This is default featured slide 1 title
This is default featured slide 2 title
This is default featured slide 3 title
This is default featured slide 4 title
This is default featured slide 5 title
 

Monthly Archives: October 2016

What Does the Age of Big Data Mean to Your Business?

Big data is the term used to describe the enormous datasets that have grown beyond the ability for most software to capture, manage and process the information.  But volume is not the only way to define big data. The three Vs generally used to describe big data also include the multiple types – and sources – of data (variety) as well as the speed (velocity) at which data is produced.

If you need more perspective, think about this for a second: According to IBM, 90 percent of the data in the world today has been created over the past two years. That amounts to 2.5 quintillion bytes of data being created every day.

How can big data help me?

Big data may seem to be a bit out of reach for SMBs, non-profits and government agencies that don’t have the funds to buy into this trend. After all, big usually means expensive right?

But big data isn’t really about using more resources; it’s about effectively using the resources at hand. Take this analogy from Christopher Frank of Forbes who likened big data to the movie Moneyball: “If you have read Moneyball, or seen the movie, you witnessed the power of big data – it is the story about the ability to compete and win with few resources and limited dollars. This sums up the hopes and challenge of business today.”

Specifically, it shows how organizations with limited financial resources can stay competitive and grow. But first, you have to understand where you can find this data and what you can do with it.

Big data strategies

Ideally, big data can help resource-strapped organizations:

  • Target their market
  • Make better decisions
  • Measure feelings and emotions
Targeted marketing

Small businesses can’t compete with the enormous advertising budgets that large corporations have at their disposal. To remain in the game, they need to spend less to reach qualified buyers. This is where it becomes essential to analyze and measure data to target the person most likely to convert.

There is so much data freely accessible through tools like Google Insights that organizations can pinpoint exactly what people are looking for, when they are looking for it and where they are located. For example, the CDC used big data provided by Google to analyze the number of searches related to the flu. With this data, they were able to focus efforts where there was a greater need for flu vaccines. The same can be done for other products.

Decide

Big data can be like drinking from a fire hose if you don’t know how to turn all the facts and figures into something useable. But once an organization learns how to master the analytical tools that turn its metrics into readable reports, charts and graphs, it can make decisions that are more proactive and targeted. And only then will it have an intimate relationship with the “big problems” affecting the business and an understanding of how to improve its situation.

Social eavesdropping

A majority of the information in big data comes from social chatter on sites like Facebook and Twitter. By keeping a close eye on what is being said in the various social channels, organizations can get a bead on how the public perceives them and what they need to do to improve their reputations.

Take the paper “Twitter mood predicts the stock market” as an example. Johan Bollen tracked how the collective mood from large-scale Twitter feeds correlated with the Dow Jones Industrial Average. The algorithm used by Bollen and his group predicted market changes with 87.6 percent accuracy.

Imagine what you could do for you organization if you could track how people felt about you.

Considerations

Data has always presented a problem when it comes to security; it’s a primary target for cyber attacks because the bad guys know that it is one of the most valuable resources a company has.

And with the growth of mobile devices used to access, analyze and input all of this data, the threat is even greater. Throw in the need for endpoint security and some big picture protection issues come into play.

However, with proper planning companies can secure data stores, on-site resources and mobile devices while harnessing big data as a tool to help them reach their goals.

Review of Bluetooth Attacks and How to Secure Mobile Workforce Devices

Bluetooth is best known as the wireless technology that powers hands-free earpieces. Depending on your point of view, people who wear them either:

a) Look ridiculous (especially if shining a bright blue LED from their ear);
b) Appear mad (when apparently talking to themselves); or
c) Are sensible, law-abiding, safety-conscious drivers.

Whichever letter you pick, insidious security issues remain around Bluetooth attacks and mobile devices. While most of the problems identified five to 10 years ago have been straightened out by now, some still remain. And there’s also good reason to be cautious about new, undiscovered problems.

Here are a few examples of the mobile security threats in which Bluetooth makes us vulnerable, along with tips to secure your mobile workforce devices.

General software vulnerabilities

Software in Bluetooth devices – especially those using the newer Bluetooth 4.0 specification – will not be perfect. It’s unheard of to find software that has zero security vulnerabilities.

As Finnish security researchers Tommi Mäkilä, Jukka Taimisto and Miia Vuontisjärvi demonstrated in 2011, it’s easy for attackers to discover new, previously unknown vulnerabilities in Bluetooth devices. Potential impacts could include charges for expensive premium-rate or international calls, theft of sensitive data or drive-by malware downloads.

To combat this threat: Switch off your Bluetooth when you’re not using it.

Eavesdropping

Bluetooth – named after the Viking king, Harald Bluetooth Gormsson, thanks to his abilities to make 10th-century European factions communicate – is all about wireless communication. Just like with Wi-Fi, Bluetooth encryption is supposed to stop criminals listening in to your data or phone calls.

In other words, eavesdropping shouldn’t be a problem. However, older Bluetooth devices use versions of the Bluetooth protocol that have more security holes than a tasty slice of Swiss. Even the latest specification (4.0) has a similar problem with its low-energy (LE) variant.

To combat this threat: Ban devices that use Bluetooth 1.x, 2.0 or 4.0-LE.

Denial of service

Malicious attackers can crash your devices, block them from receiving phone calls and drain your battery.

To combat this threat: Again, switch off your Bluetooth when you’re not using it.

Bluetooth range is greater than you think

Bluetooth is designed to be a “personal area network.” That is to say, devices that are more than a few feet away should not be accessible via Bluetooth.

However, you’re not safe if you simply ensure there’s distance between you and a potential attacker; hackers have been known to use directional, high-gain antennae to successfully communicate over much greater distances. For example, security researcher Joshua Wright demonstrated the use of such an antenna to hack a Bluetooth device in a Starbucks from across the street.

To combat this threat: Once again, switch off your Bluetooth!

Bluetooth headsets

Wright has also demonstrated serious flaws in many popular Bluetooth headsets. By exploiting these vulnerabilities, attackers can eavesdrop on your conversations with the people around you, not just your phone calls. Built-in hands-free car kits can also be vulnerable.

The device becomes, in effect, a mobile bugging device, transmitting everything it hears to an attacker.

To combat this threat: Make sure you change the default PIN code to something hard to guess. And yup… switch off the headset.

See the Bigger Picture

It’s vital to develop and communicate company policies for mobile device security – including Bluetooth – so that your business’s data aren’t compromised and your users can work safely when mobile. While all mobile devices present risks that need to be addressed, Bluetooth security is one often-overlooked piece of the mobile security puzzle.

Save Time And Reduce Your Investment In Endpoint Security

Trojans, worms and spyware sound like elements straight from a summer blockbuster, but the kind of action/adventure they provide on your PCs, Macs, smartphones and tablets make them more like a horror movie.

By deploying effective endpoint security, you can help prevent attacks and keep your users safe from viruses and other malware, such as spear phishing and advanced persistent threats. Today’s  state-of-the-art endpoint securityhas come a long way from its early roots in “antivirus” and has morphed into a complex suite of sophisticated protections against modern threats.

But good protection isn’t free; so, how can you save money, while still protecting your computers? Here’s how to reduce your investment….

Keeping users safe

In an ideal world, users would be perfectly security conscious. These mythical users wouldn’t:

  • Click on suspicious links.
  • Open file attachments emailed by criminals pretending to be their friends.
  • Respond to phishing messages that appear to be from a bank.
  • Disable software updates because warnings and reboots are annoying.
  • Disable a security product because it slows down their PC.
  • Install free software from an untrustworthy developer, because their friend liked it on Facebook.

Sadly, our world is less than ideal. Much, much less: A recent report said that 86 percent of U.S. businesses surveyed had lost sensitive data during the previous year.

User awareness training helps, but it isn’t sufficient. That’s why your endpoints need securing. Doing so helps prevent your users from accidentally exposing sensitive business information, such as your  banking credentials, secret-sauce recipes or future product plans.

Save time and money on endpoint security

Your challenge is to protect your users while minimizing costs: How do you save time and money, while keeping your company safe?

Look for a modern endpoint security solution – not one thrown together from an old antivirus program and a fresh coat of paint.

How can you tell?

A start-of-the-art solution does the following:

  • Works intelligently in the background, without bogging down the user’s computer
  • Scans for malware in seconds, not hours
  • Uses a reliable, built-from-the-ground-up cloud security service to identify malware, not a huge signature file that’s quickly out-of-date
  • Works intelligently while offline, reconnecting with the cloud service to check changes made while disconnected
  • Fixes infected PCs, if necessary, by rolling back the computer’s state to a known-good point
  • Automatically monitors untrusted software executions to prevent infection
  • Allows you to enforce certain policy settings, such as use of USB ports, and prevents users from disabling security features
  • Doesn’t fight with competing installed products, to allow you to test it safely

How does it reduce your investment?

A modern solution will reduce costs by being integrable, controllable and reliable. That means your operating costs are lower, and you won’t lose money from malware infections that only waste IT workers’ time and squander end-user productivity.

Purchase cost is, of course, a factor. However, in most analyses of total cost of ownership (TCO), operations and end-user productivity losses dwarf all other costs.

You have to first consider your budget realities, but it’s smart to benchmark yourself against what similar companies spend. There are free security solutions, but they don’t provide the control or sophistication to minimize your TCO.

Don’t Be Fooled

Keeping your company safe requires more than a warmed-over, 10-year-old anti-virus product. You need a state-of-the-art endpoint protection solution to safeguard your organization, in addition to user awareness, enforced policies and proper patch management.

The best solutions allow you to sleep soundly, knowing that you’ve taken the key steps to protect your systems, while keeping costs low.

Tips to Mitigate Against and Handle Security Breaches

Risk assessment. Similar to any other risks that a business may face, when seeking to prevent cybersecurity breaches, the first step should include quantifying the risk. In the cybersecurity context, this will include identifying certain elements of a business’s system that are particularly exposed. This will range from the vulnerability of the company’s online web presence to the possibility of physical access (on-site) to a networked platform. Risk assessments should be carried out on a regular basis so that new threats can be identified and the business remains aware of current trends in cyber threats.

 

Software Security Measures. Having identified areas of risk, tailored security measures should be put in place to address these concerns. The company’s IT environment should include effective firewalls and antivirus software to deal with threats. It should also ensure that software used in the business is kept up-to-date with the latest security patches and updates.

On-Site Security Measures. The most effective software solutions will often be rendered useless where a breach of cybersecurity occurs through a breach of the company’s system from within. Sensitive computer systems should include effective access control restrictions, server rooms should be secured at all times and disposal of IT equipment should be handled securely by competent staff.

 

Service Providers. A cybersecurity breach in a third party, providing services to a business can be just as damaging as a breach in the business itself. Unfortunately, the business is likely to have even less control in this scenario; therefore, it is essential that all relevant contracts clearly delineate responsibility between the parties. On the occurrence of a cybersecurity breach, when time is critical, protracted negotiations on liability should always be avoided. Contracts with software providers should also be reviewed to ensure that maintenance services and bug patches apply to earlier versions of the software that may still be in use, and that any software updates are made available to the company on release.

Testing. One of the best ways to reduce the risk of a cybersecurity breach is to undergo testing, such as system penetration testing. Companies can avail of a range of tools from cybersecurity providers that will simulate an attempted system intrusion or a widespread DDoS (Distributed Denial of Service) attack.

 

Company Policies and Training. Putting in place effective policies to handle cybersecurity breaches is essential in mitigating the risk of a breach. This may include a specific cybersecurity policy, as part of a comprehensive IT policy. However, even the best policies are useless if staff are unaware of the content of policies or how they should operate in practice. Educating staff on potential threats and how to report them up the chain can be vital in the early detection and response to a cybersecurity breach.

 

Cyber Insurance. As the number of cybersecurity breaches has risen exponentially over recent years, a number of insurance products are now being made available to deal with the damage. Whilst the cybersecurity market is still relatively small, larger organisations are now beginning to take out such policies to mitigate risk. Cyber insurance policies often include a range of additional extras, such as access to technical experts that can assist a business in responding to a breach.

Handling Cybersecurity breaches

Where a cybersecurity breach has occurred, acting quickly (and efficiently) will be essential in minimising the damage.

 

Containment. One of the first responses on becoming aware of any cybersecurity breach is to contain the problem. Where it is possible that a third party has gained access to a system, such access should be blocked immediately. Where a breach involves the ongoing unauthorised disclosure of personal data, access to such data should be restricted. Whilst these actions will be obvious, it will be important to be aware of the disruptive effects this could have on the business. For example, shutting down core systems may also raise business continuity concerns. Therefore, it is important that backup systems are deployed where necessary to mitigate these effects. Finally, any immediate technical response, carried out by the business, should be comprehensively documented as it may need to be reported to the authorities at a later time.

 

Investigate. A full investigation should take place to assess the scale of the breach. In order to put in place appropriate remedial actions, it is important that the scale of any breach is not underestimated. It is also important that appropriate individuals are put in place to handle this investigation. In this respect, it is often beneficial to seek out external technical expertise, who may be more adept in identifying areas where the breach may have occurred. In parallel to any technical investigation, it is advisable that an external legal team carries out a similar investigation so that advice can be provided on the ramifications, whilst the business will still be protected under legal professional privilege, which may become relevant where future litigation may arise from the breach.