Talented job candidates are out there, but unfortunately the perfect candidate for a job in Sydney, Australia, may reside in Lima, Peru, or vice versa. Luckily, with secure remote access solutions, geography is no longer a limitation in connecting top talent from across the globe with work opportunities. Companies with reliable secure remote access solutions not only have a competitive edge in attracting these valuable candidates, but also benefit from the larger candidate pool.
Here are some of the beneficiaries of secure remote access solutions:
Bringing a child into the world can be an overwhelming, tumultuous time when new parents may feel torn between their careers and families. Many parents with new children feel pressured to resume work as soon as possible, then quickly regret the precious bonding time they missed with their infant. Secure remote access solutions enable these parents to witness their child’s first steps while also pursing their own passions with a flexible work from home (WFH) career.
Military spouses or spouses of those with jobs that require frequent relocation can benefit from secure remote access solutions. In lieu of conducting a time-consuming job-hunt at each new location or transferring branches, this group can find a company with secure remote access solutions that enable working from home so that their career continues to grow regardless of location. Additionally the companies that hire military spouses benefit from the talent and expertise they bring to work, thanks to secure remote access.
Part-time Job Seekers
A freelancer with a fulltime job in one location may want to pursue an opportunity in another location. Secure remote access solutions open up a host of freelancing and part-time opportunities across the globe, connecting us and fostering collaboration and creativity like never before.
In an increasingly wired and digital world, flexibility is king. Companies unable to offer WFH options fall behind in attracting and maintaining top talent. Having to relocate for a position costs time and money and many talented candidates are leery of leaving family, friends and their communities behind to pursue a career elsewhere. Secure remote access takes physical location out of the equation, giving companies a competitive hiring edge. Once hired, WFH employees tend to be more productive, less absent from work and more cost-effective for employers, who no longer have to purchase expensive laptops, tablets, phones, printers and Internet services. HOB offers an array of secure remote access solutions guaranteed to give your business a competitive edge in the “war for talent” and to maintain valuable employees who can bring their best to the job, even from a distance.
Visit our website to learn more about our comprehensive Remote Access solutions.
Our customers always knew that our secure remote access solutions were exceptional and now we have additional accolades to prove it. At the 10th annual 2015 IT World Awards, hosted by Network Products Guide, the IT industry’s leading technology research and advisory publication, HOB won three awards for our Remote Desktop Virtual Private Network (HOB RD VPN version 2.1).
Our flagship product, HOB RD VPN (version 2.1), won gold in the “Best Security Software” category, silver in the “Best IT Software” category and bronze in the “Most Innovative IT Software” category.
The awards honor excellence in every facet of the IT industry, people and products included. Nominees went through a rigorous review process conducted by a panel of industry experts before winners were announced.
Here’s what sets our product apart: HOB RD VPN is not your typical SSL VPN. It’s high-performance, enabling convenient, yet secure remote access to enterprise resources and data, thereby decreasing costs and administration effort while increasing productivity and enhancing IT security. Version 2.1 of HOB RD VPN improves accessibility and auto-synchronization of corporate files across different platforms and devices.
Secure remote access is a top of mind industry issue as ever-connected employees demand flexible work environments. Employers must meet this demand while ensuring that corporate intellectual property is safe. Our solution meets both sides in the middle; equipping mobile workers with the access and resources they demand, while gifting industry leaders with peace of mind, knowing that this information remains secure.
We’re extremely proud and humbled to receive industry recognition alongside some of the brightest and best in the business and see these awards as a milestone in our journey to fuse security and flexibility for all of our customers.
In our last post on teleworking, we discussed how remote working is gaining momentum and becoming more widespread. If a company implements, or is planning to implement, teleworking policies, there are a series of steps to take in order to address security implications.
Creating a Secure Teleworking Program
Prior to establishing teleworking policies, organizations must address information security issues by first defining requirements for both employees and employers. To ensure the security of teleworking, the following aspects should be considered:
1. The employer must determine whether to issue a company-owned device or allow employees to use a personal device for remote working. If the employer provides a computer, the employer can control what is installed and which activities are allowed or prohibited (such as instant messaging).
2. The teleworking policy should state what software is required for the employee to work remotely and what software types are forbidden on the computer.
3. If the network connections are secured incorrectly, sensitive corporate data can be intercepted during the data transmission between the home and the office network. To mitigate this risk, a virtual private network (VPN) is the best practice for securing communication to the organization’s internal network. When connected to the organization’s network, all transmissions should be encrypted, both coming from and going to the corporate network.
4. f the remote worker accesses the organization’s network from home, the organization should consider implementing a two-step authentication method- using two of the three commonly available authentication techniques (knowledge-based, object-based and ID-based). For instance, using a password and a security token is a good defense mechanism, as it forces an attacker to steal both the password and the physical token to gain access.
5. The operating system and all applications should be kept up-to-date. By regularly updating the device’s operating system with the latest patches and other software fixes, attackers cannot take advantage of software flaws that would otherwise be utilized to facilitate a hack.
6. The teleworking policy must describe what security features must be installed and maintained on the computer. Anti-adware/anti-spyware software, antivirus software and firewalls are just some of best practice security features.
7. Employees should be trained on security procedures.
8. The policy should explain to whom the user will report in case of suspicious activity on the computer. Support personnel should be ready to advise employees on how to configure the computer and the employee’s home networks for utmost security.
In today’s work environment, teleworking is increasingly being discussed as organizations analyze remote workforce options. VPNs create new possibilities that allow people to work from home and connect seamlessly and securely to the organization for which they work. By taking the necessary defensive measures and enforcing a secure teleworking environment, security risks can be minimized.
If you are looking for a reliable teleworking solution, we recommend you to have a look at HOB RD VPN, the comprehensive Secure Remote Access Suite “Made in Germany”. When using HOB RD VPN, companies benefit from SSL-encrypted connections, modern authentication methods and a maximum of usability. More information on HOB RD VPN can be found on our website: www.hobsoft.com
Most companies are turning to virtual private networks (VPNs) to reduce costs and increase security and performance. By using a public network, VPNs can connect off-site users, such as teleworkers and remote workers, vendors, and customers, to a larger centralized network. A VPN is considered as important as the internet connection itself, therefore choosing the right VPN solution is essential.
There are several different VPN solutions in the market today, therefore extra caution must be taken to ensure that the best possible decision is made when choosing a business VPN solution.
The two main product categories are dedicated VPN hardware appliances, and software VPNs (also called server-based VPNs). In the case of software VPNs, the VPN endpoint is actually software running on the device itself, whereas a hardware VPN is a virtual private network based on a single, stand-alone device.
The following four key points highlight how software VPNs are superior to hardware VPNs:
VPN software is generally considered to be a relatively low-cost way to deploy a VPN; dedicated hardware VPN appliances are more expensive than a software VPN because, generally, the VPN software is installed on an existing device. This means there is virtually no other investment required apart from software upgrades.
- Easy Network Management
A further advantage to the software VPN approach is that the network does not change. No additional devices need to be installed, and management of the network remains the same. In contrast, a VPN appliance involves adding a new piece of equipment to the network, therefore increasing the complexity of the networking environment.
- Less Training
Another benefit is that generally, less training is required in the case of software VPNs. Conversely, in hardware VPNs, the IT staff would require more intensive training since the configuration and management tools will probably be different than the ones used on the corporate routers.
- Performance and Scalability
The performance factor is equally as important. The ability to expand the VPN to support more sites or users should not be underestimated when choosing a VPN. Pure software VPN solutions benefit from high scalability. This is not the case for a hardware VPN. If a company were to start with a VPN appliance designed to support 50 simultaneous VPN sessions, and later experience considerable increases in personnel, the VPN would need to accommodate more users. This would require scaling up the VPN will require the purchase of more appliances. Selecting a VPN that is not scalable can easily double the cost if or when the VPN capacity is outgrown.
When choosing a VPN, special attention should be paid to the merits of the various deployment models (SSL VPN vs. IPsec VPN). Modern, pure software SSL VPNs do not require the installation of specialized client software on the end user’s computer. This translates to high scalability and the ability to support many different platforms (such as Windows®, Mac, Linux/Unix), from virtually any device. SSL VPNs enable secure server-based computing environment with strong SSL encryption and strong authentication.
HOB RD VPN is a very performant software SSL-VPN solution, which was only recently certified by the German Federal Office for Information Security. If you are interested in VPN solutions, don’t hesitate to visit our website www.hobsoft.com and inform yourself about HOB software solutions “Made in Germany”.
In our earlier post on remote access technology, we discussed various aspects of VPN (virtual private network) technology. This article will further examine how VPNs offer staff and business partners a reliable and secure connection to highly-sensitive company resources using unsecure connections, such as the internet.
1. VPNs Play an Important Role in Mobile Workplace Strategy Deployment
VPN technology is a vital part of a mobile workplace strategy. VPNs allow an employee to gain access to the corporate network with the same speed and controls as their in-office counterparts. Modern VPNs are so reliable that a growing number of network managers are choosing to deploy VPNs even when the employee is in the office. This strategy is a reasonable approach if employees use their personal mobile devices on the company site. In this case, the access via VPN on site prevents viruses and other malware from compromising the company network, and can also prevent employees from establishing a second Internet connection whilst being connected to the company network (anti-split tunneling). These security measures help overcome the security risks so that employees can benefit from anywhere and anytime access.
2. VPN Connections Fail Frequently and Require Repeat Log-ins
VPNs offer high availability and single sign-on techniques to ensure that users can connect to a multitude of services by only entering their password once. VPNs present in the market resume automatically after a loss of connectivity rapidly and without the need of user intervention. Some VPNs also ease network roaming. For instance, an employee’s authenticated state may be kept during a brief loss of connectivity, or reinstated transparently via single sign-on. Furthermore, today’s solutions ensure that data are not lost in the case of a connection interruption.
3. Once an Employee has Remote Access, He or She Can Access the Company Resources Forever
Network managers can prohibit employees’ access to the company resources once employment is terminated. Modern VPNs facilitate this process by allowing central administration and configuration.
Furthermore, while the employees are working for the company, IT administrators can define roles and rights for each user – this also includes the possibility to completely deny access from an external site under a specific situation, such as in the case that an employee wants to access data from a public Internet café. This ensures that each user can only view and access the data he or she is intended to.
4. VPNs Management Policies are Difficult to Administer
To simplify administration, VPNs can use central policy managers and integrate with enterprise authentication servers and directories. Given the multiple access methods, endpoint security checkers and other policies, it is possible that policies may become cumbersome. It is up to the network administrator to use his or her authority sensibly to achieve the desired security level without rendering the VPN challenging to manage. Today’s VPNs are relatively simple to manage and give network managers various options that ensure that users gain only access to appropriate information.
Remote Access: The Future of the Workforce
Remote access technology has vastly improved since its inception, and organizations are increasingly deploying VPN technology, benefitting from enhanced security features whilst being user-friendly.
If you are looking for a performant and innovative remote access solution, we can recommend you our Remote Access Suite HOB RD VPN. HOB RD VPN is the comprehensive solution for remote access to your central data and applications, at any time and from anywhere, with almost any end device. As a pure software solution, HOB RD VPN is highly scalable and supports many different platforms.
Moreover, we would like to invite you to download our free e-book: Debunking Myths about Remote Access Technology. It contains useful information about the advantages of remote access solutions and showcases how you can benefit from implementing a remote access solution in your company.
In the mid-1990s, virtual private network (VPN) technology was introduced by Microsoft, such that a secure connection could be created between a computer and a remote server. Since then, remote access technology has evolved to meet modern-day demands and overcome the shortcomings of the early versions of VPNs.
Remote access technology securely connects employees, customers and even partners with the company’s sever using the internet and/or intranets, including local area networks (LANs), as well as wide area networks (WANs).
Although VPN technology is essential in providing comprehensive security, safety and flexibility to businesses, in particular those which opt for the management practice of BYOD (Bring Your Own Device) and/or work from home, some individuals and companies remain skeptical of this technology.
This article separates fact from fiction.
Fact or Fiction?
1.) VPNs do not affect the performance of the device
Modern remote access solutions do not require any software to be downloaded onto the device, thus it cannot affect the device’s performance. Essentially, the device does not need to be “known” on the company network, as the VPN parameters used to log in these devices are configurable by the IT team.
2.) SSL VPNs support web and browser applications only
Early SSL VPNs began as HTTP proxies, enabling user access to web applications through a VPN gateway using an ordinary browser. Today, VPNs offer a variety of access methods, ranging from thin-client SSL tunneling to clientless browser interfaces. Today’s high-quality VPNs also offer browser-launched thin clients which can support virtually any application by tunneling non-web protocols over SSL. Moreover, VPNs also enable users to access Windows Terminal Servers and applications residing there, and further resources, such as file servers, desktop PCs or the company’s intranet.
3.) VPNs only allow access to the organization’s data
Advanced VPN technology provides various services which help users maintain access to critical information. For instance, modern VPN technology includes remote VoIP capabilities, enabling employees to use the same work telephone number outside of the office.
4.) VPNs are different from other portals
VPNs can supply highly-personalized portal views that are a function of each user’s individual access rights. Today’s VPNs provide dynamic access portals, whereby network managers can define server access with application publishing in such a way that the user only sees his or her personal, customized portal.
Remote access technology has come a long way. In an era where businesses are concerned with security breaches and unauthorized data access, VPNs continue to offer a highly reliable, fast and consistent approach to securely access data and applications stored in the company’s network, anytime and anywhere.
Readers, what are your thoughts on remote access technology? Please share in the comments below.
If you would like to explore more benefits of remote access technologies and learn useful tips for VPN solutions, download our free e-book: Debunking Myths about Remote Access Technology
Author: Hazel Farrugia
In our previous post on IT security, we discussed four key findings from a data breach study conducted by Ponemon Institute. In this article, we will further discuss these four key findings and outline preventative measures to avoid security breaches.
Key Findings (Continued)
5. Cybercrime Costs Differ by Company Size, but Smaller Organizations Sustain a Significantly Higher Cost than Larger Organizations
While everyone is vulnerable to cyber-attacks, smaller organizations are more at risk. A common cyber-attack is the theft of sensitive data, and for a small organization, the loss of project files or customer databases can put them out of business.
Smaller companies (employees<20) should implement a VPN for secure connectivity anytime, anywhere. Due to their ease of use and versatility, SSL VPNs are well-suited for small companies allowing users to only access specific applications and services, and providing access to Web applications, Windows Terminal Servers and their applications or internal network connections.
6. Information Theft, Followed by the Costs Associated with Business Disruption, Represent the Highest External Costs
Annually, information loss and business disruption (or lost productivity) account for 43% and 36% of external costs, respectively. (In the context of this study, an external cost is one that is created by external factors, including fines, marketability of stolen intellectual properties and litigation)
Setting up strong network security is therefore crucial. Increasingly, more organizations are adopting SSL VPNs, which ensure a secure network connection through the use of encryption, single-sign on options, and firewalls.
In order to minimize costs associated with business disruption, it is imperative that all organizations have a contingency plan in place that outlines how to contain and recover from a substantial security breach. The IT staff must quickly solve the issue, hopefully restoring data from backup files, and returning systems to service without any significant downtime. Nonetheless, any downtime can be disastrous in the case of mission critical systems.
7. Recovery and Detection are the Most Costly Internal Activities
Combined, recovery and detection account for 49% of the total internal activity cost per year; cash outlays and labor account for most of these costs. This highlights the importance of back-ups. A data-backup policy is especially important if the organization has several laptops or other mobile devices that can be lost or stolen. To avoid data theft from loss or stolen mobile devices, no data should be downloaded to the device, but rather all data is completely and securely located in the central corporate network.
8. A Strong Security Policy Minimizes the Cost of Cyber Attacks
As expected, businesses that invest in a strong security policy and system are better off than their counterparts. This stresses the importance of a strong security policy, which provides the plan for the overall security program adopted by the organization.
As cybercriminals have become more sophisticated in their tactics, fighting cybercrime has become increasingly challenging for organizations worldwide. Although sustaining an organization’s security posture or compliance with standards, policies and regulations also comes at a cost, the benefits of strong security measures outweigh the plausible costs incurred by cyber-attacks.
Author: Hazel Farrugia
Recently, the sophistication of cyber-attacks has grown significantly. Cybercriminals are specializing and sharing intelligence so as to steal sensitive data and disrupt critical business functions. Consequently, the topic of cybercrime has been kept top of mind as the repercussions of a cyberattack are costly and potentially very damaging.
The study, 2013 Cost of Cyber Crime Study: United States, was conducted by the Ponemon Institute and sponsored by HP Enterprise Security Products.
1. Cybercrimes are Still Costly for Organizations
The average annual cost of cybercrime per organization was $11.6 million, an increase of 26% over the average cost reported in 2012. Considering this increase in cost, IT security should be a top priority for all organizations, as there is no single failsafe solution to protect against cybercrime.
2. All Industries are Susceptible to Cybercrime
The average annual cost of cybercrime appears to differ according to industry segment; organizations in financial services, defense, and energy and utilities experience markedly higher crime costs than organizations in retail, hospitality and consumer products. The organizations facing higher security threats are not only at risk for financial loss due to cyber-attack, but are also more vulnerable to phishing attacks that could compromise sensitive customer data such as credit card, bank account and social security numbers.
3. Denial of Service Attacks, Malicious Code and Web-based Attacks are the Most Costly Cybercrimes
These are responsible for more than 55% of all cybercrime costs to organizations. Denial of Service (DoS) is an attack which renders information or data unavailable to its intended recipients. Organizations using VPNs can mitigate such risks by configuring access control lists, a method of defining access rights according to user (such as a file directory or individual file).
Malicious code is a piece of executable code designed to harm a computer or its information, or prevent normal computer operations. Malicious code can come from various sources, such as the Internet, infected diskettes, files received via electronic mail, and worms that exploit several system vulnerabilities. It could also be introduced via a disgruntled insider, who has physical access to a computer or network.
A multilevel strategy is required to effectively defend against malicious code, including physical security, password management, product selection, configuration and maintenance, user awareness and education, up-to-date anti-virus software for servers, clients, and electronic mail and adequate system backups. Web-based attacks focus on an application itself, as application vulnerabilities could provide the means for malicious end users to breach a system's protection mechanisms. Generally, such attacks take advantage or gain access to private information or system resources. To mitigate Web-based attacks, firewalls, reverse proxies, and intrusion detection and prevention systems (IDPS) should be used, which actively monitor for attacks and attempt to block or change the environment, thus preventing further attacks from reaching the protected application or system.
4. Cyber-attacks Can Be Costly if Not Resolved Rapidly
The results show a direct and positive relationship between the time required to contain an attack and the organizational cost. The results also demonstrate that both the cost and the time taken to resolve an attack increased from the previous year. Failure to resolve the problem quickly leads to prolonged business disruption and gives competitors a distinct advantage.
The results of the study reveal that no one is immune cyber-attacks, which have the potential to inflict significant financial and reputational damage to the targeted organization. Stay tuned for Part 2 where we shall further discuss the findings of this data breach study and how organizations should protect themselves from becoming a victim of cyber-attacks.
Author: Hazel Farrugia
Remote access solutions are gaining prevalence as organizations are adopting the mobile workforce strategy, benefitting from increased productivity and reduced expenses. When evaluating and planning a VPN solution, it is essential to understand the security risks that are associated with this technology.
Top 3 Remote Access Security Concerns
In fall of 2013, HOB conducted a research survey on the state of remote access in the US. Over 200 CTOs and CIOs were polled, and findings revealed three main concerns regarding remote access security issues.
1. Hackers gaining access to the Network during Employee Remote Access Solutions
Hackers have succeeded in breaking through two-factor authentication and identifying and exploiting vulnerability in a Web application to access an enterprise’s network. Therefore, it is not surprising that 66% of the polled respondents are concerned with hackers gaining access to the network during employee remote access sessions.
Organizations should implement safe and reliable VPNs which provide an adequate level of security, without compromising performance.
2. Employees accessing the Network through their Personal Devices
Today, mobile devices such as smartphones, laptops and tablets have become an integral part of everyday life. As more organizations implement remote working policies, IT managers have less control over enterprise data from numerous devices. Furthermore, determining which devices are accessing which systems and data has become increasingly difficult.
The repercussions of data breaches resulting from lost or stolen devices can be severe. In addition, IT managers generally lose data access visibility when multiple personal, unmanaged devices are connecting to the network simultaneously.
This highlights the importance of a comprehensive mobile workforce security policy, which should also include who is responsible for device maintenance and support, and which security measures should be implemented.
3. Errors by the IT Team leaving the Network open to Intruders
Cyber-attacks are increasing in sophistication and frequency; the costs associated with cyber-attacks are not limited to monetary costs, but also encompass reputational loss and diminished competitive advantage. Security holes unintendedly created by the IT team may potentially lead to the exposure of sensitive enterprise data, financial fraud or even bankruptcy.
The results indicate that enterprises require new strategies in order to combat and prevent advanced cyber-attacks; IT teams should be wary of software and systems use and investigate any suspicious behaviors that are known to be associated with malicious activity.
As organizations make use of remote access to satisfy various business needs, securing the corporate network becomes priority. The findings of this study stress the importance of a robust mobile workforce strategy.
If you would like to learn about the state of remote access in the USA, please download our free eBook “The State of Remote Access in the US”.
Author: Hazel Farrugia
Controls are a mode of living. Whether it’s the workplace that requires a key fob or an identification badge, a password to log into the company network, or an access permission to use a copier, there are numerous controls/safeguards that we encounter during the normal course of our everyday lives.
Defining Control Activities
Control activities are actions taken to minimize risk. A risk is the probability of an event or action having adverse consequences on an organization, such as information assets that are not adequately safeguarded against loss.
Control activities occur throughout the organization and include diverse activities, including approvals, authorizations, verifications, reviews of operating performance, and security of assets.
Internal controls are a fundamental part of any organization’s financial and business policies and procedures. The advantages of internal controls are:
- Prevention of errors and irregularities; if these do occur, the inaccuracies will be detected in a timely method
- Protection of employees from being accused of misappropriations, errors or irregularities by clearly outlining responsibilities and tasks
IT controls are a subdivision of internal controls, and refer to policies, procedures and techniques on computer-based systems. IT controls are essential to protect assets, highly sensitive information and customers. IT controls support business management and governance; they also offer general and technical controls over IT infrastructures.
Subdivisions of IT Controls
Generally, IT controls are divided into two main categories:
1. General Controls
These apply to all system components, processes and data for a specific organization. General control activities are conducted within the IT organization or the technology they support, which can be applied to each system that the organization depends upon. These controls facilitate confidentiality, integrity and availability, contribute to the safeguarding of data, and promote regulatory compliance. General controls make safe reliance on IT systems possible. Examples of such controls include access controls (physical security and logical access) and business continuity controls (disaster recovery and back-up).
2. Application Controls
These controls are business process controls, and contribute to the efficiency of individual business processes or application systems. Examples of application controls include access authorization, which is essential for security of the corporate network. This prevents users from downloading illegal material or viruses, and may also block unproductive or inappropriate applications. Other examples of application controls include segregation of duties and concurrent update control.
Modern IT Solutions
Virtual private network (VPN) technology enables a secure connection to the organization’s data to be made over insecure connections, such as the Internet, and is essential to providing comprehensive security, safety and flexibility to businesses. Furthermore, advanced VPN technology offers several services which help users maintain access to critical information. VPNs facilitate the implementation of IT controls. For instance, VPNs provide dynamic access portals, whereby network managers can define server access with application publishing in such a way that the user only sees his or her personal, customized portal.
Control activities occur throughout the organization, and IT controls are fundamental to protect information assets and mitigate business risks. Deployment of a modern virtual private network (VPN) technology facilitates the implementation and management of IT controls.
If you would like to learn more about VPN technology, and review some helpful tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?