Our customers always knew that our secure remote access solutions were exceptional and now we have additional accolades to prove it. At the 10th annual 2015 IT World Awards, hosted by Network Products Guide, the IT industry’s leading technology research and advisory publication, HOB won three awards for our Remote Desktop Virtual Private Network (HOB RD VPN version 2.1).
Our flagship product, HOB RD VPN (version 2.1), won gold in the “Best Security Software” category, silver in the “Best IT Software” category and bronze in the “Most Innovative IT Software” category.
The awards honor excellence in every facet of the IT industry, people and products included. Nominees went through a rigorous review process conducted by a panel of industry experts before winners were announced.
Here’s what sets our product apart: HOB RD VPN is not your typical SSL VPN. It’s high-performance, enabling convenient, yet secure remote access to enterprise resources and data, thereby decreasing costs and administration effort while increasing productivity and enhancing IT security. Version 2.1 of HOB RD VPN improves accessibility and auto-synchronization of corporate files across different platforms and devices.
Secure remote access is a top of mind industry issue as ever-connected employees demand flexible work environments. Employers must meet this demand while ensuring that corporate intellectual property is safe. Our solution meets both sides in the middle; equipping mobile workers with the access and resources they demand, while gifting industry leaders with peace of mind, knowing that this information remains secure.
We’re extremely proud and humbled to receive industry recognition alongside some of the brightest and best in the business and see these awards as a milestone in our journey to fuse security and flexibility for all of our customers.
Most companies are turning to virtual private networks (VPNs) to reduce costs and increase security and performance. By using a public network, VPNs can connect off-site users, such as teleworkers and remote workers, vendors, and customers, to a larger centralized network. A VPN is considered as important as the internet connection itself, therefore choosing the right VPN solution is essential.
There are several different VPN solutions in the market today, therefore extra caution must be taken to ensure that the best possible decision is made when choosing a business VPN solution.
The two main product categories are dedicated VPN hardware appliances, and software VPNs (also called server-based VPNs). In the case of software VPNs, the VPN endpoint is actually software running on the device itself, whereas a hardware VPN is a virtual private network based on a single, stand-alone device.
The following four key points highlight how software VPNs are superior to hardware VPNs:
VPN software is generally considered to be a relatively low-cost way to deploy a VPN; dedicated hardware VPN appliances are more expensive than a software VPN because, generally, the VPN software is installed on an existing device. This means there is virtually no other investment required apart from software upgrades.
- Easy Network Management
A further advantage to the software VPN approach is that the network does not change. No additional devices need to be installed, and management of the network remains the same. In contrast, a VPN appliance involves adding a new piece of equipment to the network, therefore increasing the complexity of the networking environment.
- Less Training
Another benefit is that generally, less training is required in the case of software VPNs. Conversely, in hardware VPNs, the IT staff would require more intensive training since the configuration and management tools will probably be different than the ones used on the corporate routers.
- Performance and Scalability
The performance factor is equally as important. The ability to expand the VPN to support more sites or users should not be underestimated when choosing a VPN. Pure software VPN solutions benefit from high scalability. This is not the case for a hardware VPN. If a company were to start with a VPN appliance designed to support 50 simultaneous VPN sessions, and later experience considerable increases in personnel, the VPN would need to accommodate more users. This would require scaling up the VPN will require the purchase of more appliances. Selecting a VPN that is not scalable can easily double the cost if or when the VPN capacity is outgrown.
When choosing a VPN, special attention should be paid to the merits of the various deployment models (SSL VPN vs. IPsec VPN). Modern, pure software SSL VPNs do not require the installation of specialized client software on the end user’s computer. This translates to high scalability and the ability to support many different platforms (such as Windows®, Mac, Linux/Unix), from virtually any device. SSL VPNs enable secure server-based computing environment with strong SSL encryption and strong authentication.
HOB RD VPN is a very performant software SSL-VPN solution, which was only recently certified by the German Federal Office for Information Security. If you are interested in VPN solutions, don’t hesitate to visit our website www.hobsoft.com and inform yourself about HOB software solutions “Made in Germany”.
In our previous post on IT security, we discussed four key findings from a data breach study conducted by Ponemon Institute. In this article, we will further discuss these four key findings and outline preventative measures to avoid security breaches.
Key Findings (Continued)
5. Cybercrime Costs Differ by Company Size, but Smaller Organizations Sustain a Significantly Higher Cost than Larger Organizations
While everyone is vulnerable to cyber-attacks, smaller organizations are more at risk. A common cyber-attack is the theft of sensitive data, and for a small organization, the loss of project files or customer databases can put them out of business.
Smaller companies (employees<20) should implement a VPN for secure connectivity anytime, anywhere. Due to their ease of use and versatility, SSL VPNs are well-suited for small companies allowing users to only access specific applications and services, and providing access to Web applications, Windows Terminal Servers and their applications or internal network connections.
6. Information Theft, Followed by the Costs Associated with Business Disruption, Represent the Highest External Costs
Annually, information loss and business disruption (or lost productivity) account for 43% and 36% of external costs, respectively. (In the context of this study, an external cost is one that is created by external factors, including fines, marketability of stolen intellectual properties and litigation)
Setting up strong network security is therefore crucial. Increasingly, more organizations are adopting SSL VPNs, which ensure a secure network connection through the use of encryption, single-sign on options, and firewalls.
In order to minimize costs associated with business disruption, it is imperative that all organizations have a contingency plan in place that outlines how to contain and recover from a substantial security breach. The IT staff must quickly solve the issue, hopefully restoring data from backup files, and returning systems to service without any significant downtime. Nonetheless, any downtime can be disastrous in the case of mission critical systems.
7. Recovery and Detection are the Most Costly Internal Activities
Combined, recovery and detection account for 49% of the total internal activity cost per year; cash outlays and labor account for most of these costs. This highlights the importance of back-ups. A data-backup policy is especially important if the organization has several laptops or other mobile devices that can be lost or stolen. To avoid data theft from loss or stolen mobile devices, no data should be downloaded to the device, but rather all data is completely and securely located in the central corporate network.
8. A Strong Security Policy Minimizes the Cost of Cyber Attacks
As expected, businesses that invest in a strong security policy and system are better off than their counterparts. This stresses the importance of a strong security policy, which provides the plan for the overall security program adopted by the organization.
As cybercriminals have become more sophisticated in their tactics, fighting cybercrime has become increasingly challenging for organizations worldwide. Although sustaining an organization’s security posture or compliance with standards, policies and regulations also comes at a cost, the benefits of strong security measures outweigh the plausible costs incurred by cyber-attacks.
Author: Hazel Farrugia
Recently, the sophistication of cyber-attacks has grown significantly. Cybercriminals are specializing and sharing intelligence so as to steal sensitive data and disrupt critical business functions. Consequently, the topic of cybercrime has been kept top of mind as the repercussions of a cyberattack are costly and potentially very damaging.
The study, 2013 Cost of Cyber Crime Study: United States, was conducted by the Ponemon Institute and sponsored by HP Enterprise Security Products.
1. Cybercrimes are Still Costly for Organizations
The average annual cost of cybercrime per organization was $11.6 million, an increase of 26% over the average cost reported in 2012. Considering this increase in cost, IT security should be a top priority for all organizations, as there is no single failsafe solution to protect against cybercrime.
2. All Industries are Susceptible to Cybercrime
The average annual cost of cybercrime appears to differ according to industry segment; organizations in financial services, defense, and energy and utilities experience markedly higher crime costs than organizations in retail, hospitality and consumer products. The organizations facing higher security threats are not only at risk for financial loss due to cyber-attack, but are also more vulnerable to phishing attacks that could compromise sensitive customer data such as credit card, bank account and social security numbers.
3. Denial of Service Attacks, Malicious Code and Web-based Attacks are the Most Costly Cybercrimes
These are responsible for more than 55% of all cybercrime costs to organizations. Denial of Service (DoS) is an attack which renders information or data unavailable to its intended recipients. Organizations using VPNs can mitigate such risks by configuring access control lists, a method of defining access rights according to user (such as a file directory or individual file).
Malicious code is a piece of executable code designed to harm a computer or its information, or prevent normal computer operations. Malicious code can come from various sources, such as the Internet, infected diskettes, files received via electronic mail, and worms that exploit several system vulnerabilities. It could also be introduced via a disgruntled insider, who has physical access to a computer or network.
A multilevel strategy is required to effectively defend against malicious code, including physical security, password management, product selection, configuration and maintenance, user awareness and education, up-to-date anti-virus software for servers, clients, and electronic mail and adequate system backups. Web-based attacks focus on an application itself, as application vulnerabilities could provide the means for malicious end users to breach a system's protection mechanisms. Generally, such attacks take advantage or gain access to private information or system resources. To mitigate Web-based attacks, firewalls, reverse proxies, and intrusion detection and prevention systems (IDPS) should be used, which actively monitor for attacks and attempt to block or change the environment, thus preventing further attacks from reaching the protected application or system.
4. Cyber-attacks Can Be Costly if Not Resolved Rapidly
The results show a direct and positive relationship between the time required to contain an attack and the organizational cost. The results also demonstrate that both the cost and the time taken to resolve an attack increased from the previous year. Failure to resolve the problem quickly leads to prolonged business disruption and gives competitors a distinct advantage.
The results of the study reveal that no one is immune cyber-attacks, which have the potential to inflict significant financial and reputational damage to the targeted organization. Stay tuned for Part 2 where we shall further discuss the findings of this data breach study and how organizations should protect themselves from becoming a victim of cyber-attacks.
Author: Hazel Farrugia
Remote access solutions are gaining prevalence as organizations are adopting the mobile workforce strategy, benefitting from increased productivity and reduced expenses. When evaluating and planning a VPN solution, it is essential to understand the security risks that are associated with this technology.
Top 3 Remote Access Security Concerns
In fall of 2013, HOB conducted a research survey on the state of remote access in the US. Over 200 CTOs and CIOs were polled, and findings revealed three main concerns regarding remote access security issues.
1. Hackers gaining access to the Network during Employee Remote Access Solutions
Hackers have succeeded in breaking through two-factor authentication and identifying and exploiting vulnerability in a Web application to access an enterprise’s network. Therefore, it is not surprising that 66% of the polled respondents are concerned with hackers gaining access to the network during employee remote access sessions.
Organizations should implement safe and reliable VPNs which provide an adequate level of security, without compromising performance.
2. Employees accessing the Network through their Personal Devices
Today, mobile devices such as smartphones, laptops and tablets have become an integral part of everyday life. As more organizations implement remote working policies, IT managers have less control over enterprise data from numerous devices. Furthermore, determining which devices are accessing which systems and data has become increasingly difficult.
The repercussions of data breaches resulting from lost or stolen devices can be severe. In addition, IT managers generally lose data access visibility when multiple personal, unmanaged devices are connecting to the network simultaneously.
This highlights the importance of a comprehensive mobile workforce security policy, which should also include who is responsible for device maintenance and support, and which security measures should be implemented.
3. Errors by the IT Team leaving the Network open to Intruders
Cyber-attacks are increasing in sophistication and frequency; the costs associated with cyber-attacks are not limited to monetary costs, but also encompass reputational loss and diminished competitive advantage. Security holes unintendedly created by the IT team may potentially lead to the exposure of sensitive enterprise data, financial fraud or even bankruptcy.
The results indicate that enterprises require new strategies in order to combat and prevent advanced cyber-attacks; IT teams should be wary of software and systems use and investigate any suspicious behaviors that are known to be associated with malicious activity.
As organizations make use of remote access to satisfy various business needs, securing the corporate network becomes priority. The findings of this study stress the importance of a robust mobile workforce strategy.
If you would like to learn about the state of remote access in the USA, please download our free eBook “The State of Remote Access in the US”.
Author: Hazel Farrugia
Controls are a mode of living. Whether it’s the workplace that requires a key fob or an identification badge, a password to log into the company network, or an access permission to use a copier, there are numerous controls/safeguards that we encounter during the normal course of our everyday lives.
Defining Control Activities
Control activities are actions taken to minimize risk. A risk is the probability of an event or action having adverse consequences on an organization, such as information assets that are not adequately safeguarded against loss.
Control activities occur throughout the organization and include diverse activities, including approvals, authorizations, verifications, reviews of operating performance, and security of assets.
Internal controls are a fundamental part of any organization’s financial and business policies and procedures. The advantages of internal controls are:
- Prevention of errors and irregularities; if these do occur, the inaccuracies will be detected in a timely method
- Protection of employees from being accused of misappropriations, errors or irregularities by clearly outlining responsibilities and tasks
IT controls are a subdivision of internal controls, and refer to policies, procedures and techniques on computer-based systems. IT controls are essential to protect assets, highly sensitive information and customers. IT controls support business management and governance; they also offer general and technical controls over IT infrastructures.
Subdivisions of IT Controls
Generally, IT controls are divided into two main categories:
1. General Controls
These apply to all system components, processes and data for a specific organization. General control activities are conducted within the IT organization or the technology they support, which can be applied to each system that the organization depends upon. These controls facilitate confidentiality, integrity and availability, contribute to the safeguarding of data, and promote regulatory compliance. General controls make safe reliance on IT systems possible. Examples of such controls include access controls (physical security and logical access) and business continuity controls (disaster recovery and back-up).
2. Application Controls
These controls are business process controls, and contribute to the efficiency of individual business processes or application systems. Examples of application controls include access authorization, which is essential for security of the corporate network. This prevents users from downloading illegal material or viruses, and may also block unproductive or inappropriate applications. Other examples of application controls include segregation of duties and concurrent update control.
Modern IT Solutions
Virtual private network (VPN) technology enables a secure connection to the organization’s data to be made over insecure connections, such as the Internet, and is essential to providing comprehensive security, safety and flexibility to businesses. Furthermore, advanced VPN technology offers several services which help users maintain access to critical information. VPNs facilitate the implementation of IT controls. For instance, VPNs provide dynamic access portals, whereby network managers can define server access with application publishing in such a way that the user only sees his or her personal, customized portal.
Control activities occur throughout the organization, and IT controls are fundamental to protect information assets and mitigate business risks. Deployment of a modern virtual private network (VPN) technology facilitates the implementation and management of IT controls.
If you would like to learn more about VPN technology, and review some helpful tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?
While there has been much coverage online about the Heartbleed bug, it hasn’t been clear exactly which websites have been affected by the bug. Our friends at Mashable created a list of popular websites that may have been affected by the bug as well as feedback from representatives at those companies. See our abridged version of the list below.
Websites that highly suggest you change your password as soon as possible:
Websites that don’t find it necessary to change your password:
Many websites that suggest you change your password are unclear whether their site was affected or not, but still recommend that users create new and unique passwords. For example, a Facebook representative stated, "We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to .set up a unique password."Because the Heartbleed bug is still an unraveling mystery, we believe the mantra “better safe than sorry” properly applies here. We suggest changing your passwords for every site you have an account with.
We’ll continue to update our blog with any new information about the bug!
The Heartbleed Bug has affected websites, e-mails, and banking institutions utilizing open SSL/TLS encryption. As the story continues to unfold, IT security experts provide their thoughts on the one of the most significant internet security crises to date
· "[This] underlines the vulnerability of the username and password system as a method of authentication. Username and password is old technology that is not up to the standard required to secure the deep information and private services that we as individuals store and access online today." -- Brian Spector, CEO, CertiVox
· "Not all versions of OpenSSL are affected by the latest vulnerability. The 1.0.1 and 1.0.2-beta releases have the bug and a fix has already been implemented. This is one of the benefits of an open source software project. Changes are generally easier to detect and fixes tend to come quickly." -- Steve Pate, chief architect, HyTrust
· "Although we are just finding out about this vulnerability now, it has existed for over two years. That means attackers may have already exploited the vulnerability during that time, stealing passwords, payment card information and other sensitive data without the end-user or business even realizing...” -- John Miller, security research manager, Trustwave
In our previous blog, we mentioned that experts recommend users change the passwords for all of their online accounts to protect themselves from the consequences of the Heartbleed bug. But before changing your passwords for specific websites, first check to determine if you should first check that those sites have adopted the Heartbleed fix. Users can easily check if a site is secure by going to this website.
Dear readers, in this blog article we heard some expert opinions. Now, we are interested in your personal opinion! What do you think about the Heartbleed Bug and how did it affect you?
Like Cryptolocker, a new security culprit has been unleashed on the Internet. The Heartbleed bug is a vulnerability within the popular OpenSSL technology that allows hackers to easily steal a service’s encryption keys, thereby allowing them to steal other sensitive information including passwords and credit card numbers. This new bug was discovered by a team of security engineers at tech company Codenomicon and Neel Mehta of Google Security.
Fortunately, a fix has already been created. However, the onus is on the service provider to adopt the fix before they can be secure from hackers.
So what can you do to immediately protect your data?
Security researchers advise Internet users to first make sure that service providers have fixed the bug on their server—a new password for a service that has not installed the fix can easily be stolen. Then, change the passwords to all of your services, especially for sites that contain sensitive information like e-mail accounts and banking accounts.
Security researchers also recommend that users use highly secure passwords. Check out our previous blog, “The Importance of a Strong Password” for password strength suggestions.