alt tag

Posts Tagged ‘Software Patch’


7 Ways to Keep Work Secure on Employee Personal Devices

Monday, May 14th, 2018

Technology improvements have made it easy for employees to get work done on their personal devices from anywhere. However, that freedom comes with additional security risks and requires extra diligence to keep data secure. Safeguarding information is a combined process of utilizing technology and educating staff. The following considerations will help your business keep work secure on employee personal devices.

1. Always Update/Patch Software

Hackers invest time trying to find new ways to bypass security or take advantage of personal apathy and laziness.

According to PC World, failing to install the latest patches and updates for software is the top security risk for both business and private use.

Hackers can look for known exploits that the software creator closed and use them against people who haven’t updated the software to close that security hole. Unlike with business-owned devices, your business really can’t force employees to install software that will prompt updates, so it becomes a matter of training.

2. Use Cloud Apps

Cloud applications for both computers and mobile devices offer some excellent security benefits for your business, especially when your employees access them on personal devices. Cloud apps shift much of the data security burden to the server side, which alleviates many of the security problems that could come from traditional apps run on employee devices. Cloud email is an excellent example of this because the server can handle scans for phishing, malware and other malicious attacks before the content ever makes it to the employee device. Cloud apps generally run the most current software versions, so your business won’t have to worry about employees running updates.

3. Encourage Strong Antivirus and Anti-Malware Practices on All Devices

While employees don’t need to use the same security software your business runs on their personal devices, they do still need quality security software. There are many free and low-cost security programs for personal users that provide excellent protection. Your IT staff can help make recommendations for employees on personal devices.

4. Train to Avoid Phishing Scams

While security software and cloud apps do a great job of catching phishing scams, some still might slip through. That’s why it’s important to train your employees in how to identify and avoid phishing scams.

5. Use Strong Passwords, Password Managers and 2-Step Verification

Employees should also keep their accounts secure by using sophisticated access credentials. This means using 2-step verification for all accounts and programs when possible and using password managers to protect their credentials. Employees should be trained in creating strong passwords in the event that more advanced security techniques don’t work.

6. Practice Public Wi-Fi Safety

In general, employees should avoid using public Wi-Fi when working with confidential information. If employees are going to do work on Wi-Fi outside of the home or workplace, they need to be trained in identifying fake access points and how to tell if a library, restaurant or other business’s network is secure.

7. Consider Using Remote Wipe or Lock Software

As a final effort, your business should encourage employees to install software that allows them to remote wipe or lock mobile devices and laptops they are going to use for work purposes. That way if someone steals that device, the damage will be limited to the financial loss of the hardware and not related to a data security breach.

The IT consulting experts at MPA Networks can help your business implement both software and training practices to help keep your data safe when employees use their personal devices for work. You can read our previous blog on tips for managing remote employees for even more information on keeping data safe. Contact us today to learn more.

Equifax Breach: What does it teach us about IT security?

Tuesday, October 3rd, 2017

The 2017 Equifax hack is teaching a painful lesson about the necessity of businesses keeping up with software patches for IT security and to avoid catastrophic damage. The hack, which resulted in potentially exposing the financial information necessary to steal a person’s identity for 143 million U.S. customers, could have been easily avoided if the company had applied a patch to fix the exploited software vulnerability. This event highlights the importance of patching software in IT security. Applying an update which takes relatively little time can make the difference between business as usual and potentially bankrupting your company.

What Happened?

According to CNN, Equifax failed to apply a software patch to a widely-used tool called Apache Struts, which the company uses for its online dispute portal. The patch in question addressed an established, known security exploit in the software. Running software without applying existing security patches is widely considered the number one biggest cybersecurity risk for both businesses and consumers because hackers know just where to hit.

Hackers took advantage of Equifax’s lack of speed in applying the patch and had a two-month window to break through the company’s online defenses and steal confidential information. The exact information the hackers stole from each customer varies but included items like Social Security numbers, driver’s license numbers, addresses, and birth dates — all of which could be used in identity theft.

Why Should My Business Care?

  • A hack can financially destroy your companyAccording to TechRepublic, Equifax is looking at a $20.2 billion price tag for repairing the hacking damage, which is a full $8.3 billion more than the company’s market valuation.
  • Lawsuits may follow: As of mid-September 2017, Equifax is facing 23 class action lawsuits over the hack. One of the lawsuits is seeking $70 billion in damages.
  • Executives may lose jobs: In the case of Equifax, a CIO and a CSO are retiring or otherwise leaving the company because of the security breach.

Patch Software for IT Security: Current Changes as a Solution

Unfortunately for those looking for a quick fix, the solution doesn’t come from the machines, but rather the people who use and maintain them. Major hacks like the one against Equifax are a reminder that businesses need to hold IT staff accountable for patching software: it’s not something done when convenient, but on a regular schedule or as soon as possible.

If your business doesn’t want to end up like Equifax, your IT staff should make patch implementation a priority. Making security a higher priority means paying closer attention to when your vendors and software providers issue updates. Your staff can ease the process by applying automatic patching whenever possible and picking a light workday to run regular updates on all machines.

The IT consulting experts at MPA Networks can help answer your questions about IT security and how to keep your business safe. Services like desktop support and management emphasize protecting your staff’s devices from security threats through regular patch maintenance. Contact us today! We work with businesses in San Francisco, and throughout the East Bay and South Bay.