alt tag

Posts Tagged ‘BYOD’

Key Strategies to Boost IT Security in the Workplace

Wednesday, June 20th, 2018

Businesses have more to worry about than ever when it comes to dealing with new forms of cyber-attacks. The shift to a BYOD workplace adds even more challenges to protecting your digital assets. While hardware and software solutions continue to improve as a first line of defense against nefarious IT threats to your company, you can’t fix the human element with software patches.

Creating a workplace culture that takes IT security seriously on all levels is the best way a business can prepare its second line of defense against unpredictable and constantly changing attacks. Specifically, it’s essential to emphasize the importance of the human element in IT security. Here’s how.

Take Action: Develop and Implement an IT Security Culture Plan

Keeping an IT security-focused culture in your business requires constant care and work — you can’t just plant the idea and expect it to take hold. The process has to be ongoing with existing employees, but also needs to be ingrained into the hiring, training and employee exit processes. The mentality starts from the top, so C-level and IT staff should lead by example. Your business should develop a plan for staff that contains ongoing training and communication between security leaders and the rest of the staff.

Remember IT Security is Holistic

The responsibility for secure IT in the workplace belongs to everyone — not just the staff in leadership roles.

While employees that work with confidential data need to be the most vigilant about security, your security plan needs to emphasize that everyone is important. Holding regular training events for all staff and sending out newsletters related to current threats helps keep security on employees’ minds.

Keep everyone in the loop: Transparency and willingness to answer questions will go a long way.

Get Staff Excited

Creating rewards and recognition for your staff related to IT security can help keep the culture at the forefront of your business. Your business may find your staff responds well to gamification techniques for both training and real-world behavior. Take the time to notify staff when a breach occurs or let them know how your team thwarted an attempted breach when it happens. Also, recognize performers who prevent breaches, possibly with cash rewards. Public recognition can be a major motivator.

Pick Your Battles

If you ask too much of your staff your plan will fail. Your business should choose its battles wisely. At least when you’re starting your culture plan, aim for both the most important threats and the issues where staff can make a big difference with little effort.

  • If your workplace is big on BYOD, focus on encouraging employees to be responsible in keeping their devices secure. Employees will need to keep software updated to avoid malware exploits and may need to encrypt their devices to protect data.
  • Train your employees to always change the default credentials on a new piece of hardware or IoT device to combat DDoS. Hackers exploit the default settings to create botnets for attacks.
  • Train your staff to identify spear phishing attacks, which aim to steal credentials or information from an employee in a personalized attack.
  • Teach your staff to use two-step verification whenever possible to protect accounts. Educate employees about developing secure passwords for cases where more secure protection isn’t available.

If your Bay Area business is looking to improve its IT-security culture, the IT consulting experts at MPA can help. Contact us today.

The “Wearable Revolution”: Is Your Company Prepared?

Thursday, July 7th, 2016


It’s a fair bet that one of your employees has already shown off a trendy new wearable gadget around the office. What began with Bluetooth earpieces would branch off into smartwatches, smart glasses, wrist-worn fitness trackers, and even smart clothing (including a smart bra!) Research firm Gartner forecasts sales of over 274 million wearable technology products in 2016—soaring past 322 million by 2017.

New Technology = New Targets for Hackers

For better or worse, wearable devices are on their way to becoming part of everyday life—including the workplace. But while manufacturers race to pack every new gadget with interesting bells and whistles, hackers and cyber-crooks are looking for emerging security weaknesses to exploit.

What are the potential security risks with wearable devices?

No Password Protection. Many wearable devices on the market—including high-end fitness trackers with email and social media connectivity—access external networks and store data without the password/PIN protection, biometric authorization, or other user authentication we’ve come to expect on smartphones. If the device is physically lost or stolen, that data is virtually exposed to anyone.

Unencrypted Data. A lack of standard encryption is also an issue for many wearables—either unencrypted files stored locally on the device or unsecured wireless connections when synced with smartphones or other host devices (Bluetooth encryption is avoided as it often causes additional battery drain).

A Spy’s Dream? James Bond (circa the “Goldfinger” era) probably would have loved the miniaturized functions of a modern smartwatch—in particular its ability to record still images, video, and audio. But if that device is hijacked by a malicious hacker, it may become a mobile portal for industrial espionage, either stealing recordings or eavesdropping in real time.

But That’s Not All… If the above reasons weren’t enough to be wary of the influx of wearable devices, a 2015 study released by the University of Illinois revealed that monitoring the electronic motion sensors on a Samsung Gear smartwatch could determine words typed on a keyboard! Think about that before you write your next confidential email or memo.

Where Do Wearables Fit In to Your BYOD Policy?

While wearables are increasingly common on and off the job, they represent an undefined grey area for business IT security. Many operate on their own platforms and aren’t compatible with most MDM solutions designed to regulate smartphones and laptops. Permissible onsite use of wearable devices will need to be incorporated into your company’s formal BYOD policy, which we’ve recommended that our customers define in writing.

Are your employees’ wearable devices a potential “weakest link” in your security chain? For ideas and solutions, talk to us.

Are Your Smartphones Properly “Containerized”?

Tuesday, April 26th, 2016


Earlier today the cashier at the local drive-thru miskeyed the amount of cash I gave him into his register. Somewhat sheepishly, he asked if I had a smartphone so I could verify the correct amount of change. Fortunately, I never leave home without it.

In fact, how well could you function today without your smartphone? It’s more than a telephone, camera, or calculator. It’s really a miniaturized computer—with most of the capabilities of a desktop or laptop. For better or worse, it’s a device we’ve come to rely upon.

A Mobile World

The mobility of smartphones has likewise made them indispensable work tools. Once upon a time, professionals carried a company-issued “work phone” along with their personal cell phone.

But today, given a choice, most would rather access work-related data from a single device in their pockets. This creates unique issues, however:

  • How safe is confidential company data on an unsecured mobile device? If it’s lost or stolen, what are the consequences? And how many of the countless downloadable user apps stealthily require permission to access—or even modify—other properties of the phone?
  • By the same token, users are reluctant to link their company network with the same device they use for private activities—personal email, music, photos, or their online dating profile.

How many companies wrestle with defining security of their employees’ access between business and personal data via their smartphones? This is a very important facet of a comprehensive BYOD (bring-your-own-device) policyas we’ve already talked about.

Containerization = Safety and Privacy

The answer for smartphones revolves around what has been termed containerization—creating a virtual partition between business and personal applications within a single device. When switched to a containerized “business mode,” all inbound/outbound network traffic is automatically secured via supplemental authentication, advanced 240-bit encryption, and other measures which block out unauthorized apps—or malware.

If the phone is lost or stolen—or the employee leaves the company—network access from that device can be remotely severed in a flash. Meanwhile, the user can toggle their phone back into conventional Android or iOS smartphone mode, assuring their personal apps and files remain private and “unsnoopable” by Big Brother (or at least their boss).

Containerization is a fairly new buzzword in mobile security, but there’s already a slew of vendors hopping on the bandwagon and offering a wide range of turnkey products. Which options offer the right protection and the best bang-for-the-buck? As usual with IT decisions, finding the right solution can be daunting—but we have the expertise to help. To learn more about containerization and more of the latest developments in IT security, talk with us.

iPhone “Backdoor”? It Already Exists! Why Your Company Needs It

Tuesday, March 8th, 2016

iphone-926235_640February’s big story in the tech world was the conflict between Apple and the FBI over the creation of a “backdoor” to retrieve encrypted data on iPhones. The government is looking for any clue as to what—or, more specifically, who—motivated Syed Farook, along with his wife, to gun down his San Bernardino co-workers at an office party. Meanwhile, Apple CEO Tim Cook, along with other high-profile tech leaders, warn that the existence of such an “anti-encryption key” could become a slippery slope—ultimately threatening individual privacy as well as the security of all virtually-protected data, personal or business.

Apple steadfastly refuses to comply with the FBI’s court order, and the battle is likely to reach the Supreme Court. And if the Court’s pivotal ninth seat remains unfilled due to political gridlock, the whole issue could remain undecided for quite awhile.

Finding the Facts

In the midst of this landmark security vs. privacy brouhaha, one key fact of the case is being underreported: The iPhone 5c the FBI wants to unlock was Farook’s business phone, issued to him by the San Bernardino County Health Department. He destroyed his personal phone—which he most likely used to actually discuss the terror plot—before the couple’s fatal shootout with police.

How could this highly-vocal Apple-FBI standoff have been averted in the first place? By using an encryption backdoor that already exists—completely legal, and, for businesses, absolutely necessary: mobile device management (MDM) software.

MDM allows users to enjoy the same mobile productivity—apps, email, documents, file-sharing—that they’d expect from an onsite network, while enabling IT administrators to ensure every device remains compliant with company security standards (configuration settings, updated security patches, and limiting unauthorized use of the device).

More importantly in this case, MDM can, if necessary, bypass a security passcode to regain access to the company-issued device. Ironically, San Bernardino County had already contracted with an MDM vendor, but simply hadn’t gotten around to installing the software on mobile equipment in Farook’s department, due mainly to the lack of a formal MDM implementation policy.

Your MDM Solution? Choose Wisely

As mobile computing and BYOD become increasingly common in the modern workplace, MDM is essential for every company. You’ll find products from a slew of vendors, large and small, at competitive prices, but here are some key points to look for:

  • Ease-of-use (look for free trials of MDM products)
  • Full compatibility with both iOS and Android platforms
  • Functionality across multiple devices and wireless carriers
  • Seamless integration of all company-used apps (email, data, SaaS)
  • Pricing structure (per device or flat rate)

Choosing the right MDM solution—and effectively implementing it across your organization—is another IT challenge facing your company today. We can help.

Macs Are Here to Stay. How Well Are You Managing Them?

Wednesday, December 16th, 2015


Before you take your teenage kids to see the new Steve Jobs biopic, ask them what Jobs’ first successful product was. Don’t be surprised if they answer “the iPod”! For most of their generation, the original Macintosh is ancient history.

Today’s Mac computers don’t command prime Apple Store floor space dominated by trendy gadgets like iPhones and the Apple Watch. But decades after Microsoft was generally crowned victor of the landmark “Windows-Mac war,” Macs still hold a solid 17% share of the desktop computer market.

The powerful top-end Mac desktops are widely preferred by graphic designers and other “creatives,” while the sleek MacBook is a popular BYOD choice among users for whom the premium price tag is no big deal—from top executives on down.

Does Your IT Team “Speak Mac”?

While Apple devotees insist on sticking to Macs in their workplace wherever possible, many IT departments actually have a hard time managing them within their company networks—simply because they’re not Mac experts. Their day-to-day “comfort zone” revolves around Windows-based systems, from server-level architecture to standard software. The Macintosh operating system, Apple’s OS X, is a completely different language from Windows, requiring different skills and expertise. It’s literally a case of apples vs. oranges.

Mac Security: The Weakest Link?

In this age of relentless hacking and cybercrime, IT managers deploy every defense they can find, from anti-virus software to heavy-duty firewalls. But when they’re generally less familiar with Macs and OS X, how safe is the overall network?

A recent study released by identity management software maker Centrify uncovered some startling statistics regarding “unmanaged” Macs:

  • While 65% of Macs in the workplace regularly access “sensitive or regulated customer information,” only 35% utilized any type of data encryption methods—including simply activating the FileVault option which is built into OS X.
  • Over half have no software enforcing strong hack-resistant passwords.
  • 72% of Apple devices (Macs plus iPhones) used for work-related activities have no company-supplied device management software whatsoever.

At the same time, cyber-threats specifically targeting Mac OS X are on the rise.newly released report by security firm Bit9 + Carbon Black reveals that strains of OS X malware detected in 2015 have rocketed to five times the number recorded in the past five years combined. Meanwhile, Patrick Wardle, director of research at another security company, Synack, just delivered a widely publicized presentation at the Virus Bulletin 2015 conference in Prague detailing major vulnerabilities in Gatekeeper, OS X’s built-in frontline defense against trojans and other attacks. Once Gatekeeper is compromised, a Mac is a sitting duck for malicious hackers everywhere.

How many of your employees prefer Macs, and how do they affect the efficiency and security of your company network? Share your concerns with us here.

Mobile Security Exploits: Surviving the BYOD Environment

Thursday, November 19th, 2015


IT professionals are more concerned than ever about malicious software infections since smart mobile devices hit the mainstream. Many businesses have been relatively open to the idea of integrating smart devices into their workflow as a way to increase productivity. But news headlines have been quick to cover the many significant security exploits of the last few years. The most troubling part, perhaps, is the period of months or years that some of these security holes existed before anyone noticed.

BYOD, by nature, eliminates a level of control that IT departments are accustomed to having when protecting employee devices.

These devices often store saved passwords and even confidential company information—and, if compromised, can provoke an expensive disaster. Working with a managed service provider can help your business develop comprehensive best practices for mobile device security.


Android’s Stagefright is an example of an exploit affecting 900 million devices that can completely compromise security control. This particular hack uses Multimedia Messaging Service text messaging to upload malicious code and take over a device. A hacker that succeeds in controlling the device has access to everything on it—including confidential emails and financial accounts.

Google has put in the work to solve this issue, but it won’t do users any good unless they can install the patch. The three-tier Google to manufacturer to service provider patch approval and implementation process can delay updates for months.

You can confirm whether a specific device is vulnerable using one of the many Stagefright detector apps in the Play store, including this one by Lookout Mobile Security. If you find that your device is vulnerable to the hack, you can protect yourself by disabling MMS auto downloading in the Messaging app options. While it’s inconvenient to approve each MMS that comes through to your device, you can ignore messages from unrecognized numbers (which will make it very difficult to compromise the device).

Samsung SwiftKey

Samsung’s SwiftKey app implementation exploit also received substantial attention in the press over the 600 million vulnerable devices. This security hole allows a hacker to exploit the device update functionality within the SwiftKey app so they can upload custom firmware and take over. Samsung integrated the SwiftKey app into the phone’s software so it can’t be deleted to block the exploit. Samsung has updated their software to patch this hole—but, as with Stagefright, it is up to the carriers to push the update to impacted devices.

Fortunately, there’s an IT consulting tip that can minimize your exposure odds to the SwiftKey exploit: Do not update your device when connected to a public Wi-Fi network. The exploit actually requires that the hacker and the device be connected to the same compromised public Wi-Fi network to activate. Additionally, the device user would need to manually confirm that they want to apply the update for the hack to work, so simply refusing all updates while connected to public Wi-Fi at restaurants and stores will protect you.

iOS Exploits Exist

While Google’s Android operating system seems to take most of the heat for mobile device exploits, iOS devices don’t get off scot-free. In May 2015, hackers discovered a text message code that could be used to force iOS devices to crash and reboot when reading the message. Some devices were stuck in an annoying reboot loop. While not a security issue, this exploit could be a major productivity killer, rendering the device temporarily unusable. Apple was able to quickly patch this exploit, and updating the iOS device eliminated the issue.

Apple’s strict app approval process has done a fantastic job of keeping malware out of the App Store. However, in September 2015, hackers were able to sneak malware past the App Store approval process by supplying unsuspecting app developers with compromised code. Fortunately, Apple was able to identify and remove the affected apps before they became a widespread issue.

Working with an MSP is a great way to help protect your employees’ BYOD devices. In an ideal world, every device would be impervious to malicious attacks. But the next best option is to learn best practices to protect you from common attacks.

What You Don’t Know CAN Hurt You: The Dangers of Shadow IT

Friday, September 18th, 2015


Last spring, Hillary Clinton received a barrage of criticism after it was revealed that she used a private email server during her tenure as Secretary of State—seemingly at odds with government security protocols, if not federal laws. Clinton would go on to publicly dismiss the controversy, saying she simply preferred the convenience of carrying a single mobile device for her government and personal email accounts.

We’ll leave speculation about Clinton’s IT motives to other forums. But everyone can agree the Hillary email controversy is a perfect example of what is commonly termed shadow IT: employees and departments acquiring and using devices, software, or online services to solve a specific business need, without their IT department’s guidance, approval, or even knowledge.

BYOD Gone Bad

Think of shadow IT as the dark side of BYOD, which we discussed last time. With so much intuitive technology available to the consumer market (from mobile gadgets to Cloud-based apps), it’s easy for the not-so-tech-savvy to think they’ve stumbled upon an easier way to get their work done. The only problem is that when IT administrators are left “out of the loop,” unchecked shadow IT can open the door to multiple risks—from improper software licensing to network compatibility issues to an all-out security breach.

Can these vulnerabilities be avoided by simply imposing an arbitrary “no shadow IT” policy? Of course not.

The underlying cause of shadow IT is a rigid IT department which is reluctant to accept change. When employees are not offered better solutions, they’ll seek out their own.

Out of the Shadows

Shadow IT can be minimized when the IT team sheds its “watchdog” mentality in favor of a collaborative, win-win relationship with the rest of the company:

  • Address employees’ high-priority IT requests as soon as possible. Streamline evaluation/procurement processes to remove roadblocks to new solutions.
  • Keep an open mind to out-of-the-box ideas. Don’t shoot down a suggestion by replying, “We can’t do it that way… because that’s not the way we do it.”
  • Regularly share information about emerging security threats—and how to avoid them.
  • Reinforce the importance of following data compliance regulations, where applicable.
  • Stay ahead of the game by following the latest IT trends and suggesting cutting-edge solutions.
  • Stress the practicality of centralized IT operations as opposed to individuals “doing their own thing.”

Effective two-way communication is the ultimate defense against shadow IT. At MPA Networks, we’ve found that this proactive approach has worked wonders for customers who’ve felt bogged down by an unresponsive IT department. Employees are less inclined to look for outside solutions—and ultimately become more productive—when they feel they’re simply being listened to.

BYOD Is Here: Where’s Your Company Policy?

Friday, September 11th, 2015

Best IT blog on setting policies for bring your own device mobile usage by company employees.

Once upon a time, IT administrators offered company-issued hardware to employees based upon something akin to Henry Ford’s “Model T” approach: “You can have any equipment you want, as long as it’s whatever we have for you.”

In light of the mobile/Wi-Fi revolution over the past few years, times have changed. Many employees now prefer to rely upon their personal notebook, tablet, or smartphone to do business. In fact, some companies actually offer a stipend to employees to purchase their own mobile device—whether it means waiting in line to grab the latest generation of that trendy high-end gadget or choosing a cost-conscious off-the-shelf workhorse from a lesser-known brand.

This trend has been recognized as the “consumerization” of IT, or more informally as bring-your-own-device (BYOD).

The BYOD Advantage…

Allowing employees the option of bringing their own mobile devices to work offers several advantages:

  • The company bears less of the cost associated with purchasing new hardware, or letting unused surplus equipment take up space.
  • Employees who use their preferred personal devices—in the office or when telecommuting—experience higher overall productivity, while eliminating the redundancy of carrying both the “work” phone and personal phone.
  • Managers avoid that (usually awkward) experience of retrieving “company property” from an employee on their last day on the job.

…And the Drawbacks

With new mobile devices constantly entering the market (will the smartwatch catch on or fail?), BYOD is part of the modern workplace. But it opens a whole slew of legal grey areas, chiefly revolving around the privacy of employees’ personal content vs. the security of sensitive—if not legally protected—company data. Which work-related content created on an employee’s personal device belongs solely to the company? Companies of all sizes need a formal BYOD policy to tightly regulate the use of personal gadgets on the job.

A BYOD policy is unique to the needs of every company. Avoid “cookie-cutter” legal templates which became outdated yesterday. For your protection, craft a policy which clearly spells out key areas, including:

  • Which devices are permissible (laptops, tablets, smartphones)
  • Standardized anti-virus protection and other necessary security
  • Allowable/prohibited apps
  • Acceptable wireless connectivity (LAN, VPN, public Wi-Fi)
  • How/when/where mobile data is backed up
  • Which cloud applications are accessible (email, calendar, file sharing, and more)

Lastly, every personal mobile device can be lost or stolen at any time. No BYOD framework can be without a universal “kill switch” to immediately wipe company data from a device’s memory. There are several commercial apps available which will reliably do this.

BYOD in your company is inevitable. Embrace it, but protect yourself with a solid, comprehensive policy. Don’t know where to begin? We can help.

Handling Your Growing Network with IT Managed Services

Friday, October 31st, 2014


Small and medium-sized business (SMB) computer networks are more of a living project than a one-and-done IT expense. Network-focused IT managed services guides you through the possibilities and challenges presented by changes in personnel and office environments that can squeeze your bandwidth and negatively affect your team’s productivity. Working with a local managed services IT consulting firm facilitates your entire operation by providing experts who will handle the physical setup and configuration to handle your needs today. Moreover, IT managed service providers (MSPS) carry out network expansion procedures on a regular basis, while internal IT considers the job a special project that takes staff away from normal support work.

Any given network can handle only a finite quantity of devices and digital traffic. Consequently, as your business grows, so do your network requirements. Company expansion — i.e., adding new roles and even whole departments — is a good thing, but those new employees are going to use more of your network resources.

IT Managed Services Helps to Manage Device Growth

Network demands grow from adding devices as opposed to people. A new employee inevitably introduces more devices to the network — but existing employees are also using more devices than ever before. In the 90s, everyone had a single desktop (or laptop) computer connected to an Ethernet cable, but Wi-Fi has increased both mobility and flexibility (and devices are shrinking to more portable sizes). A lone wireless hotspot may need to handle traffic from computers, smartphones, and tablets for those employees who wish to participate in company-approved “Bring Your Own Device” (BYOD) policies.

In other words, a network with a capacity for 64 devices will be insufficient for 64 employees.

IT managed services can work proactively with your small business to anticipate growing demands, eliminating the need to respond reactively when the network becomes overloaded. Whether it’s bridging the network with a third Wi-Fi access point or adding an office wing subnet, a partnership between your business and an IT managed services company provides crucial visibility, foreseeing and addressing network growth needs before they cause trouble.

Planning Ahead

Unmanaged networks tend to grow out of momentary necessity instead of a dedicated, overarching plan for handling increasing traffic demand. So it’s no surprise that they are prone to performance, stability, and security issues down the road. An ad hoc approach to expanding your network, like daisy-chaining a new switch or Wi-Fi access point to the existing network to connect more devices within a single room, offers only a temporary fix. And it can backfire down the line when all the devices sharing that connection perform slowly, when one switch failure means no network access for the whole company, or when one virus-infected device contaminates the entire network due to poor confinement.

Alternatively, a carefully designed network allowing for easy expansion prevents the development of these and many similar problems. IT managed services specializes in handling the full lifecycle of your network, from initial design to security administration to hardware and software upgrades, allowing you to focus on what you do best: business.

When it comes to network expansion, preparation is key. IT managed services can not only solve your network problems, it can keep others at bay.