Network Security – Why Security Awareness is Essential for Internal Threat Management?

Security awareness is often linked to anti-terrorism programs around the world but in the IT world we are referring to cybersecurity awareness. Many of you are already switching off, yawning and considering leaving this page but hang on a moment…

The subject may well have been harped on by management, consultants and IT teams and this instinctive reaction to tune out is down to poor implementation in the past. Advocates of security awareness are often condescending, are too technical or fail to link practical threat examples to real-world situations. Other failures include a lack of management buy-in. This “do as I say, not as I do” attitude has the opposite of the desired effect, no significant increase in security awareness and a growing employee resentment when management errors in this area are not penalized.

Be Aware of the Potential Threats

It’s not as simple as telling employees to stop clicking on links in emails and in social media, although this is part of it. Requests to reset passwords or requests to update online banking details are designed to gain logon info i.e. fishing for information. That’s why they call it phishing and there are many forms. Security awareness is not limited to computer usage but can extend to any form of social engineering – a term used to describe methods of hacking the user or company while avoiding technological countermeasures. Methods can include shoulder surfing (the ‘hacker’ simply gets required information by looking over an unsuspecting employee’s shoulder), dumpster diving (extracting printed documents from the rubbish bins outside) or indeed by gaining onsite network access (perhaps by joining employees who smoke outside and then entering the premises unobserved when they return). Employees who leave their phones or laptops unattended could unwittingly allow a hacker time to install a program that remains inactive until connected to the company network. There are many other examples of social engineering.

“Any security awareness training must include social engineering, as many of these threats do not require any IT or computer knowledge. The aim is the same, to gather information that can in turn be used to either hack the employees or the company network. For example, a discarded printout may contain names of senior employees that are then used to send convincing emails to all employees, perhaps requesting them to change their network logon credentials,” said Radosław Janowski, Product Manager.

Dispel the Myths

Hackers rarely have positive motives and are generally classed as cybercriminals, with their primary motives being either financial or disruptive. Ones that act on behalf of governments are after classified or proprietary data. Ethical hackers and security companies know their methods and produce countermeasures as new threats are identified.

Let’s start with some obvious facts that most industry experts agree on.

  1. Hackers will go after the easier targets and hacking the end user is a much easier prospect than hacking the technological barriers that are included in the modern network, whether it involves endpoint protection, AI-related analysis or any other security assets such as firewalls. In the same way, hackers will hack smaller companies as a means of eventually hacking their larger clients or suppliers. This means, YOUR COMPANY IS NOT TOO SMALL TO BE HACKED.
  2. Security awareness training takes take time and money and the potential benefits are sometimes ignored, especially by smaller companies.
  3. The age, sex or IT knowledge of the end user does not indicate an enhanced awareness of the potential threats or how they will be carried out. A BBC article focused on the on the results of a survey which indicated that British people aged 18-25 lacked cybersecurity awareness, using the same password for multiple services and sending sensitive data (including passport information) over email and messaging systems. detective inspector Mick Dodge, national cyber protect coordinator with the City of London police said: “Your email account is really a treasure trove of information that hackers won’t hesitate to exploit… You wouldn’t leave your door open for a burglar, so why give criminals an open invitation to your personal information?”
  4. Internal threats are much more difficult to handle than external ones, as most technological solutions are designed to block external network attacks.

As Przemysław Jarmużek, Technical Support Specialist at SMSEagle, pointed out: “Companies that ignore security awareness training are putting themselves at risk unnecessarily. Cost is not a barrier when free courses are available online. The inconvenience of losing an hour’s productivity each month is nothing compared to the time lost if data loss or network outage occurs. Not everyone is an IT expert and security awareness training must consider that. In addition, perhaps the most important aspect of security is that everyone who accesses the company network, whether on LAN or using Wi-Fi, needs to be aware of how hackers attack the user. In adopting a security-conscious culture, everyone at SMSEagle has mandatory awareness training and this includes senior management.”

In conclusion, if you take nothing else from this post, it is that security awareness is essential, a free course is available to all (I’m sure there are others) and that ongoing security awareness training is a must as new security threats are identified. It’s not necessary to spend hours per week on training. Instead make sure that all employees take the initial course for an hour or two then perhaps a half an hour each month will suffice, to advise everyone on new potential threats and to show the attempts that were made the previous month, even the common lottery winner alerts or other email scams. If you foster an “us vs. them” proactive attitude (against hackers) within your company, then every attack that is prevented will seem like a victory for all.

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

The Best Way for Finance Companies to Improve Wireless Network Security

As finance companies deploy Internet of Things (IoT) solutions, they must ensure that connections and critical data are secure.

As finance companies continue to update security technologies, and make use of all types of IoT) solutions, there are more opportunities for network security breaches.

These technologies are used for all types of things—from everything like finding optimal locations for new establishments, to personalizing offers for customers, to protecting their own internal data. The potential for network security failure lies everywhere.

Among the financial industry, banking malware is common. According to SecureList:

In 2017, the number of users that encountered Android banking malware decreased by almost 15% to 259,828 worldwide. Just three banking malware families accounted for attacks on the vast majority of users (over 70%).

As banks and financial technologies adopt more connected devices like sensors, Bluetooth low energy beacons, IP-connected cameras and more to their information technology (IT) environments, steps to secure those devices and their data need to be taken.

The best way to ensure financial institution network security is a mix of strong encryption, segmentation and a willingness to perform penetration testing and replace connected devices regularly.

Reduce Device Security Load with Network Segmentation

Network segmentation is the practice of isolation different IoT devices. Segmenting these devices reduces the risk that one breached device will be able to harm other devices that are a part of the network.

Marc Blackmer, Product Manager of Industry Solutions for Cisco was quoted in CDW talking about the benefits:

“Existing best practices, such as network segmentation, will help take some of the security load off of these devices.”

Once devices are segmented, IT departments need to ensure that there is strong encryption across the board to protect against a breach.

Encrypted Devices Need to Span Across the Board

The same security tools used for wireless networks needs to get carried over to devices.

Yariv Fishman, Head of Product Management for Vertical Solutions and IoT at Check Point Software Technologies, tells BizTech how to eliminate potential attacks:

“Establishing an encrypted virtual private network connection between a device and the network helps eliminate potential attacks, such as ‘Man in the Middle,’ that compromise the integrity and validity of the information provided from the device to the network and vice versa.”

The mobile threat is real—In Verizon’s “Mobile Security Index 2018” report, 25 percent of those surveyed who work in the financial services sector reported that they have experienced a mobile-related incident and 18 percent said it was a major one with lasting repercussions.

Strong encryption, coupled with the willingness to replace existing IoT devices with new, upgrades will enhance. security protections.

Penetration Testing for Mobile

Finally, it’s clear that the finance industry sees the potential threats that IoT and other wirelessly connected devices can bring.

The most important thing you can do is to identify malicious activity and identify vulnerabilities in IoT devices before a breach happens.

To do so, bring in penetration testers on a regular basis, and if you can’t afford to do that, conduct red team exercises with your staff. As technology advances, the opportunities are imments, but new devices need to be deployed securely to ensure a safe future for companies and their clients and customers.

Megan has been writing about enterprise technology, data, infosecurity and environmental technology for several years. Tweet her @MeganRoseM, or check out her blog: www.meganmorreale.com.

3 Ways Network Security is Changing as IT Departments Transform Digitally

Network security practices are familiar to most organizations as the policies and practices that protect your computer from cyber attacks.

Information Technology (IT) professionals and executives generally agree they’re necessary, but some of these practices are becoming outdated as organizations transform digitally.

Basically—it’s time to rethink the old school way.

Traditionally, you have public and private security—one reserved for use by employees at work, and the other for the public—and the tech has been the same for years.

It isn’t enough in the face of new digital technologies. Below are some tips from Chief Information Officers (CIOs) facing this changing landscape, with advice on how you can too.

You can’t just invest in protections for physical networks anymore—you need to protect your cloud.

As your infrastructure and your applications move to the cloud, so should your network security policies and practices. As organizations transform digitally, they rely less on physical networks and more on cloud services.

In fact, Research firm IDC estimates that nearly one third of the worldwide enterprise application market will be SaaS-based by 2018, driving annual SaaS revenue to $50.8 billion, from 22.6 billion in 2013.

Neil Thacker, European CIO of Netskope, told ComputerWeekly.com that the way to focus more on cloud security is to work in layers:

“The traditional seven-layer OSI model has…been replaced with three layers: identity, application and data. In summary, organizations must have better visibility into these three layers without necessarily prohibiting the use of services that businesses rely on.

“Cloud is not just the future, it’s how businesses work in the present day. Therefore, the security of these services and the data that resides in them must form part of a CISO’s principal strategy,” he adds.

Your identity, applications and data are all moving towards the cloud, if they’re not there already. Having protections in place for all three layers will greatly help reduce the risk of attack or breach from a third-party.

IT pros are taking a layered approach—they’re developing infrastructure as a service (IaaS).

As you approach network security in the cloud, you need to take into account that perimeter controls restrict the traffic that reaches your applications. This provides a lot of strength for an organization when they look at that traffic in layers.

Alex Ayers, Head of Application Security at Wolters Kluwer, also told ComputerWeekly.com that it’s particularly crucial for companies to develop IaaS:

“Supporting the architectural and technical controls is a security monitoring layer which, while often seen as an insurance policy, provides data that can be used to augment service health and performance indicators

“Through these different layers, our company is able to deploy, tune and replace discrete specialised technologies in response to changes in threats or business requirements.”

The adoption of IaaS is growing—according to Statista, IaaS’s share of the public cloud market in 2016 was 33.2%, and the number of installed cloud workloads for IaaS in 2018 was 50 million worldwide.

According to Ayers, the addition of these layers is a makes corporate network boundaries a thing of the past. They balance and corporate network, a host of SaaS products to run their business.

Finally, invest in more modern detection and response technologies.

The amount of time it takes you to react to a security breach today is critical. According to Geoff Belknap, CSO at Slack, investing more in modern detection and response technologies is one of the more important things you can do.

They’re not the only ones—Gartner reported last year that detection and response is top security priority for organizations of all kinds.

According to Belknap, Slack uses a suite of technologies like firewalls, network-based intrusion detection, and modern network and endpoint-based malware detection methods. They monitor at the kernel level to see how their services communicate, and of course to detect potential threats.

“We are also big believers in the beyondcorp/zero trust school of thought. We don’t assign any trust based on the source network that a given device’s request originates from,” Belknap said.

“We treat all our networks as untrusted. Instead we make device identifiers a key component of our security, which allows us to make more accurate decisions about access control and make more informed decisions about suspicious activity.”

Network security practices have been around for a long time, as as we continue to evolve digitally, the threats to our security will only evolve too. Preparing for this evolution with updated policies and practices is the first step in keeping your organization’s data safe.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

Megan has been writing about enterprise technology, data, infosecurity and environmental technology for several years. Tweet her @MeganRoseM, or check out her blog: www.meganmorreale.com.

What Every Disaster Recovery Plan Must Include

Business continuity (BC) and disaster recovery (DR) are not the same thing, although there are some common characteristics. A BC plan is designed to include all departments in a company, but a DR plan is often focused on restoring the IT infrastructure and related data.

“A disaster recovery plan is an essential IT function and if not in place could result in company bankruptcy or severe reputational damage when data cannot be restored”, Przemysław Jarmużek, technical support specialist at SMSEagle. The financial costs involved are just another factor, he added.

What elements of a disaster recovery plan cannot be omitted? What’s the purpose?

Few company owners are psychics but things like insurance and DR plans reduce company risk, providing a framework for companies that allows rapid recovery of data and/or replacement of key hardware/software components.

Know your Network

Your company network administrator must have more than a fair idea of the software and hardware that are currently part of your network. Therefore, an ongoing inventory list is essential, most of which can be achieved by using network monitoring and auditing tools. These will allow a comprehensive list of computers connected to your network and the software on each. Note that license management is another part of this inventory control process and additional hardware is also added where appropriate. This additional hardware could include multifunction printers, hubs or routers and anything else that is needed for network functionality. Consider this inventory as your shopping list when disaster strikes. It is also worth noting which items have a long lead time (servers, for example). Creating an inventory of spare parts is a good idea and could save the day when disaster strikes.

Know your Disasters

It is pointless to instil fear in company owners about impending disasters. They are as aware of the risks as we are. Each company will have its own risks. Many of these risks are directly linked to its location, whether extreme weather conditions, risks of flooding, forest fires or loss of essential services and equipment. These are the most obvious, but to lapse into management-speak briefly, why not think outside the box?

Even the Pentagon has used a hypothetical zombie apocalypse to test their response methods and maintain a working government under these conditions. Consider alien invasions and any other scenario that could conceivably or inconceivably shut down company operations. How long would it take to resume work if each scenario happened?

If your company can continue operating during a zombie apocalypse (when essential services are down) then yours is truly a robust DR plan.

Now What?

What actions will you take for each disaster type? Obviously, if there is a flood scenario, the aim is to protect equipment again water damage. Perhaps placing all equipment high above the floor is a solution but how high is necessary? Given that you have drafted a list of possible and impossible scenarios, make sure that your solutions to each one is well documented, logical and possible at short notice. Bite the bullet and purchase or modify the equipment necessary to protect your IT infrastructure.

Unfortunately, not all water damage is caused by flooding, perhaps a water tank leaks through the ceiling of your server room and casually destroys the server, firewall and 24-port hub before you can move the server rack. How long will it take you to restore the server and network? Do you have a spare server, firewall and hub? In this scenario, a company is caught unprepared, unaware that water is stored above their equipment. Know where all water is stored and dispersed throughout your building and avoid such problems.

From this simple example, you must focus on minimising risk in as many areas as possible.

Tactical Teams

When a disaster happens, the priority is to make sure that all employees are safe and to inform them of current events.  Once this task is completed, who leads the disaster response? When a disaster occurs, it is too late to leap into action, assigning responsibilities on the spot. Responsibilities and tactical team members must be assigned as part of the DR plan. In addition, if zombies eat your designated team leader, then the backup must take over. Define employee responsibilities and have backups in place in case they are delayed or incapacitated. This last item is perhaps the most important. However, to be most effective, any interruption in network service should generate an alert to multiple DR team members. This is often achieved by cost-effective (and self-powered) network monitoring devices that utilise a GSM/3G network to send SMS messages and emails as soon as network traffic stops.

In conclusion, while the above lists the key elements of any successful disaster recovery plan, it is also worth noting that an untested plan is less than useless. Test your DR plan during off-peak hours to ensure it will work when needed. Test how long it takes to restore all your data from backup. Such activities will ensure that if the worst happens, you and your company will emerge unscathed to resume your company operations.

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

Network Security and Business Agility Can Coexist

You’d be hard pressed to find any business leader that said they didn’t want to be agile. The ability to pivot quickly, make fast decisions and change course in the midst of a project is valuable today as the business landscape becomes more volatile.

The thing is, we’re also bombarded with news of security breaches, hacks and stories of people and businesses that have been robbed of sensitive information. This requires management, processes, policies—all of the things you’d probably say work against agility.

It doesn’t have to be this way, though—you can have both agility and security.

But how? It’s hard to imagine a word with both when cyber security issues are becoming so overwhelming. Network World’s 2017 State of the Network report cited data breaches and leaks as the top challenge for IT decision makers in businesses of all size. Part of the problem is understaffing the security operations centers (SOCs) themselves.

“Understaffed and under-skilled SOC teams depend on key individuals and manual processes to get their jobs done,” ESG’s Jon Oltsik wrote for CSO Online. “And when cyber security professionals detect something wrong, they don’t work well with the IT operations team to fix problems in an efficient manner.”

The problem today has roots from the internet’s beginnings.

One major problem—we’re using IP addressing to a greater extent than anyone ever imagined. The founders of the web didn’t expect us to use it to attack one another.

The problem lies in the workaround we’ve created for the IP address:

“Since it’s impossible to give every device its own unique IP address, the clever folks at networking companies came up with an assortment of workarounds, such as being able to NAT (network address translation) non-routable, private addresses,” Moreover, as industry analyst Zeus Kerravala wrote in Network World.

“And as we’ve added more dynamic environments, such as private and public cloud, defining policy based on addresses or ranges has become unsustainable.”

The Internet Engineering Task Force (IETF) has tried to solve this problem with a new standard to address the flaws in TCP and IP addressing. With this standard, the host identity protocol (HIP) separates endpoint identifiers from IP address locator roles and introduces a new namespace based on public keys from that endpoint.

The solution—you need an inherently agile network.

HIP is part of the solution to this problem, and can help you bring both business agility and security into your framework.

One solution—secure network overlays based on cryptographic namespace identities.

With this solution, end-to-end or peer-to-peer encrypted networking is now possible and can be done in as little as three steps, even for traditionally non-routable endpoints.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our

Megan has been writing about enterprise technology, data, infosecurity and environmental technology for several years. Tweet her @MeganRoseM, or check out her blog: www.meganmorreale.com.

5 Ways Predictive Analytics can Prevent Network Failures

The good news—you can put your crystal ball away. Preventing network failure doesn’t have to be a guessing game anymore. Predictive analytics can help you find these performance issues before they happen.

The ability to find and address network problems before they even begin affecting your operations is giving information technology (IT) professionals the freedom to focus on progressive projects as opposed to reactive ones.

„There is a growing need for networks to adapt to dynamic application demands as well as address dynamically to special events, seasonality and so on,” Diomedes Kastanis, head of technology and innovation for Ericsson told CIO.online.

„Although we have a lot of automation systems and rules to manage and operate networks, it still is not enough to cope with the intense changing environment and proactively adapt to changing demands.”

There’s a reason predictive analytics are so effective. We’re pinpointing five ways that they can help your IT department prevent network failures.

1) Incorporating AI in new technologies is paving the way for failure prevention.

Most of the current adoption of predictive analytics comes from updates to technologies that are already being used. Different security platforms, like endpoint technologies, include updates that leverage artificial intelligence (AI) or machine learning (ML).

It’s technologies like these that have led companies like Skymind to start to adopt the practice, but the technology still isn’t yet fully evolved—only 95 percent accuracy for them.

„In other words, to predict data for the next month, you need five months of historic data,” Gianluca Noya, digital network deployment and analytics lead at Accenture told Networks Asia.

Still, the advancements in computing power, security technology and network data are allowing IT departments to start to figure out how to take advantage of this resource—including anticipating capacity requirements.

2) IT departments can stop spending time analyzing capacity data.

To determine to future capacity of their networks, IT professionals spend time determining a benchmark metric, and continuing to measure against it for comparison. This takes time—staff will spend months trying to gather and project data for several month forecasts, only to find they have to start over when those months roll around.

Instead of spending those months analyzing traffic, services, device use and how employees are using them, predictive algorithms can crunch all of that data for you. Not only can it same time, but it can continuously learn as it does this, beyond what is capable with benchmarks that don’t move.

3) Quality of performance is taken into account.

Learning capabilities also come into effect when you’re trying to analyze quality of performance in the future. Based on past events, deep learning technology can be applied to forecast for the future.

„When you have a dataset that includes records of events you want to predict, you can train a deep neural network on that data,”Chris Nicholson, CEO of Skymind, an AI developer supporting the open source deep learning framework Deeplearning4j told CIO.

„When you can predict capacity problems accurately (for example), you can act pre-emptively to rebalance the load on your network and provision the network with more capacity.”

The more data you have, the better the technology can learn. While there are still some stopgaps here—like data that’s not clean or organized properly—when applied correctly, it can proactively secure your organization.

4) As AI technology learns, predictive analytics learn about attackers as well.

As attackers get smarter, supporting intrusion detection gets tougher, and organizations will soon require predictive analytics to stay ahead.

It’s effective because this technology learns about your system in a more complete way than any other human could. This means it knows what your ‘normal’ looks like, and recognizing anomalous behavior is easy.

This will become very important in industries like banking, where risk mitigation and detection of security breaches is so important. The cost of a security breach is immense—the more quickly you detect them, the less impact to your organization.

5) Predictive analytics will cost you less in the long run.

Network pricing structures can be complicated, but coupling your system with predictive analytics can not only help you save in the event of an attack, but can help you forecast for effectively—like network upgrades, new devices and staff.

The key to success with predictive analytics is to have data that the technology can learn from. A historical look at past problems is paramount to predicting security events in the future.

While this is not a ‘quick-fix’ solution, predictive analytics are a tool for CIOs to better prepare for the future and identify behavioral patterns across all of your systems.

Megan has been writing about enterprise technology, data, infosecurity and environmental technology for several years. Tweet her @MeganRoseM, or check out her blog: www.meganmorreale.com.

Network Monitoring — How SMS can Reduce Risk and Improve Response Time

As a network administrator, your role is a complex one but your primary task is to keep the network active and ensure that all users have smooth access to all network assets. You may have to conduct performance tests, hardware and software inventory audits (including virtual machines) and monitor areas from UPS battery status to current website connections. Configuration and maintenance take up more of your time. A variety of monitoring tasks are necessary and you perform all of them using a combination of enterprise solutions, third-party software and open source tools.

Where does SMS fit into this high-tech environment? In technology terms, SMS has been around a long time (since 1992) and many falsely believe that it is no longer of value today. This is not the case as the technology is still used in many practical applications, in emergency alert systems, in marketing and, of course, it also has valuable applications in network monitoring.

Network Downtime

Sometimes technology fails, an unfortunate fact of life, but true nonetheless. When your network goes down, your business will grind to a halt in most cases. A power outage, for example, will typically mean that all network communication will cease from that moment on. Uninterruptible power supplies (UPS’) may delay the inevitable for a few hours and generators will ensure local access continues. However, if the power loss is not confined to your building but instead a blackout affecting your neighbourhood, city or county, then you can assume your broadband connection has been lost.

If this occurs during office hours, when IT staff are onsite, then normal service will resume as soon as the power returns. However, what happens if the outage occurs outside office hours and you have an e-commerce store that relies on your servers and a high-speed broadband connection? You may have scheduled backups or support sites that have been interrupted. In such a setting, it is important that service is resumed quickly.

In most cases, you will be unaware of the outage until the start of the next working day. Can your company afford such a delay? Consider the financial and reputational impact of this downtime.

Citing a 2015 IHS report, Network Computing’s Joe Strangelli estimated “ a cost to North American companies of $700 billion a year for ICT outages. This includes lost employee productivity (78%), lost revenue (17%), and actual costs to fix the downtime issues (5%).”

Of the 400 mid to large U.S. companies surveyed, an average of five downtime incidents take place each year, with costs for each incident ranging from $1 million to $60 million.

Luckily, it is possible to eliminate some of the risk.

SMS Benefits

If your network goes down, response time is the most important factor as solving the problem quickly reduces downtime costs.  Sending an alert to your IT admin may seem an obvious solution but how is this achieved?

An SMS gateway is a way to build in some form of redundancy to your network alerts. If your network is down, a standard email or network alert will not work as… the network is not operational due to loss of power or loss of connection. An SMS gateway has its own power source, a SIM card to allow cellular network access and preconfigured alert messages. Once the gateway detects connectivity loss, it sends an SMS to the network administrator. It can also send emails if a 2G+ data connection is available. 2G is slow but functional. SMS is effective for several reasons – it works on all mobile networks (from GSM to 4G) and on all mobile phones.

In addition, the recipient is more likely to respond quickly to an SMS alert than any other form of electronic communication. Given the number of tweets, beeps, pings and other audio notifications on smartphones, it is surprising that SMS still retains top status in terms of response rates, but marketers confirm that SMS creates a genuine sense of urgency for each received message.

Therefore, your network administrator is sure to act quickly after receiving an SMS alert, and with any luck, can get your network operational as soon as possible.

Other considerations

Companies with SMS gateways in place can relax, secure in the knowledge that essential connections are monitored and that once inactive, an alert is sent out to the responsible parties.

However, alerts alone are not enough to ensure network uptime. As mentioned previously, technology will fail and a comprehensive inventory of spare parts is necessary to mimimise network downtime. Human error and cybersecurity threats are other issues that alerts will not solve–but IT and security awareness training for all employees will not only mitigate these threats but also reduce the risk of network downtime.

In conclusion, when network downtime occurs, you need a rapid response team. Given the cost of downtime to your company, it is worth ensuring your network administrator receives immediate alerts when the network fails. This not only makes financial sense but is a no-brainer for maximising business continuity and preventing reputational damage.

Michael O’Dwyer is a Hong Kong-based business and technology journalist, independent consultant and writer whose stories have appeared on Forbes.com, The Street, IBM’s Midsize Insider, HP’S Pulse of IT, Dell’s Tech Page One and other IT portals, typically covering areas where business and technology intersect. He writes for both US and UK audiences and acts as a technology and open source advocate. Twitter: @MJODWYERHK

How to Choose the Perfect SMS Gateway for Your Organization

The SMS Gateway that you select for your organization is important—it’s the portal that connects your team with other contacts mobily.

Your connection to mobile carriers like Verizon, AT&T, Sprint, Virgin, Bell and more is important and will make or break your success in the event of a connection loss.

Without the time, resources or desire to develop your own gateway, many information technology (IT) leaders are in the market for SMS mobile solutions. The right SMS gateway provider will help you move forward.

Connecting with the right provider can be tough. These three tips will help you choose the perfect SMS Gateway provider for your organization.

Choose a Provider with Good Coverage and Network Quality

The first step in choosing an SMS gateway provider will be to ensure that they’re providing you with the coverage you need. Some providers don’t have the ability to deliver to certain countries or mobile operators, and you’ll want to make sure you choose one that extends to your needs.

Some providers might not be able to guarantee of delivery—an SMS message could be routed to other gateways that are not controlled directly by the gateway providers themselves. In addition, some might not be able to reach mobile phone numbers that have been ported between operators.

If you have the opportunity, you’ll want to test a gateway provider’s network quality before you decide to choose them. Some may offer you a small amount of free messages for new users. If so, take advantage to ensure quality is adequate for your needs.

Choose a Service that Works when the Internet is Down

For some business, their SMS gateway is an essential part of communication and IT functionality. You want to be sure that you’re getting your SMS message, even if there are internet connectivity problems.

This happens when your SMS provider frees you of having to work with 3rd party vendors, and connects you directly to carriers. With SMSEagle, you are connected directly to the GSM network and can be controlled optionally by SNMP—meaning you’ll never have to worry about an SMS message coming through, no matter what internet connectivity problems you may be having.

Choose a Business Oriented Partner

While you’ll easily find a gateway service provider that will allow you to securely send SMS, some are better suited for managing your SMS communications.

Look for a SMS gateway provider that will work with you and your needs, providing the business functionality and support you’ll need to ensure your IT operations run smoothly.

Finally, when looking for a channel through which to send SMS communications, make sure you find a provider that provides you with the functionality you need without nickel and diming you. In some cases, many providers charge extra for the “bells and whistles” that should come with basic functionality. Choose a reliable provider with technology you know you can count on.

Consider SMSEagle as an SMS Gateway for your Organization

We are a powerful device for sending SMS messages for your organization—a reliable, cost-effective and secure solution that controls SMS alerts, notification and tokens for controlling your servers and services.

We guarantee the success of your SMS message regardless of internet connectivity, and send SMS directly to GSM network with SMSEagle SMS Hardware Gateway. We even monitor your network and send you alerts when your services are down.

With SMSEagle you get the whole package – a provider that knows and is compliant with the regulations and legislation pertinent to you, GSM/3G protocol, works when the internet is down, and is a business oriented provider.

For your SMS communications, who are you going to trust? Trust the provider that gives you everything you need, and provides you with secure, reliable SMS messaging at all times.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

Megan has been writing about enterprise technology, data, infosecurity and environmental technology for several years. Tweet her @MeganRoseM, or check out her blog: www.meganmorreale.com.

6 reasons why texting works better than app push notifications

There are plenty of people, perhaps even you, who believe that an app is the answer to every company’s communication challenges.

It’s true that apps are generally easy to find and install. Since more people are using mobile devices, some as a prime source of communication instead of a desktop or a laptop, an app isn’t a bad way to access information without visiting your device’s browser.

Plus, ‘push’ notifications from some apps make it easy to provide you the exact info you need rather than having to search it out.

However, there’s also another digital tool that’s even easier to work with: the text message.

Some have said that SMS has served its purpose and is past its prime, but texting continues to be a popular way of interacting. Here’s why:

  • You can respond. Push notifications are one-way messages sent to everyone who has signed up through an app. If you want to respond or have further questions, you must find contact info through your app or a company site, and then send an email, a voice mail or even a text. With texts you can always respond and even have a conversation.
  • Access to larger audiences. Not everyone who is a fan of a particular company or product will download its official app, or even has the right type of phone to do so. But just about everyone has text capabilities on their mobile devices. Businesses wanting to connect with more subscribers and potential customers can easily send texts rather than cultivating the smaller number of app subscribers.
  • Easy to create multiple lists and manage multiple campaigns. Companies that send out mass texts can use texting programs to segment different audiences, often by different topics, demographic info or interests. But with push notifications, every subscriber gets the same message, although every end-user can configure how they’re displayed.
  • Texting is inexpensive. Texting is one of the more affordable ways to contact customers. You may have to pay extra if you create MMS (multimedia messages with audio, video or photo attachments) or buy short codes, which are words and numbers customers can use to respond to you. In comparison, an app can be a significant financial investment for your company. Whether you’re building one from the ground up or a using a third-party, the process takes weeks or even months of design and testing time.
  • Easy sign-up. To subscribe to a business text list requires only one opt-in, where you inform the company that you want to start receiving their messages. Push notifications, on the other hand, require installing the app, customizing it to sign up for apps, and sometimes adding other security steps such as an authentication passcode.
  • Universal compatibility. Texting works worldwide, or at least anywhere you can access a mobile network. Apps may have certain restrictions or areas where notifications may not work.

Overall, app notifications make it easy to connect to mobile users. But in terms of person-to-person communication, texting still remains champion.

Joe Butler writes about personal finances and the modern retail experience. He loves the idea of mobile coupons, since he frequently forgets the paper ones at home. Google Plus profile

5 Security Experts on Why IT Leaders Need to Start Automating

Automation has been cited as the next big thing for IT leaders looking to secure their communications in all types of cloud environments—but leadership knows the challenges they face in doing so.

Answering to a Network World survey, 47% of respondents claim that it is difficult to monitor network behavior from end-to-end, and 41% say these security operations have difficulties that arise from cloud computing.

The main problem with not automating security operations is scalability and the difficulty in setting up these systems. But it’s necessary—it’s impossible to keep up with the increasing pace, limited cybersecurity, and network operations personnel, all while managing network security operations on a box-by-box, or CLI-by-CLI basis.

But don’t take our word for it. These five security experts have driven deep into the world of network security, and have their own reasons for passing along advice to IT leaders to start automating security processes today.

Security Experts and their Reasons for Encouraging IT Leaders to Automate

According to the Enterprise Security Group (ESG) 63% of networking and cybersecurity professionals working at enterprise organizations (more than 1,000 employees) believe network security operations is more difficult today than it was two years ago.

The bottom line – the main roadblock standing in the way of IT leaders and automated security process is difficulty. Here’s why you should take the plunge despite the challenges.

Jon Oltsik, ESG Senior Principal Analyst and Founder of the Firm’s Cybersecurity Service

Oltsik knows the scalability problems that security leadership faces, even though leadership knows the risk they’re taking without it. He cites a survey of 150 IT professionals, where 31% of respondents say automation is “critical” to address future IT initiatives, while 58% claim it is “very important” to address future IT initiatives.

Because of the recognition of its importance, the technology industry is listening – Companies like Cisco, Fortinet, Check Point, and more have all introduced solutions that will assist security network operations teams in automation and visibility of their networks. His advice to leadership is to adopt these technologies:

“Since relying on people and manual processes can’t scale or keep organizations secure, CISOs and network operations managers should assess where they are in the network security operations automation transition as soon as possible, making sure to look into their people, processes and technologies.

Once shortcomings and bottlenecks are discovered, large organizations should develop a plan to address these areas and institute network security operations automation projects, phasing in capabilities over the next few years.” Jon Oltsik

Stephanie Tayengco, SVP of Operations, Logicworks

Tayengco is a proponent for automation, but automation the right way in the face of risk. Her bottom line—you need to get rid of as much manual work as possible to stay secure.

According her, it’s important to automate infrastructure buildout first, continually check instances across the environment, fully automate deployments, include automated security monitoring in those deployments, and finally, prepare for the future of automation.

“Ninety-five percent of all security incidents involve human error, according to IBM’s 2014 Cyber Security Intelligence Index.

This year alone, enterprises will spend $8 billion on cyber security, but these initiatives are often useless in preventing an engineer from misconfiguring a firewall or forgetting to patch a security vulnerability on a new server. Manual work is risk, and manual security work is a disaster waiting to happen.” – Stephanie Tayengco

Gabby Nizri, CEO, Ayehu

Nizri is worried about the rising number of security breaches. According to the ISACA 2015 Global Cybersecurity Status Report, 781 publicized cyber security breaches resulted in 169 million personal records being exposed.

Well-known companies like BlueCross, Harvard and Target were involved, making it clear that even the most sophisticated and well-funded security departments aren’t safe. Even so, only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack. Because of this, Nizri urges you to automate.

“Simply put, IT personnel are no match for such intensive, sustained attacks. Not only are humans incapable of keeping up with the sheer volume of incoming threats, but their ability to make quick and highly-impactful decisions to manually address such an attack is equally inefficient.

This is why automation is becoming such a powerful and effective component of cyber security incident response. To combat the onslaught of incoming threats, organizations must employ an army of equivalent strength and sophistication.” – Gabby Nizri

Danelle Au, VP of Strategy and Marketing at SafeBreach

Automation isn’t all about just avoiding mistakes. Au cites instances where automation makes an IT department more agile, and improves processes such as application delivery.

For the private cloud environment, applications and desktops are being virtualized at an faster than ever before. According to Au, As the number of virtual machines (VMs) increases, automation and orchestration is no longer a “nice to have.”

“The ability to translate complex business and organization goals into a set of automated data center workflows is critical to not slowing down the application delivery process. It is also an essential part of making compliance and security requirements a lot easier to manage in a very dynamic environment.

To fully realize the promise of private clouds or software defined data centers (as VMware defines it), the traditional IT infrastructure — in particular network security — needs to transform into agile and adaptive end-to-end automated processes.” – Danielle Au

Brian Dye, VP of Intel Security Group

A recent ESG study noted that 46% of organizations said they have a “problematic shortage” of cybersecurity skills—up from 28% just a year ago. That means the development of these skills in IT personnel isn’t improving at a rate needed to keep up with threats.

One-third of those respondents said their biggest gap was with cloud security specialists. According to Dye, this is the reason security automation is important, as well for working with SDN technologies and responding to breaches.

“As organizations explore software defined networking (SDN), they see a need for more automation skills, as security policy must co-exist with the orchestration to fully exploit an SDN environment. These skills become especially important as virtualization expands beyond servers and into networks and storage.” – Brian Dye

Network security automation is important for many reasons – the risks associated with manual processes, adaptation to new technologies, the agility of the cloud, and the race to keep up the skills needed in personnel to use new emerging technologies.

Creating the proper mix of skillsets, automation and processes will provide IT leaders with the security confidence they need moving forward.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

Megan has been writing about enterprise technology, data, infosecurity and environmental technology for several years. Tweet her @MeganRoseM, or check out her blog: www.meganmorreale.com.