8 Things to Learn from a Data Breach Study (Part 2)

Posted by Stefanie Kober Tue, 12 Aug 2014 12:42:00 GMT



In our previous post on IT security, we discussed four key findings from a data breach study conducted by Ponemon Institute. In this article, we will further discuss these four key findings and outline preventative measures to avoid security breaches.

Key Findings (Continued)

5.    Cybercrime Costs Differ by Company Size, but Smaller Organizations Sustain a Significantly Higher Cost than Larger Organizations

While everyone is vulnerable to cyber-attacks, smaller organizations are more at risk. A common cyber-attack is the theft of sensitive data, and for a small organization, the loss of project files or customer databases can put them out of business.

Smaller companies (employees<20) should implement a VPN for secure connectivity anytime, anywhere. Due to their ease of use and versatility, SSL VPNs are well-suited for small companies allowing users to only access specific applications and services, and providing access to Web applications, Windows Terminal Servers and their applications or internal network connections.

6.    Information Theft, Followed by the Costs Associated with Business Disruption, Represent the Highest External Costs


Annually, information loss and business disruption (or lost productivity) account for 43% and 36% of external costs, respectively. (In the context of this study, an external cost is one that is created by external factors, including fines, marketability of stolen intellectual properties and litigation)

Setting up strong network security is therefore crucial. Increasingly, more organizations are adopting SSL VPNs, which ensure a secure network connection through the use of encryption, single-sign on options, and firewalls.

In order to minimize costs associated with business disruption, it is imperative that all organizations have a contingency plan in place that outlines how to contain and recover from a substantial security breach. The IT staff must quickly solve the issue, hopefully restoring data from backup files, and returning systems to service without any significant downtime. Nonetheless, any downtime can be disastrous in the case of mission critical systems. 

7.    Recovery and Detection are the Most Costly Internal Activities


Combined, recovery and detection account for 49% of the total internal activity cost per year; cash outlays and labor account for most of these costs. This highlights the importance of back-ups. A data-backup policy is especially important if the organization has several laptops or other mobile devices that can be lost or stolen. To avoid data theft from loss or stolen mobile devices, no data should be downloaded to the device, but rather all data is completely and securely located in the central corporate network.   

8.    A Strong Security Policy Minimizes the Cost of Cyber Attacks


As expected, businesses that invest in a strong security policy and system are better off than their counterparts. This stresses the importance of a strong security policy, which provides the plan for the overall security program adopted by the organization.

Conclusion

As cybercriminals have become more sophisticated in their tactics, fighting cybercrime has become increasingly challenging for organizations worldwide. Although sustaining an organization’s security posture or compliance with standards, policies and regulations also comes at a cost, the benefits of strong security measures outweigh the plausible costs incurred by cyber-attacks.

Author: Hazel Farrugia

no comments |

8 Things to Learn from a Data Breach Study (Part 1)

Posted by Stefanie Kober Thu, 07 Aug 2014 13:00:00 GMT



Recently, the sophistication of cyber-attacks has grown significantly. Cybercriminals are specializing and sharing intelligence so as to steal sensitive data and disrupt critical business functions. Consequently, the topic of cybercrime has been kept top of mind as the repercussions of a cyberattack are costly and potentially very damaging.   

Key Findings
The study, 2013 Cost of Cyber Crime Study: United States, was conducted by the Ponemon Institute and sponsored by HP Enterprise Security Products.

1.    Cybercrimes are Still Costly for Organizations

The average annual cost of cybercrime per organization was $11.6 million, an increase of 26% over the average cost reported in 2012. Considering this increase in cost, IT security should be a top priority for all organizations, as there is no single failsafe solution to protect against cybercrime.

2.    All Industries are Susceptible to Cybercrime

The average annual cost of cybercrime appears to differ according to industry segment; organizations in financial services, defense, and energy and utilities experience markedly higher crime costs than organizations in retail, hospitality and consumer products. The organizations facing higher security threats are not only at risk for financial loss due to cyber-attack, but are also more vulnerable to phishing attacks that could compromise sensitive customer data such as credit card, bank account and social security numbers.

3.    Denial of Service Attacks, Malicious Code and Web-based Attacks are the Most Costly Cybercrimes

These are responsible for more than 55% of all cybercrime costs to organizations. Denial of Service (DoS) is an attack which renders information or data unavailable to its intended recipients. Organizations using VPNs can mitigate such risks by configuring access control lists, a method of defining access rights according to user (such as a file directory or individual file).
Malicious code is a piece of executable code designed to harm a computer or its information, or prevent normal computer operations. Malicious code can come from various sources, such as the Internet, infected diskettes, files received via electronic mail, and worms that exploit several system vulnerabilities. It could also be introduced via a disgruntled insider, who has physical access to a computer or network.
A multilevel strategy is required to effectively defend against malicious code, including physical security, password management, product selection, configuration and maintenance, user awareness and education, up-to-date anti-virus software for servers, clients, and electronic mail and adequate system backups.       Web-based attacks focus on an application itself, as application vulnerabilities could provide the means for malicious end users to breach a system's protection mechanisms. Generally, such attacks take advantage or gain access to private information or system resources. To mitigate Web-based attacks, firewalls, reverse proxies, and intrusion detection and prevention systems (IDPS) should be used, which actively monitor for attacks and attempt to block or change the environment, thus preventing further attacks from reaching the protected application or system. 

4.    Cyber-attacks Can Be Costly if Not Resolved Rapidly 

The results show a direct and positive relationship between the time required to contain an attack and the organizational cost. The results also demonstrate that both the cost and the time taken to resolve an attack increased from the previous year. Failure to resolve the problem quickly leads to prolonged business disruption and gives competitors a distinct advantage.

Conclusion

The results of the study reveal that no one is immune cyber-attacks, which have the potential to inflict significant financial and reputational damage to the targeted organization. Stay tuned for Part 2 where we shall further discuss the findings of this data breach study and how organizations should protect themselves from becoming a victim of cyber-attacks.
  
Author: Hazel Farrugia

no comments |

3 Main Security Concerns as revealed by HOB Remote Access Study

Posted by Tobias Eichenseer Tue, 05 Aug 2014 13:56:00 GMT

Remote access solutions are gaining prevalence as organizations are adopting the mobile workforce strategy, benefitting from increased productivity and reduced expenses. When evaluating and planning a VPN solution, it is essential to understand the security risks that are associated with this technology.

Top 3 Remote Access Security Concerns  
In fall of 2013, HOB conducted a research survey on the state of remote access in the US. Over 200 CTOs and CIOs were polled, and findings revealed three main concerns regarding remote access security issues.

1.    Hackers gaining access to the Network during Employee Remote Access Solutions

Hackers have succeeded in breaking through two-factor authentication and identifying and exploiting vulnerability in a Web application to access an enterprise’s network. Therefore, it is not surprising that 66% of the polled respondents are concerned with hackers gaining access to the network during employee remote access sessions.
Organizations should implement safe and reliable VPNs which provide an adequate level of security, without compromising performance.

2.    Employees accessing the Network through their Personal Devices

Today, mobile devices such as smartphones, laptops and tablets have become an integral part of everyday life. As more organizations implement remote working policies, IT managers have less control over enterprise data from numerous devices. Furthermore, determining which devices are accessing which systems and data has become increasingly difficult.  
The repercussions of data breaches resulting from lost or stolen devices can be severe. In addition, IT managers generally lose data access visibility when multiple personal, unmanaged devices are connecting to the network simultaneously.
This highlights the importance of a comprehensive mobile workforce security policy, which should also include who is responsible for device maintenance and support, and which security measures should be implemented.

3.    Errors by the IT Team leaving the Network open to Intruders


Cyber-attacks are increasing in sophistication and frequency; the costs associated with cyber-attacks are not limited to monetary costs, but also encompass reputational loss and diminished competitive advantage. Security holes unintendedly created by the IT team may potentially lead to the exposure of sensitive enterprise data, financial fraud or even bankruptcy.
The results indicate that enterprises require new strategies in order to combat and prevent advanced cyber-attacks; IT teams should be wary of software and systems use and investigate any suspicious behaviors that are known to be associated with malicious activity.

Conclusion
As organizations make use of remote access to satisfy various business needs, securing the corporate network becomes priority. The findings of this study stress the importance of a robust mobile workforce strategy.

If you would like to learn about the state of remote access in the USA, please download our free eBook “The State of Remote Access in the US”.
 


Author: Hazel Farrugia

no comments |

How to Fight Cybercrime

Posted by Tobias Eichenseer Thu, 31 Jul 2014 11:52:00 GMT

Businesses and individuals are increasingly relying on computers and Internet-based networking. They experience several benefits, but also potential risks. When staff or business partners have constant access to internal networks from insecure locations, security is a major concern.

The Rise of Cybercrime
Cyberattacks generally refer to criminal activity involving the use of a computer network, normally conducted via the Internet. Internet users and organizations face increased risk of becoming targets of cyberattacks. An independent research report conducted by Ponemon Institute on organizations located in the United States in 2013 found that the U.S. experienced an increase of 18 percent in successful attacks from the previous year.
Today, criminals have more advanced technology and greater knowledge of cyber security. Attacks may include financial scams, computer hacking, virus attacks and distribution, denial-of-service, theft of an organization’s information assets, posting of sensitive business data on the Internet, and malware.

Risks of Cybercrime
For businesses and corporations, the cost associated with cyberattacks is large. Stolen or deleted corporate data can inflict financial damage on the victim, damage the company’s reputation, and negatively affect people’s livelihoods. The risks are even higher for small companies, since their businesses may rely solely on project files or customer data bases. The same Ponemon Institute study reported that in 2013, the average cost of cybercrime in the U.S. was $11.6 million annually - an increase in cost by 26 percent from the previous year.

Preventing Cyberattacks
Organizations should follow basic guidelines in order to reduce the security threat to their data and devices. To prevent cyberattacks, companies should:

1.    Use a Secure Connection to the Corporate Data
This generally involves implementing a Virtual Private Network (VPN). VPN technology provides protection for information that is being transmitted over the Internet by allowing users to form a virtual “tunnel” to securely enter an internal network to access resources, data and communications.

2.    Store Data Centrally
Centralized storage of data offers protection and increases speed, convenience and efficiency for accessing files. Sharing of files enables rapid and easy access to important data from virtually anywhere in the world. The relative mobility and control of data improves effectiveness of workflow. Another crucial advantage of centralized data is cost. Although it is possible to store and backup data on multiple machines, it is considerably more cost effective to use central storage. For instance, data can be stored on a server within the corporate LAN behind the firewall.

3.    Use Modern Authentication Methods
Authentication is the process by which the parties at either end of a network connection can verify the identity of the other party. Verification is typically based upon something you know (such as passwords), something you have (smart card or tokens), or something you are (biometric techniques, including fingerprint and eye scans). Deployment of modern authentication methods, such as Kerberos authentication protocol, ensures confidentiality through encryption that ensures no one can tamper with data in a Kerberos message. 

4.    Use Reliable, Strong Encryption Technology
Encryption is the process of changing information in a manner that cannot be deciphered by anyone except those holding special knowledge (generally referred to as a "key") that enables them to alter the information back to its original, readable form. A VPN turns the Internet (an unsecure environment) into a secure private network, by providing heavy encryption. In particular, an SSL VPN is best-suited for mobile apps. 
 
5.    Enforce Strong Passwords
Implementation of strong passwords is a basic security procedure, however it is often overlooked.  Complex, hard-to-crack passwords are a simple line of defense against a security breach. Password policies, which offer advice on proper password management, should be in place. Password best practices include:

•    Avoid using dictionary words or common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.
•    Do not use personal information. 
•    Use special characters, such as * and #.  The majority of passwords are case sensitive, therefore, a mixture of both upper case and lower case letters, as well as numbers, should be used.
•    Choose a long password, as passwords become harder to crack with each added character.
•    Create different passwords for different accounts and applications. Therefore, if one password is breached, the security of other accounts is not at risk.
•    Never write down passwords and leave them unattended in a desk drawer or any other obvious place.
•    Never communicate a password by telephone, e-mail or instant messaging
•    Never disclose a password to others, including people who claim to be from customer service.
•    Change passwords whenever there is any doubt that a password may have been compromised.

Conclusion
The growing popularity and convenience of digital networks has led to an increase in cyberattacks; consequently, keeping up to date with the most recent and important concerns facing the organization is in itself a challenge. Organizations can protect their highly sensitive information by following a safety plan and adopting reasonable security practices.
 
If you would like to learn more about VPN technology, and review some tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?
 

no comments |

Why IT Controls are Vital for Your Business

Posted by Tobias Eichenseer Tue, 29 Jul 2014 12:32:00 GMT

Controls are a mode of living. Whether it’s the workplace that requires a key fob or an identification badge, a password to log into the company network, or an access permission to use a copier, there are numerous controls/safeguards that we encounter during the normal course of our everyday lives. 

Defining Control Activities
Control activities are actions taken to minimize risk. A risk is the probability of an event or action having adverse consequences on an organization, such as information assets that are not adequately safeguarded against loss.
Control activities occur throughout the organization and include diverse activities, including approvals, authorizations, verifications, reviews of operating performance, and security of assets.

Internal controls
Internal controls are a fundamental part of any organization’s financial and business policies and procedures. The advantages of internal controls are:

  • Prevention of errors and irregularities; if these do occur, the inaccuracies will be detected in a timely method
  • Protection of employees from being accused of misappropriations, errors or irregularities by clearly outlining responsibilities and tasks

IT Controls
IT controls are a subdivision of internal controls, and refer to policies, procedures and techniques on computer-based systems. IT controls are essential to protect assets, highly sensitive information and customers. IT controls support business management and governance; they also offer general and technical controls over IT infrastructures.

Subdivisions of IT Controls
Generally, IT controls are divided into two main categories:

1.    General Controls
These apply to all system components, processes and data for a specific organization. General control activities are conducted within the IT organization or the technology they support, which can be applied to each system that the organization depends upon. These controls facilitate confidentiality, integrity and availability, contribute to the safeguarding of data, and promote regulatory compliance. General controls make safe reliance on IT systems possible. Examples of such controls include access controls (physical security and logical access) and business continuity controls (disaster recovery and back-up).

2.    Application Controls
These controls are business process controls, and contribute to the efficiency of individual business processes or application systems. Examples of application controls include access authorization, which is essential for security of the corporate network. This prevents users from downloading illegal material or viruses, and may also block unproductive or inappropriate applications. Other examples of application controls include segregation of duties and concurrent update control.

Modern IT Solutions
Virtual private network (VPN) technology enables a secure connection to the organization’s data to be made over insecure connections, such as the Internet, and is essential to providing comprehensive security, safety and flexibility to businesses. Furthermore, advanced VPN technology offers several services which help users maintain access to critical information. VPNs facilitate the implementation of IT controls. For instance, VPNs provide dynamic access portals, whereby network managers can define server access with application publishing in such a way that the user only sees his or her personal, customized portal.

Conclusion

Control activities occur throughout the organization, and IT controls are fundamental to protect information assets and mitigate business risks. Deployment of a modern virtual private network (VPN) technology facilitates the implementation and management of IT controls.

If you would like to learn more about VPN technology, and review some helpful tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?

no comments |

Private VoIP – Security in Verbal Communication

Posted by Tobias Eichenseer Thu, 24 Jul 2014 10:55:00 GMT

With the recent revelations by the controversial whistleblower Edward Snowden about surveillance on both digital and phone communications, people have started questioning the security level (or lack thereof) of traditional communication channels.

VoIP Recap
Voice over Internet Protocol (VoIP) is an alternative to traditional telephone systems (Public Service Telephone Network systems, PSTN). VoIP converts a voice-signal into data packets (IP) and uses the Internet to transmit these data. In our last blog on Voice over Internet Protocol, we discussed the advantages of VoIP versus PSTN - VoIP offers cost-effectiveness, higher flexibility, more features, an intuitive interface and better security. However, there are several ways to set up a VoIP connection: by means of the freely accessible worldwide web, referred to as the public VoIP network, or via a secured private or internal network.

Public vs. Private VoIP
In terms of telephony, the public networks pose disadvantages and risks, whereas private and secured IP networks offer safe and high quality VoIP communication. Public Internet telephony is subject to significant security risks, including eavesdropping, hacking or the theft and abuse of private data to conduct other crimes, such as identity theft. Companies seeking alternative telephone solutions should not overlook these risks.

Furthermore, the introduction of “free” calling services, such as Skype and Google Hangouts, are also sources of potential problems; these services utilize the Internet and the resultant connection quality is subject to the same problems as any other “public” connection. When using such services, apart from no guarantee of security, one must be aware of the vulnerabilities that are associated with third-party products, such as viruses and other attacks.

When communicating with business contacts or (potential) clients around the world, the highest priorities are optimum bandwidth utilization, high audio quality and security of the communication channel. However, when using the public VoIP network, these are precisely the factors that are put at risk. Data loss or theft can severely damage the corporate image which could result in immediate and long-term loss of clients and revenue. Conversely, when using a VoIP service via a private network, the voice packets remain on the private Internet, and no voice traffic travels over the public Internet. This enables a provider to offer an IP-based voice solution that eliminates all the concerns of quality and reliability.

With traditional VoIP services, hackers with access to packet sniffers and similar tools are able to monitor pertinent call location and transmission details, or eavesdrop on confidential conservations. However, with a VoIP over a private network, voice packets are routed securely over a private and safe network, thus abolishing security threats.

Flexible and Secure Communication: HOB Phone
Many companies have high requirements on both security and the quality of their communications that they cannot use services from a free-provider. To this end, HOB has developed HOB Phone: a purely web-based Voice-over-IP client. HOB Phone allows phone communication from different locations around the world through the Internet over a virtual private network. It enables a secure, encrypted voice communication so that calls cannot be intercepted. The great advantage of the HOB solution is that there is no need for an installation or administration rights on the client side.

Meeting Modern Business Needs
A great benefit of VoIP is that the service can be used to make and receive calls from any location. VoIP renders the management practice of telework (remote working) possible as it provides service and number mobility, which is not possible with traditional phone technology. Using a private VoIP service, a user can use the same number from virtually anywhere, as long as it has proper IP connectivity.

Conclusion
A VoIP connection over private networks provides higher quality and security than those that function strictly over the public Internet. The VoIP client HOB Phone connects over a virtual private network to the enterprise telephone system without intensive software installation.
 


Author: Hazel Farrugia
 

no comments |

5 Reasons Businesses Should Switch to VoIP

Posted by Tobias Eichenseer Tue, 22 Jul 2014 14:17:00 GMT

Businesses strive to reduce operating costs whilst improving their mode of operation. Voice-over Internet Protocol (VoIP) offers a host of significant advantages compared to Public Service Telephone Network systems (PSTN), which is why businesses are implementing convergent speech- and data networks and VoIP systems. When using VoIP, voice traffic travels on the internet or over private data network lines, rather than being channeled across conventional commercial telecommunications lines. The benefits of VoIP include:

1. Cost-effectiveness
Probably the most striking advantage of VoIP is its ability to save on expenses.
For businesses, VoIP decreases the cost for equipment and effort, reducing labor and maintenance costs. The cost of long-distance phone calls can be reduced effectively with VoIP, in contrast to public switched telephone networks, which involve expensive international calls.

2. Increase flexibility

VoIP allows for management practices, such as teleworking, which are not possible with traditional phone technology. VoIP provides service and phone mobility, since the VoIP system can be used virtually anywhere, with the same company number, given that a broadband connection is available. This means that the user is not restricted solely to a fixed workplace, but can also work while travelling, for example. Using a headphone/microphone set connected to a computer system, a laptop can also serve to receive important customer phone calls.

3.More features
VoIP provides a number of useful features, which are, in addition to the standard features, associated with a traditional telephone system. Simultaneous communication with more than two persons is possible with VoIP; therefore this allows for online conferences with numerous persons at one go, decreasing travel costs. Other features include hold and unhold calls, support of several accounts, and call transfer ability, all of which are not possible using standard telephone equipment. VoIP feature upgrades normally require only bandwidth and software upgrades.

4. Intuitive Interface
The majority of VoIP systems use a web GUI, such that working with VoIP is rendered as easy as possible.
 
5. Security
Many enterprises are opting for VoIP on their own virtual private networks (VPN), benefitting from better security and quality than those that function solely over the public Internet. SSL VPN products provide security measures that can be used to protect the data traffic from unwanted access by unauthorized persons, both accidental and malicious, for all communications that pass over the Internet.

Making secure calls using HOBPhone
HOB RD VPN offers secure, flexible and comprehensive remote access to centrally stored company data and applications. One of the key functionalities of HOB RD VPN blue edition is HOBPhone. The Java-based SIP client HOBPhone easily connects to the enterprise telephone system without intensive software installation and allows for phoning from different locations worldwide via the Internet – and is completely comfortable and reliable. It is a secure, encrypted voice communication, thus calls are unable to be tapped.

Moreover, several user accounts can be used simultaneously, with a centrally configurable telephone book. The great advantage of the HOB solution: There is no need for an installation or administration rights on the client side. Worldwide connectivity for employees can thus be achieved quickly and easily. HOBPhone supports five accounts, whereby the user can make and receive calls from these five different lines. Voice conferencing with many persons from different accounts is made possible using HOBPhone, and one has the possibility to connect with exchange server for contacts. HOBPhone can be used with a Windows, Mac, or Linux operating system.

Readers, do you think that VoIP is the way to go for establishing secure business calls? Please share your thoughts in the comments below.

no comments |

Should You Really Trust Public Cloud Storage Services with Your Valuable Data?

Posted by Tobias Eichenseer Thu, 17 Jul 2014 13:52:00 GMT

Businesses today face a new challenge in the form of data – big data analytics make businesses more efficient, and for many companies, managing large volumes of data (storing, sharing and backing up company files) has become mission critical. In part, this challenge has been overcome by cloud storage services such as DropBox and Google Drive, but how safe are such services?

While there are many exciting uses for cloud storage, using public cloud storage services to store the bulk of your private or corporate data is not advisable.

No Security, No Protection from Deletion or Loss
The notion of storing all or the majority of your files online appears to be a simple and affordable option for everyone. However, there is a catch – none of your data is safe! Almost all of the main cloud storage services refuse to assure the security of any data uploaded to their servers. Until a provider is ready to guarantee the safety of your data, it is not sensible to upload anything of importance. With these solutions, all of the individual or company’s sensitive data is housed on a cloud server that the individual/company has no control over. This is obviously an issue for many organizations.

No Protection from Spying or Termination
One issue is having data deleted or inaccessible, but what if all private documents are scanned and searched through? Transferring documents to a digital/online medium does not indicate that that we should lose all rights to privacy. However, when using cloud storage services, we are losing our privacy.
 
No Permissions and Access Control
More traditional server systems or private cloud deployments allow for extremely fine-grained access control of files by setting up group permissions allowing certain data to be accessible to specific users. Often, groups are set up on servers and folders are shared accordingly, such as “administrators,” “financial,” and “sales”. In this manner, the sales staff cannot access your HR data, and the receptionist cannot read your financial information. Implementing similar permissions on cloud services is not an easy task. Many cloud storage services adopt the philosophy of simplicity, whereby they do not offer more advanced controls such as permissions and access control.  

Other Prevalent Issues to Consider
Apart from the issues outlined above – security, spying and access control – there are several other issues to consider before opting for cloud storage services. Some organizations, businesses and industries may have regulations or by-laws that prevent them from using such services because they handle data that is highly sensitive and requires a high level of protection. Furthermore, these service providers are allowed to change the way that the service operates, unbeknownst to their customers, which can cause issues for organizations who are not prepared for it.       
 
Conclusion
Due to minimal costs involved, these cloud services may appear to be an easy solution to data management, but it is still not worth the risk; for businesses, data loss or theft may result in complications that translate into millions of dollars, and may permanently damage the company’s brand and reputation. Public cloud storage services are an innovative step in cloud computing, but our advice is not to put anything of value in it. Ultimately, security should never be sacrificed for compatibility.

Author: Hazel Farrugia

no comments |

5 Threats of Security Breaches to Businesses

Posted by Stefanie Kober Tue, 15 Jul 2014 12:41:00 GMT



The year 2013 is synonymous with cyber attacks and numerous data breaches. Individuals and organizations worldwide are now more aware of widespread surveillance and cyber threats. But what are the costs associated with business security breaches?

1.    Direct Financial Loss
Attackers may specifically target customers’ credit card numbers, employees’ checking account numbers, and the company’s merchant account passwords. Especially in the financial services industry, indirect legal fees or fines resulting from the security incident can significantly increase the costs, independent of whether the criminal is brought to justice.

2.    Violation of Privacy
Employees are trusted to keep personal information private. Likewise, customers trust the organization to keep their credit card numbers and credit histories confidential. If this privacy is violated, legal consequences arise. 

3.    Lower Competitive Advantage and Lost Sales
Theft, modification, destruction of propriety sales proposals, business plans, product designs or other highly sensitive information can significantly give competitors a marked advantage. Sales are also lost as a consequence of the cyber attack, and the repercussions ensue long after the incident takes place.

4.    Damage of Corporate Reputation and Brand

Building and maintaining a corporate image and establishing trusted relationships with customers and business partners is critical to an organization. However, the corporate credibility and business relationships can be considerably damaged if proprietary or private information is compromised. 

5.    Loss of Business Continuity
In the case of a service disruption caused by a data breach, the IT team must quickly address the problem, so as to minimize downtime of the system, and restore data from backup files. Nonetheless, when mission-critical systems are involved, any downtime can have catastrophic consequences. In other cases, when lost data may have to be meticulously reconstructed manually, this decreases the amount of time that systems are functioning to below acceptable levels.

Business Network Protection
As discussed above, the consequences associated with security breaches are vast and long-lasting. Several organizations now use remote access solutions to maintain a high level of security for sensitive corporate information. In particular, many companies opt for SSL VPNs due to their flexibility – SSL VPNs are not restricted to employee remote access, but incorporate partners, contractors, and possibly also customers. The increasing amount of hacking attacks and sophistication of security threats demand the use of advanced network security via a high-quality VPN as a component of a comprehensive business security policy.

If you are interested in how to secure your network from cyber attacks, we invite you to visit our website www.hobsoft.com. On our website you will be able to find data sheets of our VPN solutions as well as interesting e-books and whitepapers.

Author: Hazel Farrugia

no comments |

5 Best Practices to Boost Remote Worker Productivity

Posted by Stefanie Kober Thu, 10 Jul 2014 10:44:00 GMT



Introduction:
Today, mobile workforces stay connected in and out of the office and use their devices for work and personal purposes. The ultimate goal of a remote working strategy is to increase productivity and reduce costs; indeed, studies by Best Buy, Dow Chemical and many others have proven that teleworkers are 35-40% more productive than their in-office counterparts.

The drafting and implementation of an organization-wide workplace strategy will ensure that end users at all levels of the organization will enjoy a positive experience. The following are five best practices that effectively boost remote workers’ productivity:

1. Maximize Employee Participation
Maximizing employee participation is the first step to maximizing employee productivity. Not all employees benefit equally from remote working; however, without a critical mass of users, the benefits will be limited. IT teams should not restrict solutions, such as mobile workplaces, to only those who “seem” to need it. Remote working allows employees to respond to colleagues and customers faster, therefore IT teams and managers should not deter employees from working anywhere and anytime.

2. Ensure Employees Have the Productivity Tools they Require

Employees should be encouraged to use a wide range of productivity tools which do not pose network security risks. However, if IT teams are uncertain how to handle such employee requests, they generally allow employees to use these tools without providing adequate security, or block the use of the tools entirely. Regardless of the circumstances, IT teams should circumvented security risks by deploying security solutions that allow employees to utilize tools without compromising the network security.

3. Free Use of Personal Apps and Services
Whether the device is personally owned or provided by the company, employees should be able to use their personal apps and services. Blocking an employee from storing their personal information with a cloud service provider is significantly different from ensuring corporate data does not end up in the public cloud. IT teams should focus on controlling data rather than controlling devices.

4. Offer Self-Service Support for Everyday Activities
There is a common notion that mobile devices will result in an increase in support costs – however this is a misconception. Conversely, if the IT teams provide a self-service capability, particularly for routine activities, it usually results in decreased in support costs. IT teams should stop short of supporting personal apps and services, but should invariably offer to assist with supporting business apps.

5. Support Wide Range of Devices
For the mobile workplace program to be widely adopted, the program should support a wide range of devices. Though challenges may arise, such as Android’s variability regarding support for on-device encryption and other enterprise-level security and management controls, the overall benefit is net positive.

The Future of Remote Working
The current trend towards remote working is expected to become even more prevalent in the future. With the right practices and controls in place, employee productivity can be maximized, without putting the security of the network at risk.

If you would like to learn about the advantages and limitations of mobile workplaces, and find out how to develop a strategy for mobile workplaces with the help of VPNs, please download our free eBook “Home Offices Made Easy”.

Author: Hazel Farrugia

no comments |