Log4j2, also known as Log4Shell, is a vulnerability that exploits Apache Log4j – a free, open source software that provides logging functionality, debugging and other mundane functions most people don’t think about.
On December 10th, the National Institute of Standards and Technology (NIST) issued cyber security alert CVE-2021-44228 giving it a “10.0 Critical” severity rating. If exploited, bad actors can completely take over a server running Log4J, steal money, data, etc. via Remote Code Execution (RCE).
How Widespread is the Log4j Vulnerability?
Because of its reliability and flexibility, Log4j is used by thousands of websites and applications across the world. Companies like VMware, Microsoft, Cisco and others are evaluating various product sets to determine the extent of the exposure. One thing we do know, is the challenge is worldwide and it affects companies of all sizes.
A list of known Log4j related softwares has been published on Github to help identify where you may have vulnerabilities. Important to note is that the risk of exploitation applies to public devices and applications.
What is being done?
The Apache Software Foundation has issued patch revision 2.16 which disables some underlying code within Log4j 2 that allows exploitation. But with the widespread nature of the framework/applet it is not yet know how many systems, appliances, and software applications are affected.
ISG Technology is actively working with our vendors and partners to identify any potential exposure that may exist within our customer base. We are also scanning our systems and the customer systems which we manage to find and address Log4j vulnerabilities. If you have any questions, please reach out to your ISG representative or Contact Us to schedule a meeting.
What can you do to protect yourself?
Apply the Patch – The first thing to do is apply the Log4j patch if the application allows for it. Please note that most vendors/manufacturers will need to provide unique patches for their specific applications. And, just like any patch, this can cause downstream issues. So, make sure to check any connected systems to ensure they are fully operational after the patch.
Scan Your Systems – There are a handful of ways to scan your systems for this vulnerability. If you’d like help doing this, reach out to your ISG representative or Contact Us to schedule a meeting.
https://www.isgtech.com/wp-content/uploads/2021/07/shutterstock_1931787956-1.jpg301500sstrickler/wp-content/uploads/2018/02/isg-logo.pngsstrickler2021-12-15 18:26:452021-12-16 15:36:53Log4J - What it is. And What You Need to Know.
A firewall is an essential part of your cybersecurity. It serves an integral part in your organization’s defense against threats and cyber attacks.
A firewall protects many vulnerable programs on your systems. It forms one of the crucial layers in a company’s layered security strategy. If you want a layered security architecture, you need a stable firewall.
Besides the firewall, your layered security should also include the following;
Employee training and awareness
Web and email filtering
User access control
These elements constitute multi-layer cybersecurity. With these multiple security layers, your risk of a security breach is minimized.
What is a Firewall?
A firewall is a security firmware or software that forms a barrier between networks to allow and block certain traffic. It inspects traffic so that it can block threats that might harm your systems.
Firewalls are designed to authorize low-risk traffic that might not harm your network. If it detects harmful traffic, either from a virus or a hacker trying to gain entry, it blocks it immediately.
Just like a guard in your gates, a firewall prevents what’s coming in and going out. It uses pre-set commands to filter suspicious and unsecured sources. It guards traffic from a computer’s entry point.
Why is a Firewall Important?
It is vital to have a stable and reliable firewall in your company’s network. It plays a crucial role in protecting it from intruders. Ideally, it acts as a guard to your perimeter, performing the following tasks:
With businesses taking a digital approach, hacking activities continue to rise significantly. A firewall defends you from unauthorized connections, potentially from hackers. Firewalls have become an essential part of any company that wants to protect its data. It can deter a hacker from accessing your network entirely.
Monitoring Network Traffic
A firewall monitors traffic at all times to safeguard your network. Your IT team can rely on the information gained from continuous monitoring to create advanced security layers.
Since firewalls proactively keep your network safe, they promote brand reputation. Clients know they can trust your company with their data since all systems are secure and inaccessible by hackers. With a strong firewall, no data can be stolen whatsoever.
Different Types of Firewalls
There are multiple types of firewalls that help block malicious traffic, including proxy service, stateful inspection, and packet filtering. These firewalls limit network entry based on different criteria. Each has their own advantages and disadvantages, which is why firewall technology has produced something more well-rounded: next-generation firewalls.
A next-generation firewall (NGFW) combines all the strengths of past firewall technologies into one tool. This bundle of security measures includes elements such as:
Encrypted traffic inspection
Deep packet inspection
NGFWs are more advanced than traditional firewalls and help forge your cybersecurity. They move beyond port/protocol, blocking to a more advanced protection system.
The Benefits of an NGFW
A NGFW is a threat-focused approach that provides advanced risk detection. It’s the gold standard of firewall protection. If you have not implemented an NGFW, then you are doing your business a disservice.
Advanced Policy Control
Thanks to deep packet inspection, next-generation firewalls enable the use of internet applications that allow more productivity while blocking less desirable applications. Unlike the traditional firewalls that only allow or block traffic, NGFWs deny access to all applications considered insecure.
Content and User Identification
NGFWs monitor and scan content in real-time, so no data can leak. This includes filtering and files and threat identification. Also, these firewalls easily detect specific users responsible for traffic that poses threats.
Firewalls Reinforce a Layered Security Approach
Cybersecurty is crucial in today’s world. Threats are constantly evolving, and defenses must continuously improve to stay ahead.
Securing your network should be a top priority for all businesses. The best way to remain secure is to implement a layered approach to your cybersecurity.
At ISG Technology, we are committed to helping businesses improve their network security. Get in touch with us today to consult with our experts.
https://www.isgtech.com/wp-content/uploads/2020/12/bench-accounting-C3V88BOoRoM-unsplash.jpg8551280ISG Tech/wp-content/uploads/2018/02/isg-logo.pngISG Tech2020-12-15 10:30:002020-12-28 19:54:57The Role of Firewalls in Defending Your Data
As the owner or manager of a company, you entrust your team leaders to handle a number of important responsibilities to ensure smooth daily operations. One of those responsibilities should be cybersecurity. It’s essential to keep sensitive company data safe from hackers. Not only that, but viruses and malware still pose a very real threat. And today’s privacy laws and regulations demand that you be protective of customer data, as well.
If your team leaders are already aware of the threat cyber criminals pose, kudos to them. But are they as informed as they should be? And what’s more, how do you know the protection they have put in place is sufficient? Are your leaders fully aware of all the important cybersecurity facts they need to know to protect the business?
While technology has certainly facilitated the way we do business, it has also paved the way for hackers and digital thieves to take advantage of the vulnerabilities in your network. All that company data—data you rely on day in, day out to do business—is at risk. Here are a couple stats to help you understand the magnitude of the issue:
That’s why it’s important that company leaders stay well informed on a number of important cybersecurity facts. Equipped with this important knowledge, they can better combat and protect your data from the growing environment of cyberthreats.
This is one of the most important cybersecurity facts. Cybercriminals are pretty savvy individuals. They rely on the negligence and lack of knowledge of employees in a business to enable them to gain entry into the network or infect a computer.
Consider the damage a single employee can do. Is everyone in your office safe when browsing the internet and downloading files? Do your team leaders know how to avoid falling for spear phishing scams? Does everyone use secure passwords?
A basic education in keeping the company safe is critical, and that starts with your leadership team. Make sure they know these cybersecurity facts.
Cybersecurity fact #2:
Cybercriminals are always seeking to exploit loopholes in virus protection application
The latest version of that virus protection software you’ve installed might not stop a virus or malware developed the very next day. That’s because hackers can quickly find ways to breach virus protection software.
To combat this, software companies quickly and consistently release updates to combat new threats. But you often have to install these updates manually. In the interim, malware, spyware, or a virus could slip through.
Your IT department may take care of all relevant updates. But if policy requires the end-user to update their own machine, make sure your leaders under stand the importance of these updates.
Cybersecurity fact #3:
Offsite backups through the cloud can help protect your data
If you’ve become infected with malware, or worse yet, ransomware, then your data may become corrupted or even lost. Unless, of course, you have a backup.
But it’s possible that local backups are compromised, too. That’s why many companies utilize cloud computing and cloud-based data backup services, where data is backed up to a secure, off-site location.
While it may not change anything about how your team leaders do their day-to-day jobs, make sure they understand the importance of backups. A better understanding of the value of the data they work with will inevitably result in greater care to protect that data.
Cybersecurity fact #4:
The most common method that cyber criminals use is email
As mentioned above, employees can unknowingly click on a link in an email or download an attached file without realizing that they have just allowed malware or spyware to be installed on their system.
Team leaders must teach employees to be ever vigilant when visiting websites and downloading files, and especially when clicking on links in email. They must be taught to recognize the signs of a possible scam or fake website. No one should every download any files they aren’t 100% sure about.
Cybersecurity facts matter
Everyone in the organization needs to take cybersecurity very seriously, not just team leaders. But for many companies, a well-educated staff starts with fully-informed team leaders.
After all, it only takes one wrong click to invite a cybercriminal into your system.
https://www.isgtech.com/wp-content/uploads/2018/10/shutterstock_393635530.jpg266702wpengine/wp-content/uploads/2018/02/isg-logo.pngwpengine2018-10-18 16:34:512020-03-31 17:48:504 cybersecurity facts your company's leadership team should know
On January 31st, Cisco Systems disclosed a vulnerability allowing up to complete control of a device from the Internet, affecting Cisco ASA Software that is running on several Cisco products. The purpose of this blog post is to:
Help you understand the issue
Point you to trusted resources to explain it in more depth
Determine how you can protect yourself against it
Cisco Systems released an advisory and a patch for a vulnerability allowing up to complete control of a device from the Internet.
What You Should Do
Check the following systems for the webvpn configuration, and if enabled for external communications, the systems need the patch from Cisco.
This vulnerability affects Cisco ASA Software that is running on the following Cisco products:
3000 Series Industrial Security Appliance (ISA)
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Next-Generation Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
ASA 1000V Cloud Firewall
Adaptive Security Virtual Appliance (ASAv)
Firepower 2100 Series Security Appliance
Firepower 4110 Security Appliance
Firepower 9300 ASA Security Module
Firepower Threat Defense Software (FTD)
What ISG Is Doing
Currently, the ISG Data Centers are following our normal process for patching, with additional analysis for the critical configuration problems. Our service engineers are available to assist any customer with any Cisco product help in regards to this issue and any other issue.
Cybersecurity may be the biggest issue facing the enterprise. The costs of dealing with an attack are through the roof, and experts believe it's only going to get worse. The Official 2017 Annual Cybercrime Report from Cybersecurity Ventures predicted that by 2021, cybercrime would cost the worldwide economy around $6 trillion.
With so much money funneling into the criminal underground, it's easy to see why so many companies are terrified of a hack. To satisfy this urgent need for data safety, businesses have started to invest in highly-complex technologies aimed at catching digital incursions before they get out of hand. These systems are certainly necessary in this day an age, but many administrators mistakenly think they're the only way to secure information.
In fact, many hackers actually rely on a technique called social engineering. This approach is incredibly successful, mainly due to the fact that companies don't plan for it. To help officials stave off such an attack, let's explore exactly what social engineering is and what you can do to prevent it.
How does social engineering work?
Although the term is used to discuss a certain type of attack, social engineering actually encompasses a wide range of hacking techniques. That said, they basically all boil down to using human error to accomplish a goal.
For instance, a hacker may come to find that he needs login credentials to access a certain data set. One popular technique in such a situation involves the hacker calling the front desk to say that they've just been hired at the company. They could spin a sob story about not being able to gain access to a certain system and will plead for help. If this cybercriminal has the right charisma, he can pretty easily persuade someone into giving him exactly what he wants.
Another way hackers rely on social engineering is by physically breaking into a company's office. In the same scenario where the cybercriminal needs login credentials, he might put on a pair of overalls and say he's an electrician. If he can make it past the front desk, he might get lucky enough to find a person's username and password written on a sticky note on their computer. If he's not that fortunate, he could even install a keylogger on someone's machine that could give him the information he needs.
While these two scenarios aren't the only ways social engineering techniques are deployed, the point is that all of these attacks rely on unearned trust from your employees. People want to help those in need, and hackers use this desire to get what they want.
Companies just aren't prepared
Due to the fact that social engineering relies on good-hearted people just trying to be nice, there's a real chance that your company is at risk. This is especially true of employees who have to be helpful by nature of their position, such as receptionists and HR workers. However, this epidemic reaches just about every inch of most companies.
"Two-thirds of employees will give out information like their Social Security numbers."
A security company called Social-Engineer took a deep look into just how big of an issue this hacking technique is. They found that around 90 percent of employees will give up their names and email addresses without even confirming who's calling. That's certainly an issue, but the real problem is that around two-thirds of employees will give out information like their Social Security numbers. On top of that, Social-Engineer has a perfect record when it comes to physically breaking into an office, which shows just how vulnerable companies are.
How can you avoid an attack?
Clearly, a majority of companies are in serious risk of a breach due to social engineering. Thankfully, there are some steps administrators can take in order to lessen the chances of an employee making a grave error.
To begin, you'll want to hold a mandatory meeting for all employees about security. If possible, try to break up the courses by department so you can discuss specific needs with all the different professionals at your company.At these meetings, you'll need to discuss social engineering attacks like impersonation and phishing, as well as how to report these issues should one arise.
Finally, and perhaps most importantly, you'll want to lower the number of individuals who have access to admin privileges. The more people you have with access to every system, the larger your attack surface area.
https://www.isgtech.com/wp-content/uploads/2019/04/manufacturing-warehouse.jpg266702ISG Tech/wp-content/uploads/2018/02/isg-logo.pngISG Tech2018-01-16 15:35:502020-05-29 14:20:03Why should your company fear social engineering?
Cybersecurity has become one of the most important areas of study for the new millennium. With so much data being traded and stored in the digital landscape, it just makes sense for criminals to focus their energy on this new means of theft.
That said, the simple novelty of hacking in terms of human history means that companies are still trying learning and adapting to the new threats facing them. For example, the idea that a criminal could hold your information hostage would have seemed ludicrous a few years ago. Now, society is dealing with ransomware attacks like the 2017 “WannaCry” malware that experts have estimated cost the economy around $4 billion.
The world is changing rapidly, but this doesn’t mean your organization has to be left behind. The next year certainly holds surprises for the cybersecurity industry, but following these tips can help prepare your company for the worst of it.
1. Backup your data now
Data is at the heart of any company’s success. It’s simply impossible for organizations to function without information, which is why it’s so shocking that so many businesses don’t properly backup the data they create and collect.
To begin, not doing so is simply an accident waiting to happen, especially for small businesses. In fact, a study posted by Small Business Trends found that 58 percent of small organizations are not at all ready for a data loss event.
However, the truly frightening aspect of this is the fact that a robust backup system is often the best protection against a multitude of attacks. The best example of this is ransomware, which is where the hacker encrypts the data on a device or network and will only unlock it when paid a certain amount of money. What’s more, security firm SOPHOS stated that the increased market for ransomware kits on the dark web is going to lead to a rise in attacks in 2018.
Wiping the ransomware from a gadget without removing the data itself is next to impossible most of the time, which is why many experts recommend 3-2-1 backup. This process requires three copies of a piece of data where two are stored on different mediums – such as the cloud and a physical drive – and one must be kept offsite.
Those looking to boost their backup system should consider the Backup-as-a-Service model offered by ISG Technology. Our top-of-the-line system uses the cloud to implement robust backup, which allows you to utilize multiple mediums and store data offsite.
2. Discuss security with your employees
Although a lot of people think of high-tech solutions when it comes to cybersecurity, the fact of the matter is that a huge portion of successful hacks have to do with something called social engineering. This is where the cybercriminal uses pity, deceit and emotional manipulation to get what they want out of an employee.
“Just about every person is vulnerable to social engineering.”
Most people don’t know it, but just about every person is vulnerable to social engineering. In fact, experts at security firm Social-Engineer have found that around 90 percent of the employees they try to hack end up willingly giving up their names and email addresses without even confirming the identity of the person asking. But that’s not all. Around two-thirds of people will give their Social Security numbers, birthdays or employee identification numbers.
Clearly, this is a major attack vector and it makes sense that hackers would exploit it as much as they do. Therefore, it’s important to educate employees on the multitude of ways a cybercriminal could use their benevolence against the company.
To begin, employers must emphasize the importance of vigilance when it comes to email. Hackers love beginning their attacks through something called phishing, which is where they send messages to workers in the hopes that one of them will click a link or give up sensitive information. However, the real problem many companies are dealing with these days is spear phishing, which is where the hacker targets a specific person by using information about them to convince them the email is legitimate.
According to PhishMe, attacks of this nature rose about 55 percent in 2016. What’s more, around 91 percent of data breaches can be traced back to an original spear phishing email.
Therefore, it falls upon employers to convince employees of the importance of email security. This should certainly involve a company-wide meeting discussing the risks, but it’s also vital that administrators set up tests for workers to see if they’ll fall for such an attack. Hackers have been relentless with spear phishing and it looks like that will continue in 2018, so the best way to avoid such an issue is to stress email security now.
3. Keep an eye on mobile security
Mobile devices aren’t a luxury anymore. They’re a vital necessity for workers all over the world, and ignoring this fact could have enormous security ramifications. The Pew Research Center found that 77 percent of Americans owned smartphones in 2016, This is causing a lot of companies to understand the value of the bring-your-own-device trend, which allows employees to use their own gadgets for work-related purposes.
While BYOD is certainly a huge step forward, the fact that many organizations are ignoring it is extremely dangerous. Gartner found that around 37 percent of employees are currently using their own devices for work without the knowledge of their employers.
The ramification here is that a huge number of devices are accessing sensitive company information without any sort of uniform security system protecting them.
While the importance of security measures must be stressed to employees, ignoring BYOD is most likely doing your company more harm than good. Therefore, the new year is a great opportunity to reorganize how your business handles employee-owned devices.
The future may be uncertain, but that shouldn’t paralyze you. By taking the proper precautions and being prepared for whatever cybercriminals can throw at you, you can avoid the biggest mistakes and ensure the success of your firm.
https://www.isgtech.com/wp-content/uploads/2019/04/tight-rope.jpg266702ISG Tech/wp-content/uploads/2018/02/isg-logo.pngISG Tech2017-11-30 14:21:422020-05-29 14:20:043 Cybersecurity Tips For 2018
Just as quickly as new technologies are developed to secure the information your organization is responsible for, cybercriminals are discovering new ways to get in. And to do it, they’re exploiting one thing – trust.
When you put ISG Technology to work for you, you don’t just put industry leading security experts on your team, you put security at the top of your priority list. You put the concern that someone might be selling you a short-sighted solution to the wayside. You put trust back where it belongs – on your side.
Get Our Whitepaper: 5 Things You Probably Trust, and How They Affect The Security Of Your Business
https://www.isgtech.com/wp-content/uploads/2019/04/video-conferencing.jpg266702ISG Tech/wp-content/uploads/2018/02/isg-logo.pngISG Tech2017-10-20 12:49:092020-05-29 14:20:17Video: ISG Security - Put Trust On Your Side
The rate of innovation involved with modern technology is increasing with every year. Companies are working hard to constantly give new features to their clients, a sentiment that is especially true of Microsoft’s Office 365. This cloud-based productivity platform has exploded on the enterprise IT scene and is completely changing how and where employees complete tasks.
Despite having been on the market for nearly five years now, those who haven’t had the chance to work with Office 365 yet still don’t know much about it. In fact, there is a portion of this population that have formulated myths based on unfounded rumors and hearsay. We wholeheartedly believe that Office 365 is an incredibly beneficial tool, and we would hate to see a company miss out on it due to unsubstantiated claims.
Therefore, we’ve put together a list of myths about Office 365 that just aren’t true, and what the reality behind the situation actually is.
Myth #1: It’s not secure
No matter which sector your company works in, one of your most important areas of concern has to be cybersecurity. This is because a data breach could seriously affect how clients view your organization. A study from Centrify found that two-thirds of consumers living in the U.S. will stop their business relationship with an institution following a major hacking event. Clearly, staying on top of your firm’s security is of the utmost importance.
This is especially true when you’re talking about a platform like Office 365. This service handles so many pieces of important information that it makes sense for people to be worried about it’s ability to mitigate the risks of a cyberattack. However, the idea that Office 365 is inherently less secure than other options is completely false.
Microsoft has spent years refining and polishing the security features on Office 365, and it truly shows. This service has been built from the ground up with cybersecurity in mind, and businesses all over the world rely on Office 365 to keep their data safe. The company’s website even has a list of the most important features, which are:
Identity security: Ensuring that only the right employees have access to secure data is paramount. Therefore, Office 365 relies upon multi-factor authentication, which means you have to utilize multiple security credentials in order to log onto an account. This puts another obstacle between your company’s data and the hackers.
Data and app encryption: Encryption is by far the most important tool in the fight against cybercriminals. Office 365 utilizes this technology when information is moving between systems and when it’s stored on a particular device.
Responding to issues: Microsoft stated that Office follows the response tactics of the National Institute of Standards and Technology. This includes having a dedicated security team, detecting and analyzing threats, containing incidents and spearheading an investigation after everything’s said and done.
Clearly, there are too many security features baked in to Office 365 for it to be considered a vulnerable platform. Working with this tool means that your data has an added level of security that will help lower the chances of a data breach.
“One of the major selling points of Office 365 is that it clears up a lot of technical issues.”
Myth #2: It’s going to steal your job
One of the major selling points of Office 365 is that it clears up a lot of technical issues that other platforms present to company IT teams. While it is obviously a clear advantage, some workers see this as a threat to their current position. They see all the work that they put toward just keeping their current system running, and they think if they don’t have to do this maintenance then they’ll be out of a job.
While this comes from a very real place of self worth, this is once again a very false myth. Although Office 365 will streamline certain processes and eliminate the need to constantly put out fires, it won’t completely take away the need for a robust IT department. As a matter of fact, the truth is quite the opposite.
Office 365 gives you the opportunity to explore internal goals like never before. Due to the fact that you won’t have to waste time simply fixing what should already work, you can move on to opportunities to expand your current IT infrastructure. A deployment of this platform isn’t the death of the IT team; it gives your department new life.
Myth #3: Moving from a different platform is next to impossible
This is less of a specific Office 365 myth and more of a misconception for most newer technologies. Companies very often get comfortable with their current solution, and they start to imagine that making the move to another platform would just be more trouble than it’s worth. Of course, the multitude of benefits provided by Office 365 show that this just isn’t the case. Sticking with an older solution that doesn’t work properly just because you’re used to it doesn’t make any sense, and it could end up costing your company big in terms of productivity and effectiveness in dealing with client needs.
However, making the transition can lead to certain obstacles. But don’t worry, ISG Technology is here to help. Our staff members have quite a lot of experience dealing with moves to Office 365, and we can help make sure yours goes as smoothly as possible.
https://www.isgtech.com/wp-content/uploads/2019/04/tablet-server-technician.jpg266702wpengine/wp-content/uploads/2018/02/isg-logo.pngwpengine2016-11-16 10:00:482016-11-16 10:00:483 myths about Office 365 that just aren't true
Technology has advanced at an incredibly fast rate in the past few years. Innovations such as the computer that were once thought too expensive for personal use are in a vast majority of American homes, and the emergence of the smartphone has increased the internet’s reach even further.
It would seem that every day some new device or piece of software is making life easier for people, and while this may be good for the consumer, it poses a major risk for IT administrators. The in-office use of these kinds of technology is called shadow IT, and it’s causing some big problems for organizations all over the globe.
How is shadow IT formed?
“The issue at hand here has to do with an employee’s personal convenience.”
The issue at hand here has to do with an employee’s personal convenience. As a rule, shadow IT very often forms when a worker decides to go outside of the company-supported suite of software and hardware in order to use something he or she is more familiar with.
A good example of this would be an employee that gets fed up with a certain file storage/exchange system. They don’t know how to work this platform, so they decide to use a free service that they’ve relied on before.
While this may solve a convenience issue, this employee is now moving company information around utilizing a platform that isn’t supported by the internal IT team. This creates a gaping security vulnerability that a hacker could work to exploit.
An aspect that a lot of administrators don’t consider is that shadow IT doesn’t just pertain to software or digital platforms. As TechTarget contributor Margaret Rouse points out, hardware is also part of the equation.
Your employees have all kinds of personal devices that they use at home, and they bought them for good reasons. They have experience with this tech, and this can very easily translate to an increase in productivity.
In fact, the bring-your-own-device trend hinges on this exact principle. BYOD allows organizations to sidestep paying for new equipment by simply allowing workers to bring in their own gadgets. On top of that, staff members get the unique ability to complete daily responsibilities with the tech they know and love.
When done properly, this is a perfect example of a win-win scenario. However, a BYOD deployment must be implemented properly. The IT team needs to handle this transition to ensure that the devices in question are properly secured against hackers. Without some kind of security procedure on the books, companies could be looking at a data breach.
The problem is that employees very often don’t know about the risks involved here. Again, without any sort of maliciousness, they’re simply thinking of their own convenience and choose to bring in their own gadgets without clearing it with company officials. In fact, a survey from Gartner found that more than one-third of respondents were currently completing work-related tasks on personal devices without telling anyone about it.
This is huge because the average person simply does not take the time to properly secure their gadgets on their own, especially considering the high standards of data security many industries need.
A consumer affairs survey found that only 8 percent of average smartphone owners had software that would allow them to delete the information contained on their phone should it be stolen. While most people would worry about the photos and other irreplaceable memories in the event of a theft, a stolen smartphone can easily turn into a major data breach should the wrong person get their hands on the gadget.
Companies must take action
Clearly, shadow IT is no laughing matter, and organizations must take decisive action in order to mitigate the risks of a data breach. So, what would this look like?
First and foremost, set up a meeting with employees to explain the consequences of their actions. As stated, it’s not that these workers are actively trying to sabotage the company. Rather, they simply don’t understand that using a personal device or outside software could cause serious harm. These people simply need to be educated about what can happen when they step outside the approved systems.
Second, to attack unlicensed BYOD directly, administrators must come up with a plan. This could include banning these gadgets outright, but doing so is nearly impossible to enforce, and completely misses all of the advantages BYOD has to offer when done correctly. A better option may be to simply work with a vendor that knows how to implement a secure system to regulate these devices.
Finally, it might be important to figure out why employees were using outside tech to begin with. Are current solutions not doing what they’re supposed to? Do you need to implement training sessions? Would it be best to simply move on to a different platform? Answer these questions and you can work to find the root of the problem.
https://www.isgtech.com/wp-content/uploads/2019/04/smart-watch.jpg266702wpengine/wp-content/uploads/2018/02/isg-logo.pngwpengine2016-10-31 12:23:312016-10-31 12:23:31Shadow IT: What it is and how to mitigate it
When it comes to computers and technology, there is one thing at the forefront of everyone's minds these days: security. This idea is especially critical when talking about data centers, as digital, physical and structural security are all critical to operations.
There are a variety of different security concerns when it comes to data centers, from compliance requirements to building security to protections against the weather. Businesses need to make themselves aware of the security precautions taken by their data center service provider and carefully consider three areas of security before choosing a facility.
"Businesses need to carefully consider three areas of security when choosing a data center."
Physical Most people think digital security is the only concern when it comes to data centers, but if the power supply cuts out or a tornado tears the facility down, that can be even more debilitating than a data breach. Consider these physical aspects when choosing a data center:
A secure location: The site needs to be located a good distance away from company headquarters and out of the path of natural disasters like earthquakes, tornadoes and hurricanes.
Redundant utilities: A secure facility will employ two separate sources for critical utilities, being able to trace electricity back to two unique substations.
Controlled building access: Make sure the data center has security guards in place and a limited number of entry points into the building, as well as security cameras and gates to keep out unwanted visitors.
Digital While the physical considerations of a computing facility are very important to the overall security of the building, digital security precautions must also be taken in order to protect the files stored within.
Implement two factor authentication: Biometric identification is increasingly being used in data centers as a second layer of security to ensure only the appropriate people are handling certain information.
Encrypt data in motion: Encryption is a necessity when working within distributed computing environments where application workloads communicate across both private and public networks.
Meets multiple regulatory compliance requirements: Make sure any data center being utilized meets the necessary guidelines to be compliant with industry regulations for the sector you're operating in.
Structural Separate from physical and digital security measures, steps must be taken to build security into a data center's infrastructure to create a robust protection strategy and atmosphere of defense.
Anticipate changes to workloads: Enterprise applications are not static entities, but are instead workloads that move from one location to another and must be monitored as they go. Utilizing adaptive security measures allows workloads to move freely while enabling IT administrators to focus on other business-critical operations.
Future-proof application development: Make sure security solutions are deployed that can stay consistent across private and public cloud platforms so the same level of protection will be maintained no matter where the apps run.
Audit application interactions: Periodically take stock of the traffic flowing between the individual workloads that make up each application. This will provide enterprises with a comprehensive view of the interactions taking place, as well as any connection requests from outside entities that may be popping up.
https://www.isgtech.com/wp-content/uploads/2019/04/woman-airport-laptop.jpg266702wpengine/wp-content/uploads/2018/02/isg-logo.pngwpengine2015-06-05 16:58:462015-06-05 16:58:46There's more to data center security than you think