IronKey

Mobile Data Security Blog

Home  »  Posts tagged "privacy"

by

The Problem With BYOD (Computers)

Sure, everybody is excited about BYOD. You can use your personal phone to make business calls and read your corporate email. But the real cost savings for BYOD is “bring your own computer- BYOC”. There is no need to purchase, maintain, and upgrade computers; we just let the employees do that.

But wait; there are two BIG issues with Bring Your Own Computer.  The first is an IT issue. The IT team has to install applications, security tools, and management software onto each employee’s laptop. That means IT has to support a range of computer types (including Macs) and OS versions, and deal with incompatible applications running on the employee’s personal device.

The second issue is all about end-user satisfaction. I can hear the screaming now.  “What do you mean you are going to install monitoring software, file scanning, corporate applications, and Internet proxies on MY PERSONAL COMPUTER??   How much space is that going to take? Does this mean Corporate can see my personal files?” My users will rebel.

Good news for IT and the end user –  both of these issues can be easily addressed with Windows To Go.  Let them use their personal hardware – Macs, PC laptops, tablets – but have them run their corporate workspace from an IronKey ”PC-on-a-Stick”  Windows To Go USB flash drive. They run IT’s corporate Windows image with locked-down security controls and policies, applications, and data, but IT never touches their personal hard drive. Complete isolation between work and personal environments!

If you want happy employees, let them use their personal PC, but have them use an IronKey Windows To Go drive and don’t touch their personal system.  This is truly win-win. IT saves a boatload of money and users have a portable corporate workspace they can plug into their personal laptop, a home computer, or a computer they borrow at work.  When was the last time you rolled out a major cost savings initiative and got happy users at the same time! BYOC – bring it on!

by

Savvy Security Users: IronKey USB 3.0 Hard Drives Now Available!

 

New IronKey™ USB 3.0 SuperSpeed Hard Drive – First to Offer Cloud Management

To all you savvy security users, here’s some great news! The IronKey Enterprise H300 USB 3.0 SuperSpeed external hard drives are now availableThese new devices can be managed in the cloud or on-premise with the same console used to manage IronKey Enterprise S/D 250 flash drives and IronKey Workspace W700/W500 devices for Windows To Go.

What does this mean for existing customers?

This product lets you enjoy the high-performance benefits of USB 3.0 while safeguarding up to 1TB of data on a USB hard drive.  If you want management capabilities, and are already using the IronKey Enterprise Management Console for IronKey Enterprise flash drives or our secure workspace devices, then all you need to do is add this device. Quick and easy! 

What does this mean for new customers?

Looking for an affordable, high-security external hard drive in today’s market? Look no further! New customers can select from two versions of the latest from IronKey: the IronKey Enterprise H300 and the IronKey Basic H300.  Both feature hardware encryption and a Section 508 compliant control panel available in eight languages, but with the IronKey Enterprise H300 hard drive, you’ll also get cloud-based, or on-premise, centralized management capabilities.

What platform is used to manage the IronKey Enterprise H300 drives?

The IronKey Enterprise H300 drives can be managed with the IronKey Enterprise Management Service or Server to establish a secure storage command center for administering the use of IronKey encrypted drives.  Both include advanced management features such as Active Malware Defense and the IronKey Silver Bullet Service so IT professionals can centrally administer policies, re-commission devices that are no longer in use and even remotely wipe, or disable, lost or stolen drives.  All you have to decide is whether you want your management capabilities in the cloud or housed internally. 

And if you happen to lose your password, don’t sweat it! The IronKey Enterprise H300 is the only drive on the market to offer secure password reset when a password is forgotten, without erasing all the content on the drive.

Where can I get an IronKey H300 hard drive?

The IronKey H300 hard drives are immediately available through Imation Mobile Security channel partners. The IronKey Basic H300 can also be purchased on our estore. Pricing is competitive, starting at $199 for 500GB and $249 for 1TB. Enterprise management licensing fees are additional for IronKey Enterprise H300 and start at $24 per year per user for management in the cloud.

What does this mean for you?

IronKey H300 hard drives offer the best value in the market today; enabling you to enjoy the high-performance benefits of USB 3.0 technology, cloud and server management capabilities, and of course, the highest security available.

 IronKey H300_LFT

by

The Cost of Cybercrime

 

Hackers are holding the world to ransom with cyber-attacks costing the global economy more than £238 billion a year¹. These attacks damage the global economy almost as much as illegal drugs and piracy, with financial losses from cyber theft resulting in a potential 150,000 European job losses.¹ Cybercrime is a growing menace which is proving to be an ever growing challenge for individuals and businesses. US retailing giant Target saw its earnings drop 46% after an attack that leaked more than 40 million customer credit card details², whilst eBay and Office have also been ‘hit’ this year, with customer data compromised.

Despite these devastating implications, the public, corporates and their employees continue to be careless with their valuable and highly confidential data –residing on laptops, tablets and mobile devices. Cyber espionage and theft of individuals’ personal information is believed to have affected more than 800 million people during 2013¹, and our mobile working culture has made data security an even greater challenge.

With IDC estimating that over one million smartphones were shipped last year³, someone somewhere in your company is using a personal, mobile device to connect to a corporate network and download sensitive data – making your organization a sitting target for cybercriminals. Companies must equip their employees with the means to protect corporate data from threats such as identity theft and cyber espionage, whilst mitigating the dangers associated with unsecured devices and free Wi-Fi hotspots.

Mobile devices need to maintain the same high levels of security as office-based desktops and servers, with only IT provisioned laptops or tablets connected to corporate networks. But, the best way of ensuring hackers can’t gain access to your company data, is by storing all your data on a secure fully encrypted Windows To Go USB flash drive. It provides employees with an IT managed and provisioned Windows workspace that replicates their secure office desktop environment, on any device that the USB is plugged into. This also means IT departments do not need to deploy individual computers but rather can deploy the Windows To Go workspace on USB drives which saves time, resources and introduces vast cost savings.

Staff awareness plays a crucial role in protecting the company network against cybercrime. Often under-estimating the inherent security risks of using personal devices in the office, employees must be educated to handle these responsibly – on a proactive, ongoing basis rather than waiting until a security breach occurs, when it’s too late.

With so many high profile security breaches making the headlines, organizations want to know that corporate data is secure at all times, regardless of where it resides, whilst employees need the flexibility to work remotely. Cybercrime can have a devastating impact on your business in terms of cost and reputation. Your organization can’t afford to be tomorrow’s headline…

 

Sources:

¹McAfee report, June 2014 – Net Losses: Estimating the Global Cost of Cybercrime

² http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

³ International Data Corporation (IDC)Worldwide Quarterly Mobile Phone Tracker, Jan 2014

 

 

 


 

 

 

by

Sochi Games and Windows To Go – BYOB — Bring Your Own Burner

With reporters just starting to show up at the Sochi Games, their horror stories are emerging on everything from yellow drinking water, poisoned dogs and roofless hotel rooms to a hacker heaven. Digital connectivity and security are going to be hot topics and major issues during the Games. The IronKey Workspace™ for Windows to Go, a PC on a Stick™, is a great solution for anyone traveling to Russia. Here’s why:

Russia has LAWFUL interception of ALL communications. There is ONE network, completely government controlled. What this means is, if you want to be online — unless you are working on a highly classified government network from your country of origin — you WILL be monitored and almost certainly hacked.

Even if you have a VPN, the Russian network will own your PC, your credentials, your certificates, etc. So you’re toast.

But you have to be connected and get work done. What do you do?

Take three things on your trip:

  • IronKey Workspace W500™ for Windows To Go, with your needed applications and public files. You can plug the Windows To Go drive into almost any computer, work solely from the USB stick and not leave a trace behind.
  • Laptop, with the hard drive either disabled or removed (just to be safe)
  • Burner cell phone – buy with cash.

The good news is you can be connected this way without digital harm. The bad news is that, while you’re in Russia, you’ll have to assume all of your communications are public and not secure.  But you can stay completely connected, be productive, and still be safe when you return home.

While in Russia, you can use Windows To Go in your laptop, do all your work with your regular applications and stay connected to home base. The Windows 8.1 operating system you load on Windows To Go must contain applications and files that are not sensitive, because once you log on to the network, you need to assume anyone can see them and know it’s you. Same thing with when you use your cell. Even burner cells can be traced and triangulated. Just ask the DEA.

Once you get home, have IT re-provision your Windows To Go device. Or do it yourself. Load up all your applications and files, including all the sensitive ones. Windows To Go can be used again, completely securely in other countries. You can use it with your regular laptop or the drive-less one you got for the trip. Destroy the cell just like in cop shows.

Bon voyage!

 

w500-sidebar

by

Bring out the heavy hardware to protect passwords

Use strong passwords, un-guessable security codes and hardware encryption to defeat advanced threats

As long as you have a password in place, your data is protected, right? The number and types of breaches we saw in 2012 challenge this notion. From LinkedIn to eHarmony to Twitter, cyber thieves have been on the hunt to break the barriers of thousands of simple passwords. And what is most chilling? it’s not going to stop.

Passwords have been around since the dawn of the digital age, but they are not well understood. Simple, overused passwords can’t protect data from even low-skilled hackers. And people are people, and even when they are outfitted with The World’s Most Secure Flash Drive, need a reminder that making your password “password” is no longer (if ever) considered clever or safe.

With rising attention to data privacy and increasing risk of data breaches, there will be more encryption across all devices and platforms in 2013. Which means that it is never too soon to revisit the password. Here are four best practices organizations should follow to improve password strength their organization:

  1. Passwords must be longer, stronger and un-guessable
    Passwords protected in software are subject to offline brute force attacks, which is why web service hacks can be so devastating. Attackers can go through a database of passwords they have obtained and crack them at their leisure.  It is remarkable the number of individuals who use the password “password” or “123456”. These passwords are often the first ones breached by cyber-thieves, as can be noted in last years LinkedIn and Twitter breaches.

    • Instead, choose a unique password, with character complexity and a combination of both letters and numbers. A strong password should be at least 12 characters long. The rule is that the longer the password, the longer it will protect you. A good hacker can breach an 8-character password in a few days; a 15 character password might take a year.
    • To make the password even stronger, the character complexity should be at random, as complexity alone is not enough to stop a hacker in today’s digital age. Having a strong password makes offline attacks much more difficult for hackers.
  2. Remember Personal Information is Out There
    With today’s heavy social media presence, the names of your dog or your mother’s maiden name are no longer confidential information. The public has access to the information you post on your social media site, and unwittingly offer clues to clever hackers. When choosing security questions for password recovery, be mindful of the information that is public, and create passwords that revolve around something actually “private.”
  3. Use Hardware Encryption to Combat Advanced Software Threads
    Avoiding the threat of brute force attacks on passwords requires heavier hardware – hardware encryption, that is. A password protected in the right kind of hardware makes security simpler, because this kind of brute force attack to decrypt the password is not possible. The hardware will lock up after a low number of attempts (set by policy), and then the attack stops.

And finally, a bonus point: Remember to set strong policies and educate employees. Cyber-thieves are becoming more sophisticated, and strong passwords are the best defense. Organizations must create stricter guidelines for employee password security in order to keep their employee’s personal and the company’s corporate data secure.