Blog
IT Security Assesment
IT Security Assessment An IT Security Assessment is a great way to take an inventory of what your needs are in IT Security. Whether you must comply with regulatory requirements, including HIPAA and PCI, or are concerned about your IT Security, consider an IT Security Assessment as a starting point to see how your company is protected today. If you perform an IT Security Self Assessment, the Computer Technology Industry Association, CompTIA recommends you ask yourself some of the following questions: Data Types and Storage Do you store Private Health Information (e.g. HR records). If so, how many records? Do you store Personal Financial Information (e.g. SSN, date of birth, account Information, banking information). How many records? Do you store credit card data? How many records? What is the nature of your confidential intellectual property? Where do you do business – state, national, international? Where are backup devices (tapes, drives) stored? In a secured area? Company Information What is your tolerance for downtime (for the most critical applications)? Do you carry breach insurance? Do you carry liability insurance? Have you had a breach in the past three years? If so, what were the consequences? Security Processes Do you have written security policies and procedures? Do you perform internal audits? How often? Do you perform external audits? How often? Do you perform vulnerability checks? How often? Do you regularly review policies and procedures? Do you have an incident response plan? Do you have employees working from home? Do you have encrypted hard drives? Removable media? Do you control and log privileged access? Do you have a mobile device strategy? These...IT Security Assessment
IT Security Assessment An IT Security Assessment is a great way to take an inventory of what your needs are in IT Security. Whether you must comply with regulatory requirements, including HIPAA and PCI, or are concerned about your IT Security, consider an IT Security Assessment as a starting point to see how your company is protected today. If you perform an IT Security Self Assessment, the Computer Technology Industry Association, CompTIA recommends you ask yourself some of the following questions: Data Types and Storage Do you store Private Health Information (e.g. HR records). If so, how many records? Do you store Personal Financial Information (e.g. SSN, date of birth, account Information, banking information). How many records? Do you store credit card data? How many records? What is the nature of your confidential intellectual property? Where do you do business – state, national, international? Where are backup devices (tapes, drives) stored? In a secured area? Company Information What is your tolerance for downtime (for the most critical applications)? Do you carry breach insurance? Do you carry liability insurance? Have you had a breach in the past three years? If so, what were the consequences? Security Processes Do you have written security policies and procedures? Do you perform internal audits? How often? Do you perform external audits? How often? Do you perform vulnerability checks? How often? Do you regularly review policies and procedures? Do you have an incident response plan? Do you have employees working from home? Do you have encrypted hard drives? Removable media? Do you control and log privileged access? Do you have a mobile device strategy? These...Beyond Bring Your Own Device
Beyond Bring Your Own Device (BYOD) Many businesses have adopted an IT policy of Bring Your Own Device (BYOD) to save money and provide employees with the flexibility of staying connected when they travel, work from home and spend time in the field. The BYOD policy allows employees to use personal smart phones and tablets for business purposes. According to research firm Computer Economics, companies can save between $1350 and $3500 annually by adopting a BYOD policy. In addition, employees can be more productive and have higher job satisfaction with a IT mobility plan. According to research by the Computer Technology Industry Association, CompTIA, security is the primary issue for IT Managers when it comes to mobility. The number one risk cited is loss or theft of a mobile device. Seventy percent of those surveyed implement mobile device password locking as part of their data protection plan for mobile devices. However, a four digit password in itself is not enough security, so there are a number of additional precautions companies should take to protect valuable corporate data. Here are a few recommendations you may consider to help mitigate risk from your BYOD policy: Have employees agree to a policy of notifying the company in a timely manner when a device is lost or stolen. If the company uses technology to “wipe” corporate data from the mobile device ensure employees keep personal data separate or prevent company data from residing on the mobile device all together. Local laws may prevent an employer from wiping or “rooting” a mobile device upon loss, theft or employee termination. If you do business in foreign countries be aware...Internet Browser Security Tips
Internet Browser Security Tips Left unprotected, Internet browsers including: Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari are increasingly vulnerable to software attacks and may be a place where malicious software, aka Malware can infiltrate your PC and ultimately breach your network security. There are many things you can do to proactively protect your PC and ultimately protect your data. Here are some tips for avoiding malware and other vulnerabilities from your internet browser. Keep Your Internet Browser Current Software publishers routinely release new versions of their internet browsers. Many times these new versions include security patches and updates designed to protect you from attack. While these publishers put their best foot forward into the newest version of their internet browser, they may retire older versions. When they retire these old browsers, they may no longer provide security updates and support. By consulting your IT support professional you can protect your company assets and also receive better performance with enhanced Internet experience. Keep Your Internet Browser Updated Software companies publish security patches to keep current and prior versions of their Internet browsers safe from known security vulnerabilities and attacks. By applying these updates as they become available, you minimize your risk of attack. As a policy, you should keep your operating systems and other applications current with security patches to ensure network compliance and avoid unnecessary and unintended interruptions or data loss. Review and Configure Your Internet Security Options Most Internet browsers provide options to configure Internet security and Internet privacy settings. The highest levels of security may limit the number of sites you can visit. Lower...Maintaining Network Security
Maintaining Network Security: For many companies, network security is necessary to achieve compliance for PCI, HIPPA and other regulatory requirements. Keeping your computer and wireless network secure is a good policy to protect your company’s critical data. Without proper network security, your network may be vulnerable to computer virus and malware attacks and unauthorized access by computer hackers. Here are five tips to help you maintain network security. Audit Network Regularly Performing a periodic network scan may identify unauthorized computers and other devices that may have connected to your network directly or via wireless access. Your properly configured network, firewall, routers and wireless access points will prevent unauthorized intruders, however, regular audits ensure compliance to your network security policies. Keep O/S Patches Up To Date Your network is as secure as its’ weakest link. Make sure all PCs are up to date with Operating System O/S security patches. This helps prevent computer viruses and malware from exploiting your operating system and entering your network. Keep Antivirus and Malware Definitions Current In addition to your O/S patches, confirm that your Antivirus and Malware definitions are up to date. This further protects your PC from exploits and helps maintain the security of your network. Establish Policy for Mobile and Wireless Devices Bring Your Own Device (BYOD) is a trend providing employees the benefits of using their mobile devices at home and in the workplace. Employers are relieved from the burden of having to purchase additional mobile devices, such as tablets and PCs. It is important to ensure these devices maintain the same security standards of company owned desktop and laptop computers....Considering the Cloud For Backup
Considering the Cloud for Backup? Many small to medium business (SMB) owners are turning to online backup or remote backup, generally referred to as cloud backup, as a top way to take advantage of cloud computing. According to a recent survey by the Computer Technology Industry Association (CompTIA), most companies turn to the cloud to cut costs and reduce capital expense. Because of the advancements in internet bandwidth, combined with the economies of scale from the cloud, remote backup can be a reliable, affordable and practical solution for most SMBs. When you evaluate cloud backup, here are a some things to consider: Security and Compliance There are public cloud and private cloud options available to meet your security and compliance requirements. If you need to comply with PCI, HIPPA or other regulatory requirements you may need to rely on a private cloud solution. This means your data is physically separated from other companies storing their data in public cloud alternatives. If you require a private cloud solution expect to pay more. Cost This leads to us to the topic of cost of cloud backup. There are a wide range of affordable options for cloud backup. Most cloud backup solutions charge by the amount of data stored. This makes them easy to compare. Office documents and spreadsheets are easy to compress and take up less space, as compared to, images, photos and data bases. Depending on the amount of data you are backing up in the cloud, you may incur additional charges for bandwidth. You may also need to consider the costs of a network upgrade and additional internet connectivity,...Cloud Computing: Are you Ready for the Cloud?
Cloud Computing: Are you Ready for the Cloud? Most technology analysts agree Cloud Computing is a fast growing area of technology and is being widely adopted by small, medium and large businesses. According to Gartner Research 2012 forecast Cloud Computing spending will grow from $39.2 billion in 2011 to $45.9 billion in 2012. Gartner expects spending on Cloud Computing and related Cloud Services to reach $207 billion by 2016. Another technology research firm, IDC reported in 2012, that they expect sales of cloud storage to reach $11.7 billion by 2015. In fact, the Computer Technology Industry Association, CompTIA reported in their July 2012 “Third Annual Trends in Cloud Computing“ that 93% of companies report using some form of cloud solution. So why are companies moving to the cloud? According to CompTIA, survey respondents reported the following top three reasons for moving to the Cloud; the desire to cut costs, to reduce capital expense and the cloud is simply a better solution than their current one. With all of these benefits, your business should get ready to take advantage of the cloud. Here are a few things to consider: Network Reliability and Internet Bandwidth Cloud Applications and Cloud Services require high availability of internet connectivity. If your network is outdated or you have limited internet bandwidth outages, these may cause you to lose access to your cloud services. In particular, mission critical applications may require high internet and bandwidth availability. Make sure your firewall, gateway, routers and wifi are in tip top shape. Check your internet bandwidth to ensure it can handle the requirements to access your cloud applications. Compliance...Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD) Bring your own device (BOYD) is a recent trend where employees use their personal mobile devices including: iPhones, iPads, tablets computers and smartphones to access company information including your network, email, files and critical business applications. This policy can make your employees more productive. BYOD may save you the expense of buying mobile devices for your employees. However, if not managed appropriately, BYOD may open up security risks in your data protection strategy. Due to their mobile nature, these mobile devices are susceptible to theft and loss. Also, mobile devices may infect your network with viruses and malware, if they are not properly maintained. Here are some tips to minimize your exposure to employees who BYOD: Require Passcode to Unlock Device Requiring a passcode will prevent unintended access to your network or application data in case a user’s mobile device is lost or stolen. Keep OS/apps Up To Date To avoid virus and malware attacks on your mobile devices, it is a good policy to keep the operating system up to date with the latest security patches. It is also a good idea to keep your applications up to date to avoid a network security breach. Don’t Allow “Jailbreaking” of Operating Systems Some employees may “jailbreak” their iPhones or iPads so they can install additional applications and extensions that may not be available through the Apple Store. Jailbreaking may expose security breaches on these devices creating a weak link in your data protection plan. Services for Tracking and Wiping Most mobile devices will automatically check in to their geo-location when they are turned on....What Has Your Backup Done For You Lately?
What Has Your Backup Done For You Lately? Businesses of all sizes rely on their data more than ever before. What’s more, businesses have more data to protect and backups to store than ever. Critical files, customer data, email archives and other application data run our world. It’s not a bad idea to backup that data to a local drive or tape. In the case of a true disaster, such as an earthquake or fire your local backup may not be enough. By using online or remote backup, you can store your data securely in an offsite location and have it available in a disaster recovery scenario. Also, with cloud computing, companies large and small, can now affordably backup data offsite. When you evaluate a remote backup solution here are a few things to consider: Is My Data Secure? When you think about moving your data backup offsite most business owners think about security first. While backup vendors take data security seriously, their approach may vary for how your data is protected. Data storage in a private cloud may add an additional physical layer of security by dedicating hardware to your individual needs. A private cloud solution may drive the cost up and may be more than you need. Public cloud storage may use a virtual environment to store your data, making it more affordable. However, a public cloud solution may not comply with your industry regulations for data security. It is important you understand your security needs and priorities to find the best remote backup solution for your business. How Long Does It Take To Recover? When you...Data protection and security update LinkedIn
On June 7, LinkedIn disclosed that “some LinkedIn member passwords were compromised.” Per LinkedIn disclosures on their blog, LinkedIn learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site.