IronKey

Mobile Data Security Blog

Home  »  Articles posted by Nick Banks

by

The Cost of Cybercrime

 

Hackers are holding the world to ransom with cyber-attacks costing the global economy more than £238 billion a year¹. These attacks damage the global economy almost as much as illegal drugs and piracy, with financial losses from cyber theft resulting in a potential 150,000 European job losses.¹ Cybercrime is a growing menace which is proving to be an ever growing challenge for individuals and businesses. US retailing giant Target saw its earnings drop 46% after an attack that leaked more than 40 million customer credit card details², whilst eBay and Office have also been ‘hit’ this year, with customer data compromised.

Despite these devastating implications, the public, corporates and their employees continue to be careless with their valuable and highly confidential data –residing on laptops, tablets and mobile devices. Cyber espionage and theft of individuals’ personal information is believed to have affected more than 800 million people during 2013¹, and our mobile working culture has made data security an even greater challenge.

With IDC estimating that over one million smartphones were shipped last year³, someone somewhere in your company is using a personal, mobile device to connect to a corporate network and download sensitive data – making your organization a sitting target for cybercriminals. Companies must equip their employees with the means to protect corporate data from threats such as identity theft and cyber espionage, whilst mitigating the dangers associated with unsecured devices and free Wi-Fi hotspots.

Mobile devices need to maintain the same high levels of security as office-based desktops and servers, with only IT provisioned laptops or tablets connected to corporate networks. But, the best way of ensuring hackers can’t gain access to your company data, is by storing all your data on a secure fully encrypted Windows To Go USB flash drive. It provides employees with an IT managed and provisioned Windows workspace that replicates their secure office desktop environment, on any device that the USB is plugged into. This also means IT departments do not need to deploy individual computers but rather can deploy the Windows To Go workspace on USB drives which saves time, resources and introduces vast cost savings.

Staff awareness plays a crucial role in protecting the company network against cybercrime. Often under-estimating the inherent security risks of using personal devices in the office, employees must be educated to handle these responsibly – on a proactive, ongoing basis rather than waiting until a security breach occurs, when it’s too late.

With so many high profile security breaches making the headlines, organizations want to know that corporate data is secure at all times, regardless of where it resides, whilst employees need the flexibility to work remotely. Cybercrime can have a devastating impact on your business in terms of cost and reputation. Your organization can’t afford to be tomorrow’s headline…

 

Sources:

¹McAfee report, June 2014 – Net Losses: Estimating the Global Cost of Cybercrime

² http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

³ International Data Corporation (IDC)Worldwide Quarterly Mobile Phone Tracker, Jan 2014

 

 

 


 

 

 

by

Will the World Cup Result in a Red Card for your Business?

 

With the ‘Hacktivist’ group Anonymous having announced they were preparing a full scale cyber-attack on the World Cup’s corporate sponsors during the tournament, and an influx in World Cup related malware, security threats are likely to be the topic of choice for all those looking to protect against potential breaches and attacks during the tournament.

IT managers will have been steeling themselves for a potential spike in lost corporate devices, such as USB’s, tablets and mobile devices, during the World Cup. Whether it be a flight to Brazil, a booze fuelled train journey home, or live streaming a match from your laptop, the potential for a security breach, and the resulting consequences, could be more excruciating than a bite from Luis Suarez!

Whilst the tournament might be coming to a close, the risks associated with remote workers and mobile devices are still an inherent danger to corporate data. Many of us undertake work while commuting, with little regard for the security of the information we are working on, so whether you are lucky enough to have flown out to watch a match, or simply travelling home after watching the game in the pub, the need to secure your devices is never more crucial.

With shrinking boundaries between work devices and work-enabled personal devices, the risk of corporate data falling into the wrong hands is a huge possibility. Employees dropping memory sticks, leaving files on trains, and laptops in bars, are all high probabilities, and inevitably, these devices will contain data not meant for prying eyes.

Failing to protect the vast volumes of information they carry and not equipping employees with the IT tools required to securely manage and handle information while travelling could result in a ‘red card’ for your business.

No computer or tablet not ‘locked down’ by IT should ever be connected to the corporate network, either from inside (fixed line or BYOD) or outside (VPN of VDI). Allocating employees a corporate computer for use inside the network and an IT secured USB device for outside would simplify security and avoid frustrations typically related with tight security policies such as these.

Whether your data is in transit or at rest, encryption is absolutely essential to safeguarding confidential company information. Whether you use strong authentication or hardware encryption will very much depend on your organisation, you need to be able to manage encrypted devices in order to ensure that if there are any concerns that data integrity has been compromised it is possible to remotely wipe the device.

Accidents will happen, but being vigilant in your security practices, and, educating and enabling your employees could be as easy as knocking England out of the Cup altogether.
redcard

by

Security Policies – The Importance of Getting It Right

 

Last month I was chatting with a journalist and he asked me what my top three security tips for an organisation would be. I started answering his question by saying that companies had to look beyond ‘good enough’ security, consider whether passwords in their current format were really secure, and just as I was about to deliver my third tip, I realised that these were all superseded by the need for a comprehensive security policy, which if approached correctly would address these points.

By comprehensive I don’t mean that companies need to create an enormous document with sub sections of sub sections. What I do mean is that any security policy needs to take into account new developments, disruptive technologies and the ongoing evolving, sophisticated nature of cyber attacks. A security policy cannot be a static document and yet all too often it is. Security is a constantly changing market and, as such, companies cannot afford to be complacent/fall behind.

Not sure? Well just think about the IT environment just five years ago. How we work, the devices we use and where we store content has all changed. Previously companies could be confident that sensitive data was stored only on PCs, but now that information sits on smartphones, laptops, tablets and cloud. The associated security risk is wide ranging. That’s why your security policy needs to be continually evolving – taking changes in working practices, not just the security landscape, into account.

Here are my top five tips for ensuring you create a robust security policy that, rather than gathering dust, provides tangible value to your business:

1. First of all, you need to ensure that you understand your business’s operating environment so that the policy effectively mitigates the threats and risks you face, as well as looking after the assets that you’re seeking to protect. Could lives be lost or just corporate data? Are you subject to the risk of corporate espionage and insider threats on top of cyber attacks? This might seem like an obvious point, but is often overlooked by companies. There is no one size fits all approach when it comes to formulating a security policy – it should be as unique as your business.

2. It’s unlikely that without the aid of metal detectors and full body searches you’ll be able to completely ban or prevent the use of portable storage devices within your organisation. Especially as more and more employees work from increasingly disparate and varying locations. Therefore, a key element of any security policy should seek to protect the data on those devices and state that only password protected USB devices should ever be used to store corporate data.

3. No computer or tablet that’s not ‘locked down’ by IT should ever be connected to the corporate network – either from inside (fixed line or wireless) or outside (VPN or VDI). Equally though, your security policy needs to actually enable your business. So, in order to ensure you can accomplish this without causing a lot of user frustration, consider allocating employees with a corporate computer for use inside the network and an IT secured USB device for outside.

4. Encrypt your data. Whether your data is in transit or at rest, encryption is absolutely critical to safeguarding confidential company information. Whether you use strong authentication or hardware encryption will very much depend on your organisation, but don’t make the mistake of thinking that encryption is a silver bullet. You need to be able to manage encrypted devices in order to ensure that if there are any concerns that data integrity has been compromised, it is possible to remotely wipe the device.

5. Human error is a huge potential vulnerability when it comes to security and your policy should seek to mitigate the risks associated with human nature. Passwords in their current format are inherently insecure, so don’t rely on them alone. Use multi-factor authentication such a voice, retina or biometrics – something unique to the individual. This might all sound a bit ‘Minority Report’ now, but in five years’ time, such implementations will be commonplace.

Does your organization have a comprehensive security policy in place?

by

When It Comes to the Cloud, What do Small Businesses Need to Think About?

 

The move towards hosting applications in the cloud shows no signs of petering out. More and more companies are keen to realise the operational benefits that a cloud-
based model has to offer; not to mention the possibility to reduce some CAPEX spend. While many emerging technologies can feel like they are exclusively for the ‘big
boys,’ the great thing about the cloud is that whether you are one person or several thousand, there is a platform out there to help you meet your requirements.

The one downside to being a small business however is that often you don’t have the in-house IT knowledge to understand what, if any, security issues you could be
opening up your business to by opting to store data in the cloud. Here are my top tips to helping you make the most of the cloud, while remaining secure:

* Most small businesses aren’t all that concerned about cloud security and are keen to tap into the benefits that the cloud has to offer. However, as a note of caution, think
carefully about your cloud strategy. While providers might proclaim their offering to be “secure enough”, SMBs shouldn’t accept this assertion at face value – especially if
you intend to store customer data in the cloud as there are strict laws that govern how data is stored, managed and protected.

* Many SMBs can be confused about the best way forward, but take a look at larger companies operating in your sector, what lessons can you learn from them? Are they
using public or private clouds to give employees access to shared data? In the context of your organisation what are the pros and cons of each?

* While it can be tempting to think that your cloud provider ‘has everything covered’ it pays to know what is happening ‘under the hood’ of your cloud security offering. For
example, if the cloud service is responsible for the encryption of data, there is a risk that your keys can be compromised either internally by an employee or by a hacker
who is able to breach the management system and retrieve the keys. To be as secure as possible SMBs, and not their provider, should own and control the encryption
keys.

* For the director of a SMB all this talk of encryption and keys might sound a bit daunting, but the key piece of advice here to mitigate the risk of cloud services is to ensure
that if you are storing data in the cloud that you encrypt the data before it reaches the cloud and apply an enhanced level of key management to avoid it being
compromised. And ensure that the data and the encryption keys aren’t stored together!

SMBs need to think carefully about their security strategy, how it can enable their business and if software encryption is right for them. “Good enough” security in today’s
rapidly evolving cyber security landscape will not protect your organisation – or your customers – from persistent and sophisticated attackers. Hopefully the above pointers
are a good starting point for ensuring that, when it comes to the cloud, you’ve got the right security measures in place.

by

Remote Working: Embracing Benefits and Overcoming Challenges

Remote working is here to stay. KPMG’s 2013 Global Assignment Policies and Practices (GAPP) survey reveals that organizations around the world “continue to invest in global mobility programs despite increasing regulatory and compliance challenges.” Whether or not your business opts for “use your own device” or “use our device,” it’s clear that any organization large or small must have the technology necessary to support a remote workforce.

The benefits mobility brings to organizations are many: the ability to tap a broader talent pool no longer contingent on geography, productivity gains as employees can work anytime and anywhere, and the cost savings associated with “hot-desking” and “hoteling.”

For employees, flexibility is paramount. Whether it’s to avoid a nightmarish commute, the need for unconventional hours, or the requirement to be on the road, the ability to work like you’re in the office can tip the productivity scale.

On the flipside, the challenge is to provide employees with technology that helps them be as productive as they would be on their office desktop. They need to feel part of the organization even when they are offsite. And it’s vital that all sensitive corporate information be protected, at all times, and that any work is done in complete compliance with corporate IT security policies.

Gartner’s most recent research, “Bring Your Own Device: The Facts and the Future,” predicts that by 2017, half of employers will require employees to supply their own devices. While employee-owned cell phones and tablets are fast becoming the norm, the jury is out as to whether or not PCs and laptops will become a part of the mix. Connecting the family PC to the organization’s network could be a disaster waiting to happen.

Win-Win: the secure portable workspace

Windows To Go, a feature of Windows 8 Enterprise, enables “PCs on a stick,” offering a new approach to mainstream enterprise and government organizations. Employers provide a secure, IT-managed USB drive that contains a fully functional corporate Windows desktop, bootable from pretty much any PC. Employees insert the Microsoft certified USB drives into their home computers, hot desks, or tablets that feature USB ports, and they receive a secure desktop and secure access to all applications they use in an office setting.

Unlike a virtualized or online remote access solution, the portable workspace offers full host computer isolation—documents cannot be saved to the host machine but are saved to the USB drive. At the same time, all of the hardware resources of the host computer are available to the user. Employees have access to the host machine’s network connection, sound, microphone, and camera. They experience graphics performance of the native machines. Employees will be able to use applications at full resolution, including the ability to view two documents at once instead of just one. Finally, the employee never has to worry about the speed or reliability of a network connection.

Among the handful of Windows To Go certified devices, the IronKey Workspace W500™ is the device that meets all of an employee’s needs and IT’s security challenges. The IronKey Workspace W500 is designed to be rugged, dust and water resistant. It’s gone through Microsoft’s certification and Imation’s own rigorous read/write testing for use as a Windows To Go workspace. Users get sequential read performance of up to 400 MB/second and sequential write speeds of up to 316 MB/second. The W500’s 256-bit AES hardware encryption combines with strong, built-in password protection capabilities. IronKey™ devices can be managed by the IronKey Enterprise Server, so that the IT team can track and control the devices to effectively protect data, manage device inventory, lifecycle and maintenance. The management system offers full remote policy management, device tracking and, should the need ever arise, the ability to revoke users’ credentials. Just because the device is out of the office does not mean it is out of IT control.

With Windows To Go, organizations can implement a bring your own device strategy that provides an ideal work environment for the employee while providing the optimal level security for IT, no workarounds necessary.