Technology News

3 Measures to Secure Data and Privacy in the Cloud

Cloud Power

People and businesses are using more cloud based technologies than ever before, in some cases without even realizing it. For example, data that used to be kept on flash drives for storage, backup, and transfer is now stored, shared, and accessed via the cloud. At the same time, when smartphone users back up data that resides on a device that is also used for work, there is often a lot of uncertainty about the amount of data that has actually been backed up, where it resides, and how long it will stay there.

In many cases, these devices are being accessed by user names, email addresses and pass codes that haven't been changed for years. Take, for example, a current iPhone 6 user whose first iDevice was an iPod. For that owner, the main purpose of having the first device was to download music, which would not seem to require a lot of pass code security. As many iDevice users have done, years of upgrading has taken them from having a device that held their music collections to one on which sensitive company data resides. Through this process the access codes that were protecting catalogues of songs become the same ones used for iCloud services.

If your company has adopted a BYOD standard and these risks sound like possibilities, take these 3 measures now to secure your data as well as network privacy in the cloud:

Implement a password policy - Many of the most basic passwords, such the types that would be easy to remember while protecting generic data on a simple device can be cracked by an experienced hacking team within seconds. To protect this access point, implement a password policy that includes specific protocols for setting up complex access codes and then decide on a timeframe after which they must be changed.
Consider a private cloud for highly sensitive information - Across the scope of technology, the creation of new capabilities runs faster than the development of ways secure it. If your company has highly sensitive data that cannot be put at risk, consider using a private cloud that can be put in place and secured with compartmentalized access, two-step verification, 24/7 monitoring, etc.
Develop an understanding of how data may be transmitted to the cloud as well as what happens to it after transmission – The ease and convenience of using many cloud based services often gives users a “plug and play” mentality in which they start using a platform without having a full understanding of how it works. If there are services that are commonly used by your employees on their own devices, providing ongoing training on how their preferred cloud services work can help to avoid the unintentional transmission of sensitive data.

New technologies are not always accompanied by adequate security measures. By starting with the actions listed above, companies can start taking measures to protect their own interests, data, and privacy.

Technology that makes Buildings Smarter and Networks more Vulnerable

Typical

While there is a different definition for smart buildings for each person that tries to define them, the one aspect that can be agreed upon by all parties is that connecting climate controls, lighting, locking systems and other building elements to the web drastically increases the security risks for the structure as well as any networks that are connected to it. To add a little more risk to the equation, the integration of different management systems within smart buildings also extends beyond the structure’s walls as government agencies and programs such as ENERGY STAR push for greater energy efficiencies, part of which requires connections to smart meters as well as the smart grid.

Network security researchers see two primary risks in the rapid build-out of structures with an ever increasing number web-enabled devices and systems; in the rush to connect everything to the web, the security of the connected devices exists basically as an afterthought, and hackers can gain access to networks within the structure through breaches of less secure networks that are connected to them. In terms of the lack of security in connected devices and systems, the risks arise from the relatively easy process of gaining access to more extensive networks through, for example, a printer that has been web enabled via a wireless connection. The best example of a threat coming from a poorly defended outside network is the massive breach of Target’s financial data, which was facilitated by hackers gaining access to the retailer’s network through a service contractor that maintained the HVAC system via a web enabled connection.

Additional risks include:

Access to closed circuit security cameras – Outsourcing security to third parties, especially when multiple devices are bundled to provide additional utilities such as climate control and lighting present the potential for hackers to put their eyes in the building by gaining access to cameras within the structure.
Access to operational capabilities within the building – Hacking into an integrated security system could allow doors to be unlocked, power to be cut, and a variety of other issues that could jeopardize both physical and digital assets within the structure.
Attacks on IT – Intrusions can also be used to corrupt IT systems within the structure through the insertion of malware, viruses, etc. In buildings with networks that aren’t compartmentalized, the insertion of malware in a network designed to monitor lighting needs can quickly spread to other networks that that serve as the backbone of operations.

Some of biggest risks of web-enabled structures are presented by the growing number of off-the-shelf automation products that offer functionality without security. Mitigating these risks requires the implementation of professionally designed building automation products that include defenses against hacking, with the trade-off being that these products will be more expensive than products that can be purchased at the neighborhood electronics store.

What the Rise of Shadow IT Means for your Company

Microsoft and Cisco Certified Experts (default.htm) page

Shadow IT, which is defined as the application of unauthorized web-based tools and services inside the workplace, isn’t quite as secretive as it sounds as C-level executives, employees, and people within IT departments are increasingly purchasing, downloading, and/or accessing apps and services without going through corporate channels. For companies of virtually any size, shadow IT is gaining traction for a variety of reasons, but the primary one is that solutions can be accessed without waiting.

The availability of Software as a Service (SaaS) solutions means that employees and other people within an organization don’t have to wait for development by or approval from the IT department for implementation. In this environment, if tools are available that can improve the quality of work, productivity, etc. SaaS apps are being accessed and used, either with or without corporate knowledge or supervision.

The good news for businesses is that, in the vast majority of cases, employees take the shadow IT route to be able to perform their jobs better through the use of third party apps that are superior to those that have corporate approval as well as solutions with which they are familiar and comfortable. This benefit, however, also carries with it a major challenge; shadow IT is gaining traction in the workplace, leading to the exponential growth of potential access points for hackers. Despite the dire warnings of the increased risks as well as actual cases where networks have been compromised via unauthorized SaaS solutions, the uptake of shadow IT across all levels remains unabated.

In this environment, enterprises of all sizes are faced with two realities:

Shadow IT isn’t going away – The evolution of services that are being developed and offered by third parties is moving forward at a rate that the vast majority of in-house IT departments cannot maintain, meaning that the escalating deployment of unauthorized services is likely to continue.
Enterprises have to get in front of these changes instead of trying to hinder them – By encouraging open communication in the workplace regarding shadow IT services, enterprises can surface apps that may add utility across their platforms while also being able to implement policies that increase their level of network security.

The rise of shadow IT brings opportunities as well as challenges. For enterprises, this rapidly changing landscape will require the flexibility to embrace third party services that add value as well as the vigilance to maintain security protocols to protect their networks on an ongoing basis.

The of Risks Posed by Social Media to your Network

Managed Services

Whether your employees use the same device for work-related tasks and participating in social media sites or keep these activities separate, there are several risks to your company's network that can originate from these platforms. These risks include:

Phishing/social engineering - The best way for a hacker's phishing email to succeed is to make it look like it comes from a trusted source, which can be accomplished with social engineering facilitated by profile and other information on social network pages. For example, a hacker can use an employee's posts about attending a presentation at a trade show to start a conversation about a topic within that presentation, the information for which can be found by looking at the online schedule for the trade show. The hacker can then send an attachment loaded with malware, saying that it's another presentation on the same topic.
Shortened URLs on Twitter - The 140 character limit on Twitter makes shortened URLs appear logical but these links can direct employees to sites that are designed to mine the accessing device for information. If the malicious site is accessed by a device that also accesses company assets such as its network, data storage, infrastructure, etc., hackers can gain enough information to proceed with a damaging intrusion.
Clickjacking – This practice is designed to trick people into clicking on links promising the “funniest video ever”, for example, which then takes them to malware-loaded web pages or to surveys where private information may be disclosed. This information can then be used to determine potential passwords as well as the answers to security questions such as a mother’s maiden name to gain access to company networks.
Downloading malicious apps - Whether the draw is related to a social game such as "Farmville", music downloads, or a variety of other purposes, apps are constantly being downloaded to mobile devices. Unfortunately, many of them carry malware designed to infiltrate the device for pass codes, access keys, and other forms of information that may reside on the device. To make matters worse, these types of malware can send themselves out to the employee's contact list, multiplying the amount of information that can potentially be exported.

One of the first steps for businesses regarding the management of risks related to their employees’ participation on social media sites is to develop policies on what may and may not be communicated on these platforms. The second step should be the implementation of ongoing education on the risks that are involved in social media participation, as well as techniques to mitigate those risks.

Small Business: 3 Measures to Take Now to Improve Network Security

Woman for TMG1

Small business networks are often set up under the assumption that they are secure as long as there is some sort of anti-virus program that has been downloaded from the web. While even the free anti-virus programs are quite good at protecting the network, there are a number of ways that this line of defense can be circumvented. The good news here is that many of the steps that small businesses can take to enhance the protection of their networks cost little or nothing but can make a substantial difference.

Here are 3 of them:

Educate your employees on how they can be manipulated by hackers – The best technical and physical network defenses can be rendered as useless by employees who unwittingly abet hacking attempts into the network. In fact, hackers are increasingly targeting employees as a means of gaining access to corporate networks. To mitigate these risks, provide ongoing education on the methodologies that hackers use to dupe employees into downloading malware codes, Trojan horses, etc. These hacking tactics include phishing, pharming, financial offers, etc.
Develop a password policy – Employees commonly underestimate the importance of unique and random passwords, often seeing them as a huge inconvenience versus easy to remember codes such as “admin” and “password”. In password-based attacks these easy-to-crack codes, which also include “qwerty” and “abc123” are often the first choice of hackers, leading to illicit system access within seconds. Despite the perceived inconvenience, enact a password policy that requires a combination of small case and capital letters, numbers, and characters. Most hacking programs are based on pronouns and words in the dictionary combined with numbers, meaning that unusual acronyms combined with numbers and characters will take much longer to decipher. This password policy should require password changes on a quarterly basis, at minimum.
Develop tiered access levels – The networks that are the most vulnerable to catastrophic attacks are those that allow unlimited network access with a single password. The fact is that within any business network, there will be employees that require access to increasingly sensitive information as well as those that don’t. Tiered access, in which additional passwords are required for deeper access to the network, can hinder attacks by putting them back to square one at each tier, especially if each level requires longer passwords with increasing variables.

According to network security experts, employees continue to pose the greatest risk to company networks. By providing ongoing education to employees on how hackers work, setting a state of the art password policy, and tiering access to the network with increasingly complex passwords, you can dramatically enhance your level of security in a very cost effective manner.

Coeus named one of Ingram Micro's fastest-growing SMB Channel Partners in the U.S.

SMB500 2014 customer logo small June 18, 2014 - Coeus Consulting (Coeus) in Phoenix has been named to the Ingram Micro 2014 SMB 500, an annual list that recognizes the top 500 fastest-growing Ingram Micro U.S. channel partners serving the small-to-midsize business (SMB) market. Ranked at number 275, Coeus expanded its business with Ingram Micro Inc. (NYSE: IM), the world's largest technology distributor, by more than 37 percent in the past three years.

Channel partners named to this year's SMB 500 list were identified at Ingram Micro's inaugural 2014 IMOne event, held May 6-10 in New Orleans. As part of the more than 20,000 U.S. solution providers and MSPs who work with Ingram Micro's U.S. SMB Business Unit, these top-performing companies achieved a three-year compound growth rate of more than 42 percent.

"Our partnership with Ingram Micro has been crucial in expanding Coeus's growth," said Coeus. "Ingram Micro focuses SMB Partners like Coeus to enter new markets with the tools and knowledge needed to increase overall profitability."

Ingram Micro's annual SMB 500 list is developed in close collaboration with channel research services firm The 2112 Group, Ingram Micro's Business Intelligence team and U.S. SMB Business Unit. Criteria for selection to the list includes size, overall technology category revenue growth and innovation across SMB engagements.

Performance metrics, trends, best practices and other key findings from the Ingram Micro 2014 SMB 500 list will be produced by The 2112 Group and noted on the Ingram Micro SMB 500 website. Additional information and research is available on 2112's Channelnomics, a news and analysis website dedicated to channel business trends.

"The channel partners who earned a spot on the 2014 Ingram Micro SMB 500 are growing at rates that are three to four times the channel industry average and well above the channel average for SMB-focused resellers," said Lawrence M. Walsh, CEO and chief analyst of The 2112 Group. "The SMB 500 shows how consistent execution and collaboration with a technology distributor with broad resources and support mechanisms, such as Ingram Micro, results in accelerated growth performance and business strength."

A copy of the 2014 Ingram Micro SMB 500 list can be found here.

About Ingram Micro Inc.
Ingram Micro is the world's largest wholesale technology distributor and a global leader in IT supply-chain and mobile device lifecycle services. As a vital link in the technology value chain, Ingram Micro creates sales and profitability opportunities for vendors and resellers through unique marketing programs, outsourced logistics and mobile solutions, technical support, financial services and product aggregation and distribution. The company is the only global broad-based IT distributor, serving approximately 170 countries on six continents with the world's most comprehensive portfolio of IT products and services. Visit IngramMicro.com.

About Coeus

Coeus Consulting (Coeus) is a leading Microsoft and Cisco consulting and support partner to small and mid-range organizations in Arizona, Colorado, Nevada and California. As a highly accredited Microsoft Gold Certified Partner, Coeus is able to offer a superior brand of IT expertise, support and training that is rarely found within a single organization. Coeus's solutions help businesses maximize their potential when it comes to Microsoft and Cisco products and technologies.

Find Coeus on Facebook: facebook.com/coeusconsulting

Follow Coeus on Twitter: @Coeus

Connect with Coeus on LinkedIn: Coeus

# # #

Technology News

More...