Technology Titans

Menu

Technology News​

People and businesses are using more cloud based technologies than ever before, in some cases without even realizing it. For example, data that used to be kept on flash drives for storage, backup, and transfer is now stored, shared, and accessed via the cloud. At the same time, when smartphone users back up data that resides on a device that is also used for work, there is often a lot of uncertainty about the amount of data that has actually been backed up, where it resides, and how long it will stay there. In many cases, these devices are being accessed by user names, email addresses and pass codes that haven’t been changed for years. Take, for example, a current iPhone 6 user whose first iDevice was an iPod. For that owner, the main purpose of having the first device was to download music, which would not seem to require a lot of pass code security. As many iDevice users have done, years of upgrading has taken them from having a device that held their music collections to one on which sensitive company data resides. Through this process the access codes that were protecting catalogues of songs become the same ones used for iCloud services. If your company has adopted a BYOD standard and these risks sound like possibilities, take these 3 measures now to secure your data as well as network privacy in the cloud:
  1. Implement a password policy – Many of the most basic passwords, such the types that would be easy to remember while protecting generic data on a simple device can be cracked by an experienced hacking team within seconds. To protect this access point, implement a password policy that includes specific protocols for setting up complex access codes and then decide on a timeframe after which they must be changed. 
  2. Consider a private cloud for highly sensitive information – Across the scope of technology, the creation of new capabilities runs faster than the development of ways secure it. If your company has highly sensitive data that cannot be put at risk, consider using a private cloud that can be put in place and secured with compartmentalized access, two-step verification, 24/7 monitoring, etc.
  3. Develop an understanding of how data may be transmitted to the cloud as well as what happens to it after transmission – The ease and convenience of using many cloud based services often gives users a “plug and play” mentality in which they start using a platform without having a full understanding of how it works. If there are services that are commonly used by your employees on their own devices, providing ongoing training on how their preferred cloud services work can help to avoid the unintentional transmission of sensitive data.
New technologies are not always accompanied by adequate security measures. By starting with the actions listed above, companies can start taking measures to protect their own interests, data, and privacy.

Technology that makes Buildings Smarter and Networks more Vulnerable

While there is a different definition for smart buildings for each person that tries to define them, the one aspect that can be agreed upon by all parties is that connecting climate controls, lighting, locking systems and other building elements to the web drastically increases the security risks for the structure as well as any networks that are connected to it. To add a little more risk to the equation, the integration of different management systems within smart buildings also extends beyond the structure’s walls as government agencies and programs such as ENERGY STAR push for greater energy efficiencies, part of which requires connections to smart meters as well as the smart grid. Network security researchers see two primary risks in the rapid build-out of structures with an ever increasing number web-enabled devices and systems; in the rush to connect everything to the web, the security of the connected devices exists basically as an afterthought, and hackers can gain access to networks within the structure through breaches of less secure networks that are connected to them. In terms of the lack of security in connected devices and systems, the risks arise from the relatively easy process of gaining access to more extensive networks through, for example, a printer that has been web enabled via a wireless connection. The best example of a threat coming from a poorly defended outside network is the massive breach of Target’s financial data, which was facilitated by hackers gaining access to the retailer’s network through a service contractor that maintained the HVAC system via a web enabled connection. Additional risks include:
  • Access to closed circuit security cameras – Outsourcing security to third parties, especially when multiple devices are bundled to provide additional utilities such as climate control and lighting present the potential for hackers to put their eyes in the building by gaining access to cameras within the structure.
  • Access to operational capabilities within the building – Hacking into an integrated security system could allow doors to be unlocked, power to be cut, and a variety of other issues that could jeopardize both physical and digital assets within the structure.
  • Attacks on IT – Intrusions can also be used to corrupt IT systems within the structure through the insertion of malware, viruses, etc. In buildings with networks that aren’t compartmentalized, the insertion of malware in a network designed to monitor lighting needs can quickly spread to other networks that that serve as the backbone of operations.
Some of biggest risks of web-enabled structures are presented by the growing number of off-the-shelf automation products that offer functionality without security. Mitigating these risks requires the implementation of professionally designed building automation products that include defenses against hacking, with the trade-off being that these products will be more expensive than products that can be purchased at the neighborhood electronics store.

What the Rise of Shadow IT Means for your Company

Shadow IT, which is defined as the application of unauthorized web-based tools and services inside the workplace, isn’t quite as secretive as it sounds as C-level executives, employees, and people within IT departments are increasingly purchasing, downloading, and/or accessing apps and services without going through corporate channels. For companies of virtually any size, shadow IT is gaining traction for a variety of reasons, but the primary one is that solutions can be accessed without waiting.

The availability of Software as a Service (SaaS) solutions means that employees and other people within an organization don’t have to wait for development by or approval from the IT department for implementation. In this environment, if tools are available that can improve the quality of work, productivity, etc. SaaS apps are being accessed and used, either with or without corporate knowledge or supervision.

The good news for businesses is that, in the vast majority of cases, employees take the shadow IT route to be able to perform their jobs better through the use of third party apps that are superior to those that have corporate approval as well as solutions with which they are familiar and comfortable. This benefit, however, also carries with it a major challenge; shadow IT is gaining traction in the workplace, leading to the exponential growth of potential access points for hackers. Despite the dire warnings of the increased risks as well as actual cases where networks have been compromised via unauthorized SaaS solutions, the uptake of shadow IT across all levels remains unabated.

In this environment, enterprises of all sizes are faced with two realities:

  1. Shadow IT isn’t going away – The evolution of services that are being developed and offered by third parties is moving forward at a rate that the vast majority of in-house IT departments cannot maintain, meaning that the escalating deployment of unauthorized services is likely to continue.
  2. Enterprises have to get in front of these changes instead of trying to hinder them – By encouraging open communication in the workplace regarding shadow IT services, enterprises can surface apps that may add utility across their platforms while also being able to implement policies that increase their level of network security.
The rise of shadow IT brings opportunities as well as challenges. For enterprises, this rapidly changing landscape will require the flexibility to embrace third party services that add value as well as the vigilance to maintain security protocols to protect their networks on an ongoing basis.

The of Risks Posed by Social Media to your Network

Whether your employees use the same device for work-related tasks and participating in social media sites or keep these activities separate, there are several risks to your company’s network that can originate from these platforms. These risks include:

  • Phishing/social engineering – The best way for a hacker’s phishing email to succeed is to make it look like it comes from a trusted source, which can be accomplished with social engineering facilitated by profile and other information on social network pages. For example, a hacker can use an employee’s posts about attending a presentation at a trade show to start a conversation about a topic within that presentation, the information for which can be found by looking at the online schedule for the trade show. The hacker can then send an attachment loaded with malware, saying that it’s another presentation on the same topic. 
  • Shortened URLs on Twitter – The 140 character limit on Twitter makes shortened URLs appear logical but these links can direct employees to sites that are designed to mine the accessing device for information. If the malicious site is accessed by a device that also accesses company assets such as its network, data storage, infrastructure, etc., hackers can gain enough information to proceed with a damaging intrusion.
  • Clickjacking – This practice is designed to trick people into clicking on links promising the “funniest video ever”, for example, which then takes them to malware-loaded web pages or to surveys where private information may be disclosed. This information can then be used to determine potential passwords as well as the answers to security questions such as a mother’s maiden name to gain access to company networks.   
  • Downloading malicious apps – Whether the draw is related to a social game such as “Farmville”, music downloads, or a variety of other purposes, apps are constantly being downloaded to mobile devices. Unfortunately, many of them carry malware designed to infiltrate the device for pass codes, access keys, and other forms of information that may reside on the device. To make matters worse, these types of malware can send themselves out to the employee’s contact list, multiplying the amount of information that can potentially be exported. 
  • One of the first steps for businesses regarding the management of risks related to their employees’ participation on social media sites is to develop policies on what may and may not be communicated on these platforms. The second step should be the implementation of ongoing education on the risks that are involved in social media participation, as well as techniques to mitigate those risks.     

Technology News