they maintain complete visual control over any screen showing confidential company data.

Malicious Acts

You may find it hard to believe, but employees leaking critical data on purpose happens all the time. It may be for a personal venture –or a personal vendetta against your company. Regardless of the cause, it’s always a risk. And you may not see it coming. Safeguard all data coming into or going out from your company. And always change access codes whenever someone leaves your employ –willingly or unwillingly.

So…how can you protect your business from employee error?

The thing about cyber security is that it’s a lot more complicated than most people are willing to admit. Today’s digital landscape is fraught with hazards, a thousand little mistakes to be made at every step, resulting in a million workarounds for cyber criminals to use. Even the most tech-savvy among us probably don’t know everything about cyber security, and very few have as much knowledge as the hackers on the other end of the equation. When you consider the uncertainty and potential miseducation of your employees, many of whom probably know next to nothing about cyber security, you might start to feel a little panicked.

The battle against digital threats can seem like an endless slog – a war that the good guys seem to be losing – but luckily, when it comes to the security of your business, there are ways to batten down the hatches without dropping a ton of cash. For instance, start with your biggest vulnerability: your team. When a new employee joins your organization, they should go through a thorough cyber security training. Their welcome forms should include comprehensive rules about security policies, from using strong passwords to how they should respond to potential phishing attempts. Deviating from these policies should come with serious consequences.

As for your existing employees, train them up! We can help you build a robust education program to get every single member of your organization up to speed on the most imminent cyber security threats. But even then, cyber security isn’t a one-and-done kind of thing; it requires constant vigilance, regular updates on the latest trends and a consistent overall commitment to protecting your livelihood. Without training and follow-up, even the most powerful of cyber security barriers are basically tissue paper, so put some thought into your team in addition to your protections, and you can drastically increase the safety of the business you’ve worked so hard to build.

Don’t Fight This Battle Alone

Protecting company data in today’s fluid and fast-changing business environment is tough work. If you don’t have a robust protection plan in place, your critical data IS at risk. Get started with our guide to securing your digital landscape “Bringing Shadow IT Into the Light.” Download it here.

Does Your Business Have Too Much Technology?

Starting a business is certainly no easy feat. It was likely a hassle just to get things up and running at a basic level. While most organizations that provide a product likely had to focus on getting that product to market, technology has begun to help aid this endeavor considerably. Unfortunately, it’s easy to fall into the trap that your organization uses too much technology–so much that it negatively affects your bottom line.

It’s understandable that some technology is absolutely required for organizations to function, but there are always those who look to technology to solve every single issue facing them. This is a dangerous practice. Technology might be great for sharing data, increasing collaboration, and ensuring that your business can meet its designated requirements, but too much technology can make it more difficult for organizations to get their jobs done. Let’s take a look at some situations when technology doesn’t help a business, but hinders it.

Unnecessary Technology
It’s not necessary for your organization to implement every single new solution that is released. It’s often the case that more technology creates more stress for the average worker–particularly if that employee doesn’t need to use the technology in order to go about their day-to-day responsibilities. For example, a CRM solution might be able to help your organization manage customer and interdepartmental communications, but if you only have a small number of employees as is, is it really worth it? There isn’t as big of a need to track how long everything takes, or how your few customers connect with your company, simply because you only have a small number of employees or clients in the first place. It will become apparent if somebody isn’t doing an adequate job, or if one of your clients isn’t happy with how they are being treated. This isn’t to say that your organization can’t benefit from a CRM solution–rather, it’s about weighing the costs versus the benefits that your organization receives from a CRM solution. Basically, if a centralized software solution is what you need to keep your employees busy, it’s probably more than just a technology issue that needs to be addressed.

Of course, this is only one example. Technology that’s not needed ultimately wastes both time and resources that could be better spent elsewhere. Therefore, you need to be careful about how your organization implements new solutions, as well as how you determine whether or not a solution is worth investing in. To do this, start by analyzing how much value your business gets from implementing it. To use the CRM as an example, consider how much time is actually spent using a CRM when you have only five employees. Now compare this to the time spent using a CRM when you have 40 employees. Compared to the smaller workforce, you’ll practically have to use a CRM in order to ensure that you can properly manage all of the relationships and communication within your organization.

Old Technology
In contrast, you might consider implementing new technology if your business has been around the block a time or two. If your business has existed for several years, has a dedicated consumer base, and is still growing despite the fact that it’s using outdated technology, it can be a detriment to your organization to resist implementing new technology. Simply put, old technology is more prone to failure, leading to more revenue spent on maintenance and management, as well as opening up the door for security threats.

Some businesses wait so long to replace or upgrade their technology that they face major legacy technology issues down the line. Others simply don’t have the resources available to upgrade as every new version is released, compounding the problem and making it even larger the more time passes. Either way, failure to upgrade your technology when it’s needed can lead to considerable detriment:

• Loss of productivity: Old technology can lead to a decrease in operational performance. The latest and greatest solutions are much more efficient, leading to faster processing speeds and more productivity.
• Problems with security: More recent operating systems are more likely to have addressed security concerns found in older operating systems and software. This makes them much more secure overall. Plus, older technology is more likely to be fast approaching its end of life event, where it’s no longer updated or maintained by the developers.
• Redundancy: Technology is often the solution to the redundancy issue, but work needs to be invested so as to allow both new and old technology solutions to be compatible with it. This takes time and resources that not all organizations have access to.
• Loss of opportunity: Regarding your web presence, having an outdated website or page can negatively influence your potential interactions with clients. If they don’t like what they see, chances are that they will take their business elsewhere. On the other hand, if your website is streamlined and sleek, they will be more likely to invest in your organization.

Does your business want to take full advantage of business solutions so as to improve your organization’s functionality for the long haul? Net Activity can help. To learn more, reach out to us at 216-503-5150.

What’s the Right Way to Protect Your Business Reputation Online?

Social media accounts for businesses are invaluable tools enterprises use to reach out to their client bases to fully understand their needs and wants. Make sure your social media manager understands the proper way to interact with people online, especially those with bad things to say about the company.

Online reputation management mistakes

As long as you have a successful business or brand, people will always have something to say about it. And when it comes to online reputation management, the goal is to create positive engagement with your customers. So if the discussion about your brand swings negative, here are a few online reputation blunders to avoid.

• Reacting to negative commentary – Negative commentary is generally any commentary that constitutes a verbal attack. As a rule, if it isn’t constructive criticism, it’s probably negative commentary. Feel free to ignore these comments because engaging with them will escalate the conversation further, and fueling those flames are never good for business. It is one thing to stand up for values and principles in a diplomatic manner, and it is a completely different thing to engage in a word war with online commenters who will likely not endure any adverse effects to their negative commentary.
• Reacting emotionally – If your reaction to negative comments is to fire back with negative comments, you’ll appear unprofessional. Customers want to do business with a brand that is professional. If you react emotionally or negatively to a customer online, who’s to say you wouldn’t do the same in real life to the person reading it? As a social media manager, you are the voice of the business. If your voice is abrasive, immature, and easy to bait into a pissing contest, best believe that your customers will see your business in the same light.

How to resolve negative commentary

While a negative comment about your brand may upset you, don’t let your emotions get the better of you and post something you’ll later regret. Instead, calm down, compose yourself, and follow these guidelines.

• Figure out what the customer really wants – Every customer wants their problem to be resolved, but how they want their issue fixed will vary. Some customers want an apology, others want a refund, and some may simply want the product they ordered but did not receive. Just because the customer’s comments are poorly phrased doesn’t mean that they don’t have a legitimate grievance. Learn to ignore the personal attack and carefully draw out the true cause for concern.
• Stick to the facts – When engaging with a customer online, the initial comment can quickly turn into a back-and-forth discussion. If this happens, don’t get off topic when addressing the problem. The customer may try to engage you in a he-said-she-said battle, but avoid taking the bait. Respond with facts, stick to the matter at hand, and don’t get caught up in personal accusations.
• Turn the negative into a positive – Negative feedback is an opportunity to improve your business. So be honest with yourself and, if there’s truth in the comment, take a good hard look at your company. Did the commenter point out a glaring problem you can improve upon? Remember, a business is nothing without its customers, so it makes sense to do your best to please them.

To learn more about how to best manage your online reputation, or for assistance with any of your IT needs, get in touch with our experts today.

The Right Way to Test your Company’s Disaster Preparedness

“By failing to prepare, you are preparing to fail.”

This quote is frequently attributed to Benjamin Franklin, and while it may not have actually been said by the Founding Father, it still teaches a valuable lesson – especially where disaster recovery is concerned. In other words, you need to make sure you have a working disaster recovery strategy – working being the key point.

To do that, you need to make sure that your backup and disaster recovery plans are effective, which in turn means you need to test them.

What Kind of Disasters Do You Need to Prepare For?

The first step to an effective disaster recovery strategy is to be prepared for as many scenarios as possible, as there are a wide variety of circumstances that could create a problem for your business.

• User Errors – While many user errors may be viewed as minor inconveniences, there are plenty of ways that a disaster can result from a simple mistake on the part of one of your users. Accidental deletions, shadow IT, and other common enough scenarios can all put your business in a bad place if you aren’t prepared.
• Key Staff Unavailability – What would happen if someone with exclusive access to key data was suddenly kept from the office, either due to some accident, a personal emergency, or some other situation? If they had exclusive access to critical business information or documents, you may find yourself stuck.
• Equipment Failures – Any business today relies on a lot of equipment, from the machines that power their processes to the infrastructure that supports them, the technologies they use to maintain communications to the basic functions of their location like lighting and HVAC. There are also a lot of ways that the equipment you rely upon could fall short, interrupting your processes.
• Malware – Malware has been a threat to businesses for a long time, evolving from the basic viruses that once plagued systems to the advanced threats that we see today. Adding to the threat is the fact that these attack vectors are constantly updated, meaning you have to stay vigilant against these threats.
• Natural Disasters – These are likely the first threats that pop into your mind when you think of a disaster that needs to be recovered from. Every place on the planet is susceptible to some kind of natural disaster, whether it’s a hurricane, earthquake, flood, high winds… you just need to identify your biggest risk, based on your location, and prioritize your preparations accordingly.
• The Unexpected – There are plenty of potential situations that don’t really fit into any of the other types we went over but can still cause big problems for your business. While these scenarios are hard to predict by definition, you should do your best to be prepared for any situation.

How to Be Sure You’re Properly Prepared

In a word: testing.

There are a variety of preparations and evaluations you should routinely go through in order to be sure that your disaster recovery strategy is sufficient. Why routinely? Simple – while it may be the one that is updated the quickest, malware isn’t the only threat that develops over time. Take user errors, for example: new employees are likely going to be unaware of many threats at first, and the most accurate way to find out what they know is to evaluate them. There are even different means of evaluating your employees, which should be combined into a comprehensive test and delivered on a periodic basis.

These tests should be designed to evaluate both the technical side of your disaster recovery process and your team’s ability to carry it out. As you collect data from these tests, you should update the plan to resolve any issues that may have become apparent, as well as keep your test airtight and devoid of any weak points.

Tests that You Should Run

Like we said, there are assorted evaluation processes that your employees should all go through on a semi-regular basis. These include the following:

1. Walkthrough Test: This is simply a basic review of the plan, reading it over to ensure that everyone involved remains updated to any possible changes that may have been made.
2. Tabletop Test: Similar to a tabletop game, someone from each department comes in and is given a hypothetical disaster scenario. Each team member should explain what they would do in their given scenario. This is useful in revealing possible shortcomings in a business’ existing strategy.
3. Parallel Test: These tests are meant to evaluate how well the restoration process works, using a virtual machine to “restore” your system, which continues to run in your usual infrastructure
4. Full Interruption Testing: This test is one of the most in-depth, but also the most risk-laden, as it could lead to actual downtime. In fact, some industries have regulations barring this kind of test, so be sure to double-check with your IT resource that this option is available to you.

Disaster recovery is a critically important process for any business; to make sure you are on the right track download our Business Continuity Essentials Guide below.

Safety First! 6 Best Practices for Protecting Your Data In the Cloud

According to a 2019 estimate by Research & Markets, the global cloud computing market was projected to grow from USD 2.8 billion to USD 9.0 billion by 2024. It’s not hard to see why; cloud computing-public and private-offers the advantage of a lower cost of ownership of IT applications, super-fast time to market, and unmatched surges in employee productivity. But with this explosive growth, cloud computing brings extra risk to your organization; a security breach of your data can cause the loss of ultra-sensitive information and intellectual property, compliance violations, credential breaches and hijacking of accounts. Making sure the right security measures are in place, and utilizing common-sense best practices are key to protecting your data in the cloud. Here are a few of our suggestions:

1. Understand the Risks, and Ask your Cloud Provider the RIGHT questions. It’s critical to consider the areas of risk and vulnerability your company may be exposed to, so you can select a cloud partner who can address your unique security issues. Before making a significant investment in a cloud computing strategy and platform your organization should conduct a thorough risk analysis. Be sure to include risk management professionals in your cloud design and deployment project, and make sure that you seek counsel from the legal and compliance teams.
2. Once you and your company have decided to move to a cloud service platform your first step is to choose a provider that fits your needs. Some points to take into consideration on your search are:
   • Are their security standards appropriate? Do some research. Make sure that the company has a good reputation and solid security policies. Remember, you are trusting this company to store your sensitive business and personal information.
   • How much data will you be storing? Search with a realistic expectation of the size you need to store all your files.  Many companies charge by the amount of storage you are requesting.
   • Is your data encrypted when being uploaded to or downloaded from the cloud? Make sure that your browser or app requires an encrypted connection before you upload or download your data.  Look for the “https://” or the padlock beside the URL in your browser.
   • Is your data encrypted when stored in the cloud? You will have to read the terms of service to find this out, but often your data will be stored on the cloud server with no encryption, this means that anyone that has (or can get) high level access to that server will be able to read your files.  This may not be an issue for many files, but you should carefully consider what kind of information you are storing in the cloud and whether you are comfortable with some other person you don’t know accessing it.  At a minimum, no data that is protected by law (medical information, personal identifiers, financial data) should be stored in the cloud unless the storage solution is encrypted and you know who can decrypt it (it should only be you or your organization) and for what reason.
   • Understand how access is shared with your cloud folder. Several cloud storage providers allow you to share access to your online folders with other people. Be sure you know in details how this works.
   • Understand your options if the cloud provider should be hacked or should lose your data. Services like this require that you sign their terms and conditions before they allow you to use the service.  In the vast majority of cases, these conditions state that you have very little, if any, remedy if anything bad should happen.  Be aware of what you are signing away.
3. Remember: ultimately YOU are responsible for your data. See above. The first, most important thing you must understand about data security in the cloud: you can outsource the processing and storage of your data, but you can’t outsource responsibility for securing it.  Security takes a commitment from everyone in your organization not just the IT staff or security personnel. In fact, according to insurer Beazley’s Breach Insights report, as of July 2018 fully 30 percent of all security breaches were caused by employee error or fraud. Ever-changing malware and social engineering attacks are a constant threat, so educating employees to identify red flags found in fraudulent email sources and implementing strong, consistent password policies are critical in mitigating internal data security breaches.
4. Establish Strong Data Authentication and Access Policies. Now that you have addressed the general employee level of exposure what steps can you do to secure your data in the cloud? The idea here is to contain, mitigate and report any form of intrusion.   Limiting users to access only the necessary applications and data essential to their job function in essence limits the reach of a rogue employee; Role Based Access is a key step in securing your data and environment.
5. Always Backup your Data. One of the most overlooked aspects of cloud computing and one of the easiest way to increase the control of your data is to make sure that whatever happens, you have a secure backup of that data. This is more about securing your business than your actual data but provides the same type of peace of mind.
6. Be Proactive. Regularly test your data security with regularly scheduled penetration testing, vulnerability scanning and employee assessments. Make sure you have a well-defined process in place for regular patches and updates.

Achieving sufficient security assurances in the cloud is possible but it is not guaranteed. Just like any other IT project, you have to do your homework and in the case of security, it is better to be safe than sorry!

4 Top Security Risks In Any BYOD Strategy and How To Avoid Them

Taking work home, or practically anywhere, has never been easier. The bring your own device (BYOD) strategy has become a popular approach for many businesses to conduct work more efficiently and flexibly.  For users, the ability to work from your personal device without the need to shift from one device to another and the ability to work from virtually anywhere is just hard to pass up. For employers, the advantage of not having to provide mobile devices for their employees while still having them connected to your main communications system really drives down cost. It surely is a win-win situation for both the employer and employees.

However, like anything else in this world, BYOD policies comes with its own set of challenges. For one, the line between personal and company-owned data will probably get skewed and the number of non-IT staff controlled devices that are connected to the company is presenting new security problems as well.

To give you more of an idea, here are the top security risks of implementing a BYOD policy:

Lost or Stolen

According to an Ernst and Young study on BYOD, about 22% of all mobile devices produced will be lost or stolen during their lifetime and about 50% of all these lost or stolen devices will never be recovered. While majority of these devices are stolen for the value of the device itself, the number of lost or stolen devices whose information were accessed is also growing. And with personal information mixed with private company information in one device, the risk of those information getting out in the open in the event of theft is now a scary possibility.

No Password Protection

A lot of users do not really protect their personal devices or the applications within their devices with passwords. Or even if they do, they tend to choose simple passwords for convenience. These devices are easily compromised in the event of theft or hacking.

Mobile App Breach

There are tons of malicious apps out there whose goal is not only to corrupt the device software, but also to hack and access private information within the device. And with your personal and company information being treated the same way, both are in danger of falling to unscrupulous groups or individuals. Aside from that, even apps that are deployed by the company itself can be a problem. Even if an app is provided by the company, if no safeguards are incorporated in the app, then it is still susceptible to attacks.

Non-Encrypted Data and Connections

Imagine your data, including voice, going through the public internet without protection or safeguards. It can be intercepted while in transit or while at rest.

So what can you do? Should you just scrap BYOD altogether? Well, there are certain ways to improve security so that you can safely implement BYOD in your company. Here are some tips:

1. Secure the mobile devices – A lot of the problems above can be addressed by securing the mobile device itself. Company should invest in a mobile device management (MDM) solution that can enforce security policies and ensure only approved devices can access your network and resources. Invest in heavy encryption as well, to protect your network infrastructure and your data as it passes through the public Internet.
2. Secure the apps in the devices – Of course, this is easier said than done. After all, you are essentially suggesting regulating the apps within personal devices of users. What you can do is encourage apps from an in-house app store that are secure.
3. Choose cloud providers that offer top-notch security and protection – For example, cloud phone system providers have highly redundant and heavily encrypted connections to protect data traffic.
4. Use mobile anti-virus programs – This will help protect the mobile device’s OS and software, plus most anti-virus tools can detect malicious apps and pages that can be harmful to the device.
5. Perform continuous risk-assessment – Identify and monitor all possible susceptibilities in your network and devices. This is not a one-time thing. Dangers to your data evolve as fast as technology improves so a continuous audit should be implemented as a best practice.

Lastly, you should also involve your employees in the discussion. After all, it is their own mobile devices that you are trying to protect and regulate. They should have a say in the matter or they will not buy in to your BYOD policy.

BYOD will help your business grow, but it comes with IT security risks that you should be prepared to handle.

Need help mitigating these BYOD risks? Call us today, and let’s find the best IT security solutions for your company.

Securing Your Email is Crucial for Your Overall Security

Email security has suffered in the past several years due to the commoditization of basic email security services. If every spam solution is the same, then they can be changed out to just about any other solution out there, removing quality and replacing it with quantity. We have seen this trend take antivirus–the fact that free antivirus exists and many people prefer it over some paid solutions is a testament to this–but will spam protection move in the same direction?

Let’s take a look at the current state of email security, and what the future holds for perhaps the most important method of business communication solutions.

Email Security is on the Rise
For a long time, businesses were focused on keeping threats out of their infrastructure through the use of solutions like firewalls that were controlled centrally. Once email servers entered the picture, these types of solutions became less valuable. Nowadays, many of the services offered by security companies are largely the same at the root level. Ultimately, the differences in email security that you’ll see between companies aren’t in the actual antivirus and spam protection features, but in the additional options and features that they come with. It’s practically necessary in order for any solution to actually stand out from others out there.

To an extent, this is a good thing, as organizations are forced to innovate rather than remain stagnant in their service offerings. This is why we always express the importance of enterprise security solutions rather than just spam protection on its own. Centralization is absolutely critical to the success of these solutions. If you have multiple solutions located all across the network, it’s not nearly as effective or efficient as it can be, and you certainly don’t get the comprehensive network security–email included–that you need to keep your organization as secure as possible.

What You Can Do
To keep your business as secure as possible for the future, you’ll need to think about how email plays a part within your business. Chances are you use it for both internal and external communications, which makes it the ideal target for scammers and spammers to infiltrate your organization. Your business needs to secure its email solution through the use of encryption and firewalls, but it should also be prepared to handle advanced attacks such as denial-of-service and directory harvesting. If you fail to secure your business from these types of threats, they could create bigger problems for your organization down the road.

Net Activity offers a comprehensive, centralized security solution in our Unified Threat Management (UTM) tool. It combines several solutions into one convenient package, including spam protection, antivirus, a firewall, and a content filter, all to mitigate and eliminate potential issues for your network security.

Average Ransomware Attack Payments Total $6,700 Per Incident

How much does a successful ransomware attack cost a victim on average? The numbers will terrify you.

Based on the latest statistics compiled by Coveware, each incident of a compromised computer costs a whopping $6,733, which is a hefty 13 percent increase from just one quarter ago.

Part of the increase stems from the fact that some strains known for demanding higher than average payments are seeing increased use. Among these are the SamSam and Ryuk families of ransomware. Another reason driving the increase is the fact that after the initial wave, hackers apparently compile statistics, enabling them to zero in on companies that are relatively easier to breach and more willing to pay. Put the two together, and they’ve got a virtually guaranteed, high profit, low risk enterprise.

Bill Siegel, the CEO of Coveware explains that his company’s Q4 data set is derived from 226 different ransomware attacks that were reported to and triaged by the company. He warns that companies that choose to pay the ransom aren’t guaranteed to receive an unlock key that will decrypt their files and give them their files back. There’s more than a little risk involved in giving the hackers what they’re demanding.

Unfortunately, many companies don’t have robust backup routines, and if they don’t pay, their files are lost forever. That’s an awful position for any company to be in, but fortunately, there’s a simple fix for that.

With the number of ransomware attacks expected to continue to increase this year, if you don’t already have a robust system of backups in place, it’s well past time to make sure that you do. Afterall, $6,733 per incident adds up quickly, and it’s a punishing price to pay indeed. It is much more expensive than a rock-solid system of backups. The choice is obvious.