Bring Your Own Device: Questions to ask before you implement a BYOD Solution

Bring Your Own Device (BYOD) has been around for a few years now which means that there are more technologies and companies competing for the same business, and they will all promise to give you what you need. However, not all BYOD solutions are created equal. Following on from our previous blog posts 'The Evolution of BYOD' and 'The Benefits and Challenges of BYOD', we thought it would be useful to look at the questions you should be asking yourself when you are evaluating solutions for your business, taking into account the end user, management and IT Staff’s perspective which will all be very different. The End User From an end user’s point of view, they want to be able to work wherever they are, on whichever device they choose. They will want minimal disruption and if you put too many boundaries in their way, they will bypass the IT security systems altogether. Put simply – they just want to do their job and need the right tools to do so, so you need to ask the following questions: How simple is the BYOD solution to install and use? How much training is required? Does the BYOD solutions keep personal and corporate data completely separate on their device? What happens if a device is lost or stolen? Do you have a mobile policy? Management Management of a BYOD solution focuses on risk, compliance and the overall cost of the BYOD solution. You should ask yourself the following questions: How secure is each of the solutions you are considering and which ones keep personal and business data completely separate on the device? Who will be responsible for the overall management of your BYOD solution? What is the overall TCO (total cost of ownership) of each solution - taking into account the implementation, management, training and licensing costs? Do you have an appropriate expenses policy for staff using their personal phones for work purposes and are there any tax issues? How will you keep up with changing compliance laws such as GDPR? IT Staff Your IT department will be responsible for the implementation of your chosen solution, and also for the training and ongoing support of your mobile workforce. It is vital that the solution you choose does not take up all of your IT department's time or the TCO will be unfeasible. Ask yourself the following questions: How easy is the solution to roll-out to your workforce? How much ongoing support and maintenance will be required? How much training will be required? How do you manage each device? What happens when a device is lost or stolen, or a member of staff leaves your organisation? Can staff save corporate data from emails to their own personal device? These questions are all just a starting point to get you thinking. Whichever BYOD solution you choose, you need to make sure that it is right for your business, that it is highly secure and compliant, and that the TCO is not going to cost you the Earth. We have looked at all of the options available and we only offer one BYOD solution to our clients as it, in our opinion, is the only one that ticks all of the boxes. Please get in touch if you have any questions, or click on the button below to take a look at Soliton DME.

Read More

The Benefits and Challenges of BYOD

As discussed in our previous post, The Evolution of BYOD, Bring Your Own Device is an increasingly popular solution for companies which allows employees to work from their very own personal phone, tablet or laptop in any location. As with all security solutions, BYOD can bring about a significant number of benefits but it also comes with some challenges – and as data protection is rapidly evolving and GDPR regulations are looming, it’s critical that both of these are fully comprehended prior to its implementation. The Benefits of BYOD BYOD can really open a business up to a more relaxed and efficient workplace, that will benefit both the employee and the company. Employees can work from anywhere, on whichever device they choose which can greatly improve morale and efficiency, as well as cutting costs for the business.The benefits include: Increase in efficiency and productivity Cost Savings - decrease in hardware spend Employee satisfaction Technology familiarity Increased mobility and flexibility The Challenges of BYOD Taking on board BYOD, you will need to consider the following risks and the steps to take to address them appropriately. The main causes for concern focus around privacy and security. It’s vitally important to consider the consequences of employees using their own devices, and how your chosen BYOD solution deals with the following security issues: Lost or stolen devices Security risks in the employees hands Personal privacy risks in the employers hands Unauthorised access – employees leaving the company The separation of private and company data Is BYOD Right for Your Business? Obviously BYOD is not a one-size-fits-all solution, as every company varies in size and has different requirements. This is why it’s highly important for those responsible to evaluate and understand the problem at hand and then match it with a suitable solution. Our next blog will be focusing on the questions to ask when deciding on a BYOD solution for your business, but here's a few questions to think about for now: What are the security risks? How would you enforce a mobile policy? How would you manage the devices? In the mean time, please take a look at one option which is a fully containerised BYOD solution to keep corporate data completely separate from personal data.  This, in our opinion, is by far the best option for securely mobilising employees.

Read More

The Evolution of BYOD

Out with the Old: Increasingly, your users want to work from home or from remote locations; the need to be in the office from 9 – 5 is disappearing. Whether they’re traditional field sales staff who are used to working from the car or they're developers working remotely, the need to be sure that your users remain connected and secure is more important than it’s ever been. At the same time, the traditional "desktop PC" view of the world is also becoming a legacy system like all capital-intensive IT investment:  the difficult to maintain, falling behind the curve kind of technology that you’d love to get rid of but can’t quite bring yourself to throw away. In with the New The user's demand to use whatever is on trend, fresh or realistically more appropriate is loud and clear. With an abundance of screens - phone and tablet sized as well as laptops - in use by almost everyone, the need to manage and control these in a light touch manner is increasingly important. In reality what’s happening is that your users are either surreptitiously using their own devices, so called shadow IT, or demanding that they can use whatever technology they have at home or on the road. The use of personal phones, a Mac and more complex devices such as wi-fi access points in order to bypass the corporate lack of investment is now a real compliance and risk issue for many businesses. How to Manage User's Own Devices There are a number of device management strategies and tools to help you to manage your staff’s own devices if they are to be used for the company’s business. Most of these are designed to control the behaviour of the user and the device on the network, and to restrict the user's personal activity - which obviously can cause issues from the user's perspective. There are some tools that allow the use of a device in a mixed environment in a containerised approach. This completely separates corporate and personal data so the device can be used for both business and personal use, securely, without any restrictions. Soliton SecureContainer – DME 5.0 DME from Soliton is a prime example of the containerised approach to BYOD. It is a single app which allows the use of iOS or Android devices for corporate email, calendar and contacts in a way that keeps all the corporate data separate from the personal data on the device. DME makes it easy for the user to behave in a safe and secure way, and enjoy the benefits of having their own device safely integrated into their working environment.

Read More

New Soliton SecureContainer – DME 5.0

We are excited to introduce you to the newest Soliton SecureContainer – DME 5.0: One single app providing direct access to the daily office environment and applications regardless of time and location, online and offline. Soliton SecureContainer – DME 5.0 provides complete separation of business and personal data on a mobile device. The administrator only controls the secure container and NOT the private apps. The SecureContainer - DME 5.0 combines powerful features to secure mobile workers from data leakage: All business applications and data are kept within a 256-bit AES encrypted secure container The optional AppBox or Soliton SecureBrowser enables secure browsing on the Internet Administrators have total visibility and full control of the corporate, shared and personally owned mobile devices and they can manage the secure container or the MDM settings of the business owned device With Soliton SecureContainer – DME 5.0 organisations are prepared for the General Data Protection Regulation 2016/679. It lets companies be in control of their corporate data and business applications. If you want to learn more about the new SecureContainer - DME 5.0, please download the product sheet.

Read More

DME 4.6 HF 2 Hot Fix Server Release

For DME Server 4.6 installations, the Hotfix 2 is now available. It can be downloaded here. Instructions for applying the hotfix can be found in this PDF document. The hotfix solves this issues: DMES-9523 - Passwords with certain special characters are not working with connectors towards Exchange If any questions in relation to this release, please contact Soliton Systems Europe Support. For more information about bug fixes and enhancements in this release, see the release notes (login required). The DME Server Installers have been updated, so the hotfix is not necessary for new installations or upgrades.

Read More

DME 5.0 – A Sneak Preview!

DME 5.0 is due to be released this week. Here's a sneak preview of its new features! Want to know more? You can find out more about DME here, or please fill out the form below to get in touch.

Read More

Data Masking: Hiding Sensitive Data

Data Anonymization: Motivation and Mechanics Data is one of the most valuable assets a company has in its possession and if breached can have a very negative impact on the bottom line—in a company’s stock price, reputation, and brand. One approach to protect a large majority of an organization’s data is called data anonymization, which is variously known as data masking, obfuscation, pseudonymization, de-identification or scrambling. In this post, we’ll explain how copying production data—while a common and understandable business practice—increases risk, the advantages of using data anonymization (aka data masking) to protect data, and how to effectively mask sensitive data with the Imperva Camouflage data masking solution. Read the article.

Read More

Imperva Releases CounterBreach V2.0

The Insider Threat Imperva CounterBreach protects enterprise data stored in databases and file shares from theft and loss caused by malicious, careless and compromised users. CounterBreach 2.0 features a new algorithm that automatically places individuals and their cross-functional peers into "virtual" working groups based on interactions with enterprise files in order to identify unusual user access patterns. CounterBreach then analyzes user behavior and flags risky file access from unrelated individuals resulting in a dynamic approach to file security that allows employees to freely access data, yet saves IT teams time, enhances the security of file data and helps protect against insider threats.

Read More

How to Boost Search Engine Rankings and Win Customers

Search engine optimisation (SEO) is a large part of any organistion’s marketing efforts, reaching customers through search tools they use to look up information. But did you know that slow page loading speeds can have an effect on your SEO? In recent years, some marketers have tried using content delivery networks (CDNs) to boost search engine rankings. The theory is that by offering customers multiple servers through which to get information, they’ll be able to reach a wider range of customers. There is weight to this theory - but nine out of ten CDNs won’t help your page load times! Unless they also speed up your processing, they will do very little for your SEO. So, how do you boost your search engine rankings and win customers? Imperva Incapsula We've looked at many options and Imperva Incapsula stands out a mile for us. It provides a CDN which can reduce your processing time and improve your SEO, as well as providing a range of other benefits including web security, DDoS mitigation, content caching, application delivery, load balancing and failover. Before you launch your next marketing campaign, it’s important to learn as much as possible about Time To First Byte (TTFB) and the benefits of using the correct CDN. Try it FREE for 7 days! Read the infographic, then why not try Incapsula FREE for 7 days so you can see the benefits for yourself? Fill out the form below and we'll be in touch - your free trial can start with just a simple DNS change.

Read More

How To Maximise Website Performance

No matter how good your product/service is, if your website takes too long to load, customers will click away from it and you've lost a potential sale before you even had a chance. However, there is a very simple way to ensure that you don't lose sales due to a slow website. With Imperva Incapsula's Content Delivery Network (CDN), you can make any website safer, more reliable and faster than ever before. On average, websites using Incapsula CDN are 50% faster and consume up to 70% less bandwidth! Want to know more? Please get in touch using the form below to request the CDN datasheet or to try it for yourself for free.

Read More

How To Mitigate CryptoWall Attacks

In the latest Hacker Intelligence Initiative Report, The Secret Behind CryptoWall’s Success, Imperva peel back the layers of CryptoWall’s sophisticated ransom attacks to reveal how cyber thieves kidnap data and demand payment for its release. Read this report and their blog post to: Learn the shocking cost to get your data back Understand how these attacks work and where you’re vulnerable See why data monitoring is critical to detection and prevention

Read More

How to Detect and Stop Ransomware

Looking for a technical deep dive on how to detect and stop ransomware in its tracks? View this on-demand webinar product demonstration for an inside look at Imperva file security technology. During this session, we explore how to monitor user access to file shares in real-time. You will leave with a technical understanding of how our solutions can help you: Leverage deception based detection capabilities to identify ransomware Block costly attacks before it’s too late Ensure and demonstrate compliance with regulations, such as PCI, SOX, and HIPAA Protect your business data against Ransomware Prevent costly downtime from Ransomware Watch the 30 minute product demo hosted by security experts. Please note that this session is for a technical audience.

Read More

Protect Your Business Data Against Ransomware

40% of Businesses Get Hit by Ransomware. It Could Cost Your Business Millions. Cybercriminals are increasingly using ransomware to attack companies and organisations like yours, with expected losses for 2016 reaching £1 billion. In the Insider’s Guide to Defeating Ransomware: Protect Your Data at its Source, you’ll learn: Why ransomware attacks have increased 300% How ransomware can rapidly bring your business to a standstill What you need to do to protect your business data Read the eBook to see how you can stop ransomware in its tracks and prevent your business from being held hostage by cybercriminals.

Read More

How To Prevent Ransomware Attacks Like WannaCry

As I'm sure you are all aware, on Friday 12th May 2017, a large cyber attack was launched which has been described by Europol as unprecedented in scale. The attack is called WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) and is a ransomware program targeting the Microsoft Windows operating system. By yesterday, there were believed to be more than 200,000 victims in 150 countries. However, that figure is likely to grow as people switch on their computers on Monday if their IT has not been updated and their security systems patched over the weekend. What Should I Do? If you're lucky enough to have avoided the attack so far, don't be complacent. You should still follow the steps below to do everything you can to prevent an attack: Check you have installed the Microsoft patch as this addresses the vulnerability used by Wannacry Fully educate your staff so they will know the difference between legitimate emails and sophisticated phishing emails. E-mail attachments or links to dropbox are some of the most widely reported sources of this attack. How Can I Prevent a Phishing Attack? Even companies with the most secure systems can be left wide open to phishing attacks because, more than ever, users are becoming the weakest link in network security. Phishing emails are becoming more and more sophisticated and one simple click is all it takes to cause devastation. Can all of your staff spot the difference between a legitimate email and a phishing scam? Do you know how many of your corporate email addresses are exposed online? If you're unsure, there are tools you can use to find out. Email Exposure Check Are you aware that many of the email addresses of your organisation are exposed online and are easy to find for cyber criminals? With these addresses they can launch social engineering, spear phishing and ransomware attacks. Click on the image to the right to access a free email exposure check which will show you just how many of your employees’ email addresses are exposed online. Security Awareness Training It is pretty much impossible to prevent phishing emails from entering your network and some of them look so authentic. The only way to be sure that your business is fully protected is to educate your staff. You can get first-hand training from a man who was once the worlds most wanted hacker to train employees to understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering. Once your staff know how to spot a sophisticated phishing attack, your business data will be much safer. Does it Really Work? After a year of helping their customers train employees to manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks, KnowBe4 analysed the statistics. Looking at the simulated phishing attacks, the overall Phish-proneTM percentage (people who clicked on the KnowBe4 phishing emails) dropped from an average of 15.9% to an amazing 1.2% in just 12 months. The combination of web-based training and very regular simulated phishing attacks really works.You can find more information on available tools to help you prevent a phishing attack here. Alternatively, please fill in the form below if you would like more information or a free email exposure check.

Read More

Phishing for Money

The malicious email as a means with which to socially engineer an “attack” is undergoing something of a revival. Malicious emails are more targeted, at individual companies, probably company types, and in some cases specific individuals. Background information gleaned from social media and other publicly accessible sources is often used to seed these emails with familiar words, phrases or whole issues to lure the recipient into a false sense of security. A momentary lapse in concentration by one user in an organisation can have serious implications. One of our customers* recently had an incident which resulted in them having to roll back their financial system by 3 or 4 days. The restore was accomplished relatively easily, as they are like many organisations, running a VMware environment and take overnight snapshots of just about everything. The desktop clean up took a lot more resource and time, and they completely lost all of the effective work done on the finance and payroll system for the previous few days. One of our customers, (they don’t buy AV or email filtering from us) recently had an incident which resulted in them having to roll back their financial system by 3 or 4 days. Moral of the story It’s never a bad time to remind your staff about “Phishing Emails”. You may think it’s obvious when you get one but with the stresses of everyday office life that may not be so for everyone. Security Awareness Training Ecommnet have recently teamed with KnowBe4 to provide managed security awareness training for employees and other users specifically targeted at the use of email. Click here for more details. The anatomy of a phishing email Spoof Amazon Account Verification Email Spoof Apple iTunes Email   Attackers bypass technology so you need to educate your employees. KnowBe4 provides on-going, scheduled, simulated Phishing Security tests to keep employees on their toes and provides remedial on-line training if an employee falls for the simulated phishing attack.

Read More

Grab a Coffee – We know Online Security is boring but you need to read this!

In today’s post, I want to talk about computer secur – no, never mind; you’ve fallen asleep. Wake yourself up and read on. I'm not going to bore you with the technical details, I'm going to talk about why online security (stop yawning!) can be major hard work when it comes to selling & marketing the benefits to customers and the importance of having it in place. So before we begin, feel free to grab a coffee… or some matchsticksHaving published blogs and executed marketing campaigns on a variety of topics, we often find that when it comes to cyber security, we never get that same traction with our audience. There are plenty of variables to why this might be, but on the whole and despite its importance, we can agree that this isn’t necessarily the most interesting topic of conversation. Every year you will see a handful of news articles showing how some huge corporation has been hacked and held to ransom for simply not having the right solution in place to protect them. And only is it then – when it’s too late – that they decide they should act on it. And funnily enough, it’s at this point that other people, particularly those exterior to the organisation, show some interest – and mainly because somebody has dropped the ball – but still never act on it themselves. Why Do Companies Still Get Caught Out? But why is this the case anyway? Why do companies still get caught out with inadequate data protection? Let’s consider some reasons. They're Too Busy: They’re always too busy (no, seriously). And sure, we understand that - we’re all busy... but what if we focus on the fact that a lot of solutions these days can be deployed within minutes, taking up very little valuable time and run seamlessly in the background with minimal disruption. Protecting a business does not have to take up much time at all - and as most solutions now don't rely on hardware, it's even quicker and easier to do. Many business owners still believe that IT Security requires huge amounts of hardware and integration time - and that they just don't have time to do it. Trust us - the cost and time involved in not doing it is much greater! Lack of Understanding: We don't mean this as an insult. IT Security can be a complex and equally mind-numbing topic – especially with such an overwhelming amount of choice, filled with alien language and jargon. It could certainly be made a little simpler to understand for those of us who aren’t already familiar with this field. It Won't Happen To Me: Perhaps we can put it down to naivety. If you take the “it won’t happen to me” or “I’ll solve it when it happens” approach, you could not be more wrong. You could try to be; but would not be successful. You’re setting yourself up for disaster. With the above in mind, maybe it’s because people genuinely don’t care – at least not until they are victims. I’d like to think that people don’t drive around at night, doing 70+mph with no lights on, no seatbelts on and their brakes permanently disabled and expect nothing bad to happen. Apart from potential disfigurement/impending death, there’s really not a big difference between this and the topic at hand. Right - Now It's Time to Grab that Coffee So - we've talked about why so many people are turned off by IT security. Its a boring minefield of information to wade through when you have so many more interesting things to do. However - to put it simply - you absolutely must have measures in place to protect your business or you could literally lose everything. Instead of boring you with more facts and statistics (and stories of doom and gloom) - how about we just say that we can protect your websites, apps and business data from hacking and data theft within minutes. Simple. Done. You can go back to what you were doing. Many solutions these days are that simple to put in place. We can tell you all about the technical details and infrastructure that make them work if you really want to know - but more than likely you just want to know that your business data is safe. Take a look at some of the Online Security Solutions that we provide, or alternatively, if you'd like a jargon-free conversation with a member of our team, please get in touch.

Read More

Financial Services Webinar: Defend Against the Data Miner

Sophisticated Data Thieves Lurk Where You Least Suspect Data miners are sophisticated thieves that tap, explore, and drain your financial institution’s databases of valuable information. Whether in the office next door, or a thousand miles away, data miners steal your customer and account information and leave little trace. Watch the webinar, “Defend Against the Data Miner,” to discover: How behavior analysis and deception technology identify insider threats Why data activity monitoring provides comprehensive coverage Why a proactive approach with visibility can quickly stop data miners  

Read More

Don’t Be a Cyber Attack Statistic: Read the DDoS Trend Report

Did you know that at least 20 percent of all cyber attacks last more than five days? If one of your applications is attacked, you could be unable to access that software for up to eight days. Even worse, attacks on applications are likely to happen more than once. The Annual Global DDoS Threat Landscape Report includes information on: 2015-2016 DDoS attacks, including size, duration and frequency Botnets for hire, which allow anyone to pay for an attack against another party How the latest trends impact your own DDoS mitigation efforts Get Imperva's free Annual Global DDoS Threat Landscape Report now and start protecting your organisation. *Source: https://www.imperva.com/

Read More

Web Attack Survival Guide

Web attacks were the number one cause of data breaches in 2015. 63% of confirmed data breaches involved weak, default or stolen passwords, and a whopping 95% of confirmed web app breaches were financially motivated! It is vitally important that you understand the online threats that face your business – and what you can do to eradicate them.Imperva have put together a Web Attack Survival Guide to help you fully understand the threat landscape and the technologies you can use to safeguard your website from attack. It provides a step-by-step guide so your business can survive. Topics covered include: Understand the Threat Develop a Security Response Plan Locate and Assess Applications and Servers Strengthen Application, Network, and End-Point Security Controls Counter the Attack: Monitoring and Tuning Procedures When Under Attack Bring in the Experts: Optional Security Consulting Services Conduct a Post Mortem of the Attack Web attacks are on the increase so don’t be of the mindset that “it won’t happen to you” because everyone is a target. Act now. Understand the threats and protect your web assets before it’s too late!

Read More

Choosing a Web Application Firewall (WAF)

The Internet is a scary and dangerous place, or so the press keep telling us. There are stories almost every day of an online attack taking place and the consequent loss or exposure of customer data. When the very nature of what we do is to put our assets in the direct firing line of such attacks, by enabling literally everyone to connect to our web server, what else can you expect? But let's examine that last statement a bit further, “let everyone connect to our webserver”; is that really what we want to do? On the one hand the marketers encourage traffic to our web shop, it’s their job, surely we do want any and everyone to be able to connect? Well no, anyone and everyone is not what we want or need, we want legitimate traffic only, real users who are shoppers or browsers there to take proper advantage of the services you are offering, or real Google* bots there to help you get your site ranked and visible. (*there are other search engines available) What we don’t want is to allow the bad bots, the scrapers, the false search bots, the automatic bots that are scanning your site for vulnerabilities or the users who are testing your defences manually with hacking tools, picking at your locks. Of all the web traffic hitting your website, the proportion of welcome traffic compared with unwelcome is probably less than 50%!* Use a Web Application Firewall  (WAF) A WAF, such as the cloud service offering from Imperva called Incapsula combines a number of features to provide a complete outer layer of security for your web presence. Using a Web Application Firewall like Incapsula ensures that your website or application is always protected against any type of application layer hacking attempt. Choosing a Web Application Firewall There are many different web application firewall solutions to consider - all with different capabilities. We have looked at the solutions available and have tried out some of the alternatives, but our WAF of choice is definitely Incapsula by Imperva. Incapsula is the only WAF which has been positioned as a leader for the last three consecutive years in the Gartner Magic Quadrant for Web Application Firewalls. It has been independently validated as the market leader - and for good reason.Here are a few links to the independent reviews so you can make up your own mind: The Gartner Magic Quadrant for WAF has rated Imperva as the only Leader for three years running, 2014, 2015, and 2016 – Click Here Forrester’s 2015 Wave Report for DDoS Service Providers rates Imperva as having the industry’s strongest current offering – Click Here The 2016 ‘Top10Review’ of DDoS protection rates Imperva as #1, with a Gold Award - Click here

Read More