alt tag

Posts from October, 2017


Alternative Employee Device Security: Fingerprints, Facial Recognition, and Iris Scans, Oh My!

Tuesday, October 17th, 2017

So far, 2017 has been an eventful year for increasing access to password-alternative smartphone and laptop unlocking techniques. Notably, Samsung added Face unlocking to the Galaxy S8 line and Apple introduced Face ID on the iPhone X. Of particular note, facial recognition is a convenient alternative to the traditional password-entry methods because all a device owner needs to do is look at the screen to unlock the device.

Security or Convenience?

However, these password alternatives still require a master password, so they’re really less about increasing security and more about making it more convenient to sign into a device. Alternative unlocking methods greatly range in security potential, so it’s prudent for businesses to determine whether each meets reliability standards.

Face Scanning: The New Front-Runner

Face scanning, as its name implies, uses one or more cameras on the screen-side of the device to “scan” the user’s face to determine if the person is allowed to access the device. Unfortunately, face scanning isn’t off to a great start as users have found easy ways to trick the Samsung Galaxy Note 8’s facial recognition with a photograph of the owner. This is a pretty common problem with two-dimensional facial recognition technology.

However, three-dimensional scanning has a much better track record. The iPhone X uses depth scanning on its various tracking points so a photo won’t fool it. According to Apple, the chance two people will have matching Face IDs is one in a million. Depth-based scanning is also available on Windows 10 PCs equipped with an Intel RealSense 3D camera.

Iris Scanning

Iris scanning is a lot like facial recognition scanning except it uses just the eyes instead of the entire face. Found on phones going as far back as the Galaxy S6, Iris scanning has similar security strengths and weaknesses to facial recognition scanning.

However, Iris scanning isn’t as convenient because it requires a closer view, may not work as well in high-light conditions and can have issues with glasses.

Fingerprint

Fingerprint scanning has been available on smartphones since 2011 and much longer on laptop computers: it’s the established common alternative to a typed password. It’s reasonably convenient and offers satisfactory security: Apple argues their system has a 1 in 50,000 chance of two people have a matching print. These scanners are commonly used on phones via the “home” or “center” button, while newer phones like the Galaxy S8 sport a scanner on the back of the device.

However, fingerprint scanners have a reputation for being easily fooled. For example, someone could make a “key copy” of the owner’s fingerprint using a dental mold and Play-Doh. While it’s unlikely someone who steals a device through a crime-of-opportunity will be able to unlock the fingerprint, it is an issue for specifically targeted high-value employee devices.

If your business is looking to review its device security practices, the IT consulting experts at MPA Networks are ready to help. Contact us today!

Wireless Charging in the Workplace: iPhone Joins Android

Tuesday, October 10th, 2017

Wireless charging has the potential to make it easier for your employees keep their arsenal of devices running throughout the day with fewer of those pesky low battery warnings. Until recently, wireless charging hasn’t been as good at increasing productivity as it could be because one of the major device manufacturers has held out on supporting it. Apple has finally jumped on the wireless charging bandwagon with the iPhone 8 and iPhone X, which means that a number of devices in your workplace that support wireless charging will likely reach a point where it may be worth it considering investing in some wireless chargers.

A Standard Emerges

One of the biggest problems holding wireless charging back has been a lack of a consistent standard; while some devices work on just about any wireless charger, others are more selective. Now that Apple has chosen to support the Qi standard, the two largest smartphone manufacturers — the other being Samsung — share a supported charging standard for the first time ever. The shared standard means it is now a safe investment for your workplace to get a Qi wireless charging mat for the conference room with the confidence that most of your staff will be able to use it.

The Problems Wireless Addresses

Wireless charging has a few advantages over its wired counterpart:

  • Reduces Port Wear: Outside of dropping your device and cracking the glass, breaking the charging port is the next most common way to disable it. Wireless charging actually gives new life to a device with a broken charging port and reduces wear-and-tear damage on the charging port because it isn’t being used as often.
  • One Charger, Multiple Devices: As Business Insider points out; wireless charging pads can charge more than one device at a time. This means an employee can place their smartphone, smartwatch, tablet, and earphones on the same pad instead of needing four charging cables.
  • Freedom from Easy-to-break Cables: Unfortunately, all that bending and twisting catches up to USB and Lightning charging cables: they tend to break from everyday use. Wireless charging solves this problem by eliminating the entire component.

The Downside to Wireless Charging

While wireless charging is convenient, advances in fast charging technology have made wired charging incredibly quick. For example, the new iPhones can charge 50 percent in 30 minutes and the Samsung Galaxy S8 can go from 0 percent to 100 percent in 80 minutes over fast charge. In order for wireless charging to meet those speeds, both the charging mat and the devices need to share a fast wireless charging compatibility. Therefore, if an employee is in a pinch to recharge a device quickly, a wired connection will be the safer bet.

If your business is looking to find better ways to use technology in the workplace, the IT consulting experts at MPA Networks can help. Contact us today!

Equifax Breach: What does it teach us about IT security?

Tuesday, October 3rd, 2017

The 2017 Equifax hack is teaching a painful lesson about the necessity of businesses keeping up with software patches to avoid catastrophic damage. The hack, which resulted in potentially exposing the financial information necessary to steal a person’s identity for 143 million U.S. customers, could have been easily avoided if the company had applied a patch to fix the exploited software vulnerability. This event highlights the importance of patching software in IT security. Applying an update which takes relatively little time can make the difference between business as usual and potentially bankrupting your company.

What Happened?

According to CNN, Equifax failed to apply a software patch to a widely-used tool called Apache Struts, which the company uses for its online dispute portal. The patch in question addressed an established, known security exploit in the software. Running software without applying existing security patches is widely considered the number one biggest cybersecurity risk for both businesses and consumers because hackers know just where to hit.

Hackers took advantage of Equifax’s lack of speed in applying the patch and had a two-month window to break through the company’s online defenses and steal confidential information. The exact information the hackers stole from each customer varies but included items like Social Security numbers, driver’s license numbers, addresses, and birth dates — all of which could be used in identity theft.

Why Should My Business Care?

  • A hack can financially destroy your companyAccording to TechRepublic, Equifax is looking at a $20.2 billion price tag for repairing the hacking damage, which is a full $8.3 billion more than the company’s market valuation.
  • Lawsuits may follow: As of mid-September 2017, Equifax is facing 23 class action lawsuits over the hack. One of the lawsuits is seeking $70 billion in damages.
  • Executives may lose jobs: In the case of Equifax, a CIO and a CSO are retiring or otherwise leaving the company because of the security breach.

IT Security: Current Changes as a Solution

Unfortunately for those looking for a quick fix, the solution doesn’t come from the machines, but rather the people who use and maintain them. Major hacks like the one against Equifax are a reminder that businesses need to hold IT staff accountable for patching software: it’s not something done when convenient, but on a regular schedule or as soon as possible.

If your business doesn’t want to end up like Equifax, your IT staff should make patch implementation a priority. Making security a higher priority means paying closer attention to when your vendors and software providers issue updates. Your staff can ease the process by applying automatic patching whenever possible and picking a light workday to run regular updates on all machines.

The IT consulting experts at MPA Networks can help answer your questions about IT security and how to keep your business safe. Services like desktop support and management emphasize protecting your staff’s devices from security threats through regular patch maintenance. Contact us today!