• Blog

    IT Staffing, Recruiting & Hiring News

How Confident Are You in Tablet Security

Tablets are becoming a key tool for employees who work out in the field. Many employers now issue tablets to service professionals like visiting nurses or salespeople who make customer calls. By using these tablets, those workers are able to access company systems so data entry doesn't require a trip back to the office or to look up the information needed to close the deal. But, as with other mobile devices, the security risks of tablets are often unacknowledged, and many companies don't have the capabilities to secure, monitor, and support the usage of these devices.

There are several different risks companies need to address:

Loss of the device

Because these devices are so small and light, they're easily misplaced, lost, or stolen. Companies need to ensure that if an unauthorized user gains access to the device, they don't gain access to all the data on it and all the company's data systems.

Insecure networks

Employees on the go are likely to connect using insecure Wi-Fi networks in hotels, coffee shops, and other facilities. When employees connect using these networks, they risk exposing password and data or infecting their device with malware. Public charging stations also can potentially infect devices with malware.

Malware

The risks of malware are limited with iOS devices, but there's widespread malware that targets Android devices.

Companies that want to give their employees the flexibility of using tablets while maintaining appropriate security should consider using mobile device management software. That software provides a variety of features that help protect tablets and other mobile devices, such as allowing applications to be added or removed from mobile devices, enforcing encryption and other security controls on the device, and allowing devices to be wiped remotely if they are lost. Additionally, enterprises should build strong authentication into their applications, including multi-factor authentication. Antivirus software on the device will help protect against infections.

Need to build a team with the smarts to create tablet-centric applications for your field team and to keep them secure? The Armada Group has a deep pool of technology talent with leading edge skills. Contact us to learn how our staffing services can help you find the professionals your projects need to succeed. 

Published in IT Infrastructure

Your Employees are Putting Your Company at Risk

Companies invest heavily in technology to protect themselves from cyberthreats: firewalls, antivirus software, and other tools to keep out intruders. Not all threats are external, however. Whether deliberately through malicious actions, or accidentally through online naïveté, company employees present the biggest threat to corporate information security.

Deliberate Misuse of Resources

Employees can misuse company computer resources in several ways that expose a company to risk. Use of the Internet for personal matters, like online shopping or visiting social media sites, can overload a company's computer network. This can mean companies invest money to upgrade a network when that isn't supported by business needs, and the money would be more beneficial elsewhere.

When employees bring adult content into the office, they can create a potentially hostile work environment that can lead to sexual harassment lawsuits. Employees who use corporate resources to download illegal copies of software, movies, or music also expose the company to lawsuits. In addition, these sites are also often infested with malware, so files brought onto company computers can risk introducing viruses and other dangerous software into the corporate environment.

Employees also misuse resources by removing them from the company. If files aren't appropriately protected, employees can remove confidential company information by emailing them or carrying them out on a USB drive. Employees may be able to take advantage of code bugs to escalate their privileges in an application, and view data they aren't supposed to be able to access.

Accidental Exposure of Company Data

Phishing and social engineering are still extremely effective ways for hackers to gain access. It's surprisingly easy to trick humans into sharing confidential data like passwords and company bank accounts. Employees also can accidentally expose company data if they lose a company laptop or access the company network from an insecure hotspot. The increased popularity of BYOD means that company data is accessed from devices the company doesn't control. If these devices aren't appropriately protected, confidential company information may be at risk.

Use Technology and Training to Increase Security

Companies that want to protect themselves from these risks need to take a comprehensive approach to information security. They need to use the right technological tools; firewalls and antivirus software remain important. They need to have – and enforce – policies that govern the appropriate use of company resources; these policies should also govern the handling of company information on non-company, BYOD devices.

But the most important step companies can take is to train their employees to recognize online risks, and how to defend against them. Educated employees will help defend against these online dangers because they recognize they aren't only a threat to information security; information security failures that seriously damage a company are a threat to their job security as well.

High Tech Bags

Until recently, the biggest technical innovation in luggage was the wheel. Now, though, bag makers are teaming up with tech firms to make smart bags that will streamline the travel process and make lost luggage a thing of the past. Samsung and Samsonite, plus other vendors, are adding features that mean bags do more than just hide your dirty laundry from prying eyes.

No More Bag Check-In Line

You won't have to stand in line to check in your bags with the new smart luggage. Because of a chip inside, these bags will know when they've arrived at the airport and talk to airline systems automatically. You'll get a unique baggage ID sent to your phone. Just drop the bag on a conveyor belt. With some bags, you'll avoid overweight bag fees because the bags have a built-in scale and it'll tell you before you leave home if you've packed too much.

No More Dragging Your Luggage

Human traffic patterns in an airport concourse can seem more chaotic than highway traffic patterns, so self-propelling luggage may be as difficult as a self-driving car, but it's coming. A motor in the bag will let luggage trail close by your heels as you walk through the terminal. Don't worry about forgetting to keep it with you, because a proximity detector will alert you if you walk off without it. It's too bad bags won't self-propel themselves into the overhead storage bins, though!

No More Hanging Around the Luggage Carousel

If you've ever raced through the terminal only to wait interminably for your bag, you can now take your time. Bags will send a message to your phone when they've made it off the plane and head for the carousel. Once everyone uses this feature, you won't need to fight through the crowd to get close enough to grab your bag. If everyone has a self-propelling bag, it's possible the luggage carousels will be eliminated and your bag will find its own way over to you.

No More Lost Luggage

Worse than an interminable wait in baggage claim is an interminable wait that ends when you realize your luggage isn't going to come. If your bag doesn't show up, the new smart bags can tell you where they are, so you don't have to wait for the airline to track it down. 

Microsoft Invests

At Microsoft's recent Ignite conference for IT professionals, Microsoft executives unveiled new security measures and services, and called out competitor Google for lax security practices.

“Google takes no responsibility to update their customers’ devices, leaving end-users and businesses increasingly exposed every day they use their Android devices,” said Terry Myerson, Microsoft’s executive vice president of operating systems. “Google just ships a big pile of code, and then leaves you exposed with no commitments.”

Microsoft is refining how it distributes security updates, starting with the upcoming releases of Windows 10 and Office 2016, Myerson said.

Changes to Update Protocols

Currently, Microsoft sends updates for Windows on the second Tuesday of each month on "Patch Tuesday." Many consumer machines are configured to download and apply the patches automatically, but enterprises may prefer to control the update process with Microsoft’s System Center Configuration Manager.

With Windows 10, consumers can now get security updates as they are released from Microsoft, along with other updates and new features, resulting in a “steady stream of innovation every month,” Myerson said.

Businesses can choose to get their updates as soon as they arrive, or wait to see if the patches cause any additional issues first. Microsoft will also offer the option to receive security updates only, not new feature updates, which offers organizations more control without exposing them to security gaps.

Administrators can now specify when they want patches to be applied, so the patches aren’t deployed during a busy time, or at when machines may be shut down. For organizations with limited bandwidth, Windows 10 computers can share the updates in a peer-to-peer network, rather than downloading patches for each machine.

New Services from Microsoft

In addition to updating the patching process, Microsoft also unveiled a number of new services to help better secure systems against data leakage and compromised identities:

Device Guard limits the computer to running only applications that have been administrator approved to run on that machine. This safeguard could prevent the user from unwittingly installing malware, thinking it came from an approved source.

Azure Rights Management Services is a service designed to guard against corporate data leakage. This service provides the ability to protect access to files, even after they leave the individual computer. Before sending a file to someone, a user can specify what permissions that recipient has with that file. The sender can specify, for instance, if that file can be forwarded to additional parties. The sender can even revoke access to the document after it is sent out.

Microsoft Advanced Threat Analytics provides a simple way for organizations to identify network intruders. It's based on technology developed by Israeli startup Aorato, which Microsoft acquired in November. This service can show that someone is using a brute-force attack to compromise a user account, when that account was breached and can then follow any additional actions on other machines.

These updates and service offerings give peace of mind to network administrators who must constantly remain alert to new and dangerous security threats.