Bring Your Own Device (BYOD) — Security And Other Considerations For Stakeholders

Posted On 10 grudnia 2018 By Michael O’Dwyer In Technology @pl /  

Today’s employees are always connected, thanks to ubiquitous broadband and a wide range of portable devices, from smartphones, tablets and laptops to fitness trackers and a plethora of smart devices such as watches, cameras and GPS navigators. How necessary is this level of connection?

Cinemas and restaurants are no longer peaceful, with beeps, chimes, vibrations and other alerts notifying everyone in the vicinity that something else (generally of a trivial nature) has occurred in your vast network of contacts. It makes sense that social addicts want to spread this contagion to the workplace since not being connected can produce a sense of withdrawal not unlike that of those coming off hard drugs. We need someone to like that oh-so-interesting photo of last night’s chicken chow mein. We need someone to know how we feel at work… Or do we?

BYOD Motivated By Cost Savings?

Let’s look at the motives behind BYOD adoption for companies and device users. Visitors to your home quickly request access to your Wi-Fi as most are tied to a set data plan by their mobile carrier, with a monthly cap and corresponding rate per gigabyte of usage. Using Wi-Fi, device users can access broadband Internet and reduce data usage over 3G, 4G or 5G. Therefore, we can safely conclude that users want BYOD to save money on data charges by connecting to the company Wi-Fi.

Employers also want to save money, of course and by allowing employees to use their own devices, do not have to issue company-owned devices. Since it is likely that personal devices are of a higher spec than those purchased for business use, there are also possible productivity benefits.

In an ideal world, the story ends there, everyone involved saves money and lives happily ever after. Unfortunately, there are drawbacks for both parties, ultimately caused by data, user and device management requirements.

Can any company afford to provide Wi-Fi access without considering potential security risks to the network and the data residing on it? No, as every jurisdiction is likely to have regulations and mandatory requirements relating to data security, personally identifiable information (PII) or indeed e-discovery. Therefore, any cost savings in allowing BYOD are likely cancelled out by the management of BYOD devices.

Practical BYOD Issues

As a former network administrator, I appreciate the additional workload a BYOD program can place on the IT team (the team blamed when the network is breached or data is lost).

The problems with BYOD from a security perspective include but are not limited to:

  1. Permission management–to ensure secure access (by user, device or network credentials), a solution aimed at mobile device management (MDM) is best.
  2. Device Management–companies need to decide on the device types and manufacturers they will allow on the network. Additional requirements could relate to the device OS revision/version involved. To allow all mobile device access is a mistake as cheaper brands could use an earlier OS version with known vulnerabilities or apps that can exploit network connections.
  3. Security updates–if the device owner does not encrypt the device or install security updates then it is a weak point on your network.
  4. Viruses, malware and other threats–again, virus scanners and other security tools must have the latest updates to protect the device and, in turn, the company network.
  5. Employee exit procedures–When the owner of a BYOD device leaves the company, the device must be cleaned to remove company data in a secure manner. This can require admin access to the device, a problem for many device owners, who do not like being ‘spied on’.
  6. Lost or stolen devices–If a BYOD device is lost or stolen, there is a potential data loss/breach involved. For this reason, the remote wipe is a useful admin feature. Unfortunately, such control is often a problem for device owners (see (5)).

For employers considering BYOD, device admin is typically the single thorny issue. If a user does not want the company to administer the device (and I wouldn’t) then the company should not allow the device to connect to company Wi-Fi. End of story. If the same employee needs a company device for travel or remote work, then issue a company-owned device as the company can administer it as they desire.

In conclusion, I believe that constant connectivity is not needed, unless you are a volunteer firefighter or an on-call medical professional. For family emergencies, SMS is still an effective way to receive an urgent message. After all, employees can still use their mobile carriers for internet access if needed at work. From a company perspective, is it easier to only allow company-issues devices access to the network? It varies from company to company, but for the most part, when full administration of employee-owned devices is necessary, the resulting admin and security risks may not be worth it. There are also HR (if an employee uses the device on work tasks outside working hours, expect to compensate that employee) and legal considerations (under e-discovery, mobile devices are included, and data loss can result in substantial fines) in some jurisdictions. I recommend you identify all potential risks before embarking on a BYOD strategy. What do you think? Is the use of personal devices an issue in your company?

Read More

Network Security – Why Security Awareness is Essential for Internal Threat Management?

Posted On 6 sierpnia 2018 By Michael O’Dwyer In Articles @pl /  

Security awareness is often linked to anti-terrorism programs around the world but in the IT world we are referring to cybersecurity awareness. Many of you are already switching off, yawning and considering leaving this page but hang on a moment…

The subject may well have been harped on by management, consultants and IT teams and this instinctive reaction to tune out is down to poor implementation in the past. Advocates of security awareness are often condescending, are too technical or fail to link practical threat examples to real-world situations. Other failures include a lack of management buy-in. This “do as I say, not as I do” attitude has the opposite of the desired effect, no significant increase in security awareness and a growing employee resentment when management errors in this area are not penalized.

Be Aware of the Potential Threats

It’s not as simple as telling employees to stop clicking on links in emails and in social media, although this is part of it. Requests to reset passwords or requests to update online banking details are designed to gain logon info i.e. fishing for information. That’s why they call it phishing and there are many forms. Security awareness is not limited to computer usage but can extend to any form of social engineering – a term used to describe methods of hacking the user or company while avoiding technological countermeasures. Methods can include shoulder surfing (the ‘hacker’ simply gets required information by looking over an unsuspecting employee’s shoulder), dumpster diving (extracting printed documents from the rubbish bins outside) or indeed by gaining onsite network access (perhaps by joining employees who smoke outside and then entering the premises unobserved when they return). Employees who leave their phones or laptops unattended could unwittingly allow a hacker time to install a program that remains inactive until connected to the company network. There are many other examples of social engineering.

“Any security awareness training must include social engineering, as many of these threats do not require any IT or computer knowledge. The aim is the same, to gather information that can in turn be used to either hack the employees or the company network. For example, a discarded printout may contain names of senior employees that are then used to send convincing emails to all employees, perhaps requesting them to change their network logon credentials,” said Radosław Janowski, Product Manager.

Dispel the Myths

Hackers rarely have positive motives and are generally classed as cybercriminals, with their primary motives being either financial or disruptive. Ones that act on behalf of governments are after classified or proprietary data. Ethical hackers and security companies know their methods and produce countermeasures as new threats are identified.

Let’s start with some obvious facts that most industry experts agree on.

  1. Hackers will go after the easier targets and hacking the end user is a much easier prospect than hacking the technological barriers that are included in the modern network, whether it involves endpoint protection, AI-related analysis or any other security assets such as firewalls. In the same way, hackers will hack smaller companies as a means of eventually hacking their larger clients or suppliers. This means, YOUR COMPANY IS NOT TOO SMALL TO BE HACKED.
  2. Security awareness training takes take time and money and the potential benefits are sometimes ignored, especially by smaller companies.
  3. The age, sex or IT knowledge of the end user does not indicate an enhanced awareness of the potential threats or how they will be carried out. A BBC article focused on the on the results of a survey which indicated that British people aged 18-25 lacked cybersecurity awareness, using the same password for multiple services and sending sensitive data (including passport information) over email and messaging systems. detective inspector Mick Dodge, national cyber protect coordinator with the City of London police said: “Your email account is really a treasure trove of information that hackers won’t hesitate to exploit… You wouldn’t leave your door open for a burglar, so why give criminals an open invitation to your personal information?”
  4. Internal threats are much more difficult to handle than external ones, as most technological solutions are designed to block external network attacks.

As Przemysław Jarmużek, Technical Support Specialist at SMSEagle, pointed out: “Companies that ignore security awareness training are putting themselves at risk unnecessarily. Cost is not a barrier when free courses are available online. The inconvenience of losing an hour’s productivity each month is nothing compared to the time lost if data loss or network outage occurs. Not everyone is an IT expert and security awareness training must consider that. In addition, perhaps the most important aspect of security is that everyone who accesses the company network, whether on LAN or using Wi-Fi, needs to be aware of how hackers attack the user. In adopting a security-conscious culture, everyone at SMSEagle has mandatory awareness training and this includes senior management.”

In conclusion, if you take nothing else from this post, it is that security awareness is essential, a free course is available to all (I’m sure there are others) and that ongoing security awareness training is a must as new security threats are identified. It’s not necessary to spend hours per week on training. Instead make sure that all employees take the initial course for an hour or two then perhaps a half an hour each month will suffice, to advise everyone on new potential threats and to show the attempts that were made the previous month, even the common lottery winner alerts or other email scams. If you foster an “us vs. them” proactive attitude (against hackers) within your company, then every attack that is prevented will seem like a victory for all.

Read More

The Best Way for Finance Companies to Improve Wireless Network Security

Posted On 4 czerwca 2018 By Megan Morreale In Technology @pl /  

As finance companies deploy Internet of Things (IoT) solutions, they must ensure that connections and critical data are secure.

As finance companies continue to update security technologies, and make use of all types of IoT) solutions, there are more opportunities for network security breaches.

These technologies are used for all types of things—from everything like finding optimal locations for new establishments, to personalizing offers for customers, to protecting their own internal data. The potential for network security failure lies everywhere.

Among the financial industry, banking malware is common. According to SecureList:

In 2017, the number of users that encountered Android banking malware decreased by almost 15% to 259,828 worldwide. Just three banking malware families accounted for attacks on the vast majority of users (over 70%).

As banks and financial technologies adopt more connected devices like sensors, Bluetooth low energy beacons, IP-connected cameras and more to their information technology (IT) environments, steps to secure those devices and their data need to be taken.

The best way to ensure financial institution network security is a mix of strong encryption, segmentation and a willingness to perform penetration testing and replace connected devices regularly.

Reduce Device Security Load with Network Segmentation

Network segmentation is the practice of isolation different IoT devices. Segmenting these devices reduces the risk that one breached device will be able to harm other devices that are a part of the network.

Marc Blackmer, Product Manager of Industry Solutions for Cisco was quoted in CDW talking about the benefits:

“Existing best practices, such as network segmentation, will help take some of the security load off of these devices.”

Once devices are segmented, IT departments need to ensure that there is strong encryption across the board to protect against a breach.

Encrypted Devices Need to Span Across the Board

The same security tools used for wireless networks needs to get carried over to devices.

Yariv Fishman, Head of Product Management for Vertical Solutions and IoT at Check Point Software Technologies, tells BizTech how to eliminate potential attacks:

“Establishing an encrypted virtual private network connection between a device and the network helps eliminate potential attacks, such as ‘Man in the Middle,’ that compromise the integrity and validity of the information provided from the device to the network and vice versa.”

The mobile threat is real—In Verizon’s “Mobile Security Index 2018” report, 25 percent of those surveyed who work in the financial services sector reported that they have experienced a mobile-related incident and 18 percent said it was a major one with lasting repercussions.

Strong encryption, coupled with the willingness to replace existing IoT devices with new, upgrades will enhance. security protections.

Penetration Testing for Mobile

Finally, it’s clear that the finance industry sees the potential threats that IoT and other wirelessly connected devices can bring.

The most important thing you can do is to identify malicious activity and identify vulnerabilities in IoT devices before a breach happens.

To do so, bring in penetration testers on a regular basis, and if you can’t afford to do that, conduct red team exercises with your staff. As technology advances, the opportunities are imments, but new devices need to be deployed securely to ensure a safe future for companies and their clients and customers.

Read More

3 Ways Network Security is Changing as IT Departments Transform Digitally

Posted On 16 kwietnia 2018 By Megan Morreale In Technology @pl /  

Network security practices are familiar to most organizations as the policies and practices that protect your computer from cyber attacks.

Information Technology (IT) professionals and executives generally agree they’re necessary, but some of these practices are becoming outdated as organizations transform digitally.

Basically—it’s time to rethink the old school way.

Traditionally, you have public and private security—one reserved for use by employees at work, and the other for the public—and the tech has been the same for years.

It isn’t enough in the face of new digital technologies. Below are some tips from Chief Information Officers (CIOs) facing this changing landscape, with advice on how you can too.

You can’t just invest in protections for physical networks anymore—you need to protect your cloud.

As your infrastructure and your applications move to the cloud, so should your network security policies and practices. As organizations transform digitally, they rely less on physical networks and more on cloud services.

In fact, Research firm IDC estimates that nearly one third of the worldwide enterprise application market will be SaaS-based by 2018, driving annual SaaS revenue to $50.8 billion, from 22.6 billion in 2013.

Neil Thacker, European CIO of Netskope, told ComputerWeekly.com that the way to focus more on cloud security is to work in layers:

“The traditional seven-layer OSI model has…been replaced with three layers: identity, application and data. In summary, organizations must have better visibility into these three layers without necessarily prohibiting the use of services that businesses rely on.

“Cloud is not just the future, it’s how businesses work in the present day. Therefore, the security of these services and the data that resides in them must form part of a CISO’s principal strategy,” he adds.

Your identity, applications and data are all moving towards the cloud, if they’re not there already. Having protections in place for all three layers will greatly help reduce the risk of attack or breach from a third-party.

IT pros are taking a layered approach—they’re developing infrastructure as a service (IaaS).

As you approach network security in the cloud, you need to take into account that perimeter controls restrict the traffic that reaches your applications. This provides a lot of strength for an organization when they look at that traffic in layers.

Alex Ayers, Head of Application Security at Wolters Kluwer, also told ComputerWeekly.com that it’s particularly crucial for companies to develop IaaS:

“Supporting the architectural and technical controls is a security monitoring layer which, while often seen as an insurance policy, provides data that can be used to augment service health and performance indicators

“Through these different layers, our company is able to deploy, tune and replace discrete specialised technologies in response to changes in threats or business requirements.”

The adoption of IaaS is growing—according to Statista, IaaS’s share of the public cloud market in 2016 was 33.2%, and the number of installed cloud workloads for IaaS in 2018 was 50 million worldwide.

According to Ayers, the addition of these layers is a makes corporate network boundaries a thing of the past. They balance and corporate network, a host of SaaS products to run their business.

Finally, invest in more modern detection and response technologies.

The amount of time it takes you to react to a security breach today is critical. According to Geoff Belknap, CSO at Slack, investing more in modern detection and response technologies is one of the more important things you can do.

They’re not the only ones—Gartner reported last year that detection and response is top security priority for organizations of all kinds.

According to Belknap, Slack uses a suite of technologies like firewalls, network-based intrusion detection, and modern network and endpoint-based malware detection methods. They monitor at the kernel level to see how their services communicate, and of course to detect potential threats.

“We are also big believers in the beyondcorp/zero trust school of thought. We don’t assign any trust based on the source network that a given device’s request originates from,” Belknap said.

“We treat all our networks as untrusted. Instead we make device identifiers a key component of our security, which allows us to make more accurate decisions about access control and make more informed decisions about suspicious activity.”

Network security practices have been around for a long time, as as we continue to evolve digitally, the threats to our security will only evolve too. Preparing for this evolution with updated policies and practices is the first step in keeping your organization’s data safe.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

Read More

What Every Disaster Recovery Plan Must Include

Posted On 19 marca 2018 By Michael O’Dwyer In Articles @pl /  2

Business continuity (BC) and disaster recovery (DR) are not the same thing, although there are some common characteristics. A BC plan is designed to include all departments in a company, but a DR plan is often focused on restoring the IT infrastructure and related data.

“A disaster recovery plan is an essential IT function and if not in place could result in company bankruptcy or severe reputational damage when data cannot be restored”, Przemysław Jarmużek, technical support specialist at SMSEagle. The financial costs involved are just another factor, he added.

What elements of a disaster recovery plan cannot be omitted? What’s the purpose?

Few company owners are psychics but things like insurance and DR plans reduce company risk, providing a framework for companies that allows rapid recovery of data and/or replacement of key hardware/software components.

Know your Network

Your company network administrator must have more than a fair idea of the software and hardware that are currently part of your network. Therefore, an ongoing inventory list is essential, most of which can be achieved by using network monitoring and auditing tools. These will allow a comprehensive list of computers connected to your network and the software on each. Note that license management is another part of this inventory control process and additional hardware is also added where appropriate. This additional hardware could include multifunction printers, hubs or routers and anything else that is needed for network functionality. Consider this inventory as your shopping list when disaster strikes. It is also worth noting which items have a long lead time (servers, for example). Creating an inventory of spare parts is a good idea and could save the day when disaster strikes.

Know your Disasters

It is pointless to instil fear in company owners about impending disasters. They are as aware of the risks as we are. Each company will have its own risks. Many of these risks are directly linked to its location, whether extreme weather conditions, risks of flooding, forest fires or loss of essential services and equipment. These are the most obvious, but to lapse into management-speak briefly, why not think outside the box?

Even the Pentagon has used a hypothetical zombie apocalypse to test their response methods and maintain a working government under these conditions. Consider alien invasions and any other scenario that could conceivably or inconceivably shut down company operations. How long would it take to resume work if each scenario happened?

If your company can continue operating during a zombie apocalypse (when essential services are down) then yours is truly a robust DR plan.

Now What?

What actions will you take for each disaster type? Obviously, if there is a flood scenario, the aim is to protect equipment again water damage. Perhaps placing all equipment high above the floor is a solution but how high is necessary? Given that you have drafted a list of possible and impossible scenarios, make sure that your solutions to each one is well documented, logical and possible at short notice. Bite the bullet and purchase or modify the equipment necessary to protect your IT infrastructure.

Unfortunately, not all water damage is caused by flooding, perhaps a water tank leaks through the ceiling of your server room and casually destroys the server, firewall and 24-port hub before you can move the server rack. How long will it take you to restore the server and network? Do you have a spare server, firewall and hub? In this scenario, a company is caught unprepared, unaware that water is stored above their equipment. Know where all water is stored and dispersed throughout your building and avoid such problems.

From this simple example, you must focus on minimising risk in as many areas as possible.

Tactical Teams

When a disaster happens, the priority is to make sure that all employees are safe and to inform them of current events.  Once this task is completed, who leads the disaster response? When a disaster occurs, it is too late to leap into action, assigning responsibilities on the spot. Responsibilities and tactical team members must be assigned as part of the DR plan. In addition, if zombies eat your designated team leader, then the backup must take over. Define employee responsibilities and have backups in place in case they are delayed or incapacitated. This last item is perhaps the most important. However, to be most effective, any interruption in network service should generate an alert to multiple DR team members. This is often achieved by cost-effective (and self-powered) network monitoring devices that utilise a GSM/3G network to send SMS messages and emails as soon as network traffic stops.

In conclusion, while the above lists the key elements of any successful disaster recovery plan, it is also worth noting that an untested plan is less than useless. Test your DR plan during off-peak hours to ensure it will work when needed. Test how long it takes to restore all your data from backup. Such activities will ensure that if the worst happens, you and your company will emerge unscathed to resume your company operations.

Read More

Network Security and Business Agility Can Coexist

Posted On 12 lutego 2018 By Megan Morreale In Technology @pl /  

You’d be hard pressed to find any business leader that said they didn’t want to be agile. The ability to pivot quickly, make fast decisions and change course in the midst of a project is valuable today as the business landscape becomes more volatile.

The thing is, we’re also bombarded with news of security breaches, hacks and stories of people and businesses that have been robbed of sensitive information. This requires management, processes, policies—all of the things you’d probably say work against agility.

It doesn’t have to be this way, though—you can have both agility and security.

But how? It’s hard to imagine a word with both when cyber security issues are becoming so overwhelming. Network World’s 2017 State of the Network report cited data breaches and leaks as the top challenge for IT decision makers in businesses of all size. Part of the problem is understaffing the security operations centers (SOCs) themselves.

“Understaffed and under-skilled SOC teams depend on key individuals and manual processes to get their jobs done,” ESG’s Jon Oltsik wrote for CSO Online. “And when cyber security professionals detect something wrong, they don’t work well with the IT operations team to fix problems in an efficient manner.”

The problem today has roots from the internet’s beginnings.

One major problem—we’re using IP addressing to a greater extent than anyone ever imagined. The founders of the web didn’t expect us to use it to attack one another.

The problem lies in the workaround we’ve created for the IP address:

“Since it’s impossible to give every device its own unique IP address, the clever folks at networking companies came up with an assortment of workarounds, such as being able to NAT (network address translation) non-routable, private addresses,” Moreover, as industry analyst Zeus Kerravala wrote in Network World.

“And as we’ve added more dynamic environments, such as private and public cloud, defining policy based on addresses or ranges has become unsustainable.”

The Internet Engineering Task Force (IETF) has tried to solve this problem with a new standard to address the flaws in TCP and IP addressing. With this standard, the host identity protocol (HIP) separates endpoint identifiers from IP address locator roles and introduces a new namespace based on public keys from that endpoint.

The solution—you need an inherently agile network.

HIP is part of the solution to this problem, and can help you bring both business agility and security into your framework.

One solution—secure network overlays based on cryptographic namespace identities.

With this solution, end-to-end or peer-to-peer encrypted networking is now possible and can be done in as little as three steps, even for traditionally non-routable endpoints.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our

Read More

5 Ways Predictive Analytics can Prevent Network Failures

Posted On 8 stycznia 2018 By Megan Morreale In Technology @pl /  1

The good news—you can put your crystal ball away. Preventing network failure doesn’t have to be a guessing game anymore. Predictive analytics can help you find these performance issues before they happen.

The ability to find and address network problems before they even begin affecting your operations is giving information technology (IT) professionals the freedom to focus on progressive projects as opposed to reactive ones.

„There is a growing need for networks to adapt to dynamic application demands as well as address dynamically to special events, seasonality and so on,” Diomedes Kastanis, head of technology and innovation for Ericsson told CIO.online.

„Although we have a lot of automation systems and rules to manage and operate networks, it still is not enough to cope with the intense changing environment and proactively adapt to changing demands.”

There’s a reason predictive analytics are so effective. We’re pinpointing five ways that they can help your IT department prevent network failures.

1) Incorporating AI in new technologies is paving the way for failure prevention.

Most of the current adoption of predictive analytics comes from updates to technologies that are already being used. Different security platforms, like endpoint technologies, include updates that leverage artificial intelligence (AI) or machine learning (ML).

It’s technologies like these that have led companies like Skymind to start to adopt the practice, but the technology still isn’t yet fully evolved—only 95 percent accuracy for them.

„In other words, to predict data for the next month, you need five months of historic data,” Gianluca Noya, digital network deployment and analytics lead at Accenture told Networks Asia.

Still, the advancements in computing power, security technology and network data are allowing IT departments to start to figure out how to take advantage of this resource—including anticipating capacity requirements.

2) IT departments can stop spending time analyzing capacity data.

To determine to future capacity of their networks, IT professionals spend time determining a benchmark metric, and continuing to measure against it for comparison. This takes time—staff will spend months trying to gather and project data for several month forecasts, only to find they have to start over when those months roll around.

Instead of spending those months analyzing traffic, services, device use and how employees are using them, predictive algorithms can crunch all of that data for you. Not only can it same time, but it can continuously learn as it does this, beyond what is capable with benchmarks that don’t move.

3) Quality of performance is taken into account.

Learning capabilities also come into effect when you’re trying to analyze quality of performance in the future. Based on past events, deep learning technology can be applied to forecast for the future.

„When you have a dataset that includes records of events you want to predict, you can train a deep neural network on that data,”Chris Nicholson, CEO of Skymind, an AI developer supporting the open source deep learning framework Deeplearning4j told CIO.

„When you can predict capacity problems accurately (for example), you can act pre-emptively to rebalance the load on your network and provision the network with more capacity.”

The more data you have, the better the technology can learn. While there are still some stopgaps here—like data that’s not clean or organized properly—when applied correctly, it can proactively secure your organization.

4) As AI technology learns, predictive analytics learn about attackers as well.

As attackers get smarter, supporting intrusion detection gets tougher, and organizations will soon require predictive analytics to stay ahead.

It’s effective because this technology learns about your system in a more complete way than any other human could. This means it knows what your ‘normal’ looks like, and recognizing anomalous behavior is easy.

This will become very important in industries like banking, where risk mitigation and detection of security breaches is so important. The cost of a security breach is immense—the more quickly you detect them, the less impact to your organization.

5) Predictive analytics will cost you less in the long run.

Network pricing structures can be complicated, but coupling your system with predictive analytics can not only help you save in the event of an attack, but can help you forecast for effectively—like network upgrades, new devices and staff.

The key to success with predictive analytics is to have data that the technology can learn from. A historical look at past problems is paramount to predicting security events in the future.

While this is not a ‘quick-fix’ solution, predictive analytics are a tool for CIOs to better prepare for the future and identify behavioral patterns across all of your systems.

Read More

How to Ensure Your SMS Carrier Isn’t the Weakest Link in Your Security Chain

Posted On 9 października 2017 By Megan Morreale In Technology @pl /  1

For businesses and users alike, there has recently been a big security shift to two-factor authentication, and many companies are leaning on mobile devices to provide authentication codes in a timely manner for users.

The way it works is pretty simply. Once customers login using their usernames and passwords, they have to then authenticate their entry a second time by entering a code sent to their mobile device.

Companies all around the globe also rely on SMS for redundancy in communication when internet isn’t available, to ensure their communications are never disrupted.

With a lot of services relying on this method of authentication and redundancy, there has never been more pressure on you mobile accounts to stay secure. It’s important to make sure your SMS carrier isn’t the weakest link in your security chain by choosing a secure SMS gateway solution.

Why rely on SMS in the first place? Your information is valuable.

The number one method of communication is email—personal and business users alike across the web use it to communicate, as well as to authenticate accounts and send sensitive information.
This infographic from Krebson Security shows just how valuable your email account can be when hacked—pretty much all of your accounts are connected to your email, and it can be a little scary to realize what someone could access there:

Krebson also goes into detail about how valuable these account can be to a hacker:

“One prominent credential seller in the underground peddles iTunes accounts for $8, and Fedex.com, Continental.com and United.com accounts for USD $6. Groupon.com accounts fetch $5, while $4 buys hacked credentials at registrar and hosting provider Godaddy.com, as well as wireless providers Att.com, Sprint.com, Verizonwireless.com, and Tmobile.com. Active accounts at Facebook and Twitter retail for just $2.50 a piece.”

In addition to the monetary value, hackers are also disrupting businesses with security breaches, account turnovers and major customer data thefts. If your internet security fails, you’re vulnerable to communication failure as well as to a security breach.

SMS provides a secure and reliable alternative to email, while also complementing the easy use of email. Without SMS, you’re flying solo with email—every service you use probably requires an email address, and all security precautions can become undone if someone unwanted gets access.

Keep the second link in your chain secure—work with the right SMS software and hardware.

Hackers can get a hold of your passwords easily through your mobile provider without the right security precautions.

Reliance on a secure SMS gateway ensures your communications stay up and running through SMS, even when internet is down. The right SMS gateway will keep your information secure through the two-factor authentication process and support your business in the event of an internet disruption.

Naturally, both users and businesses want their methods of communication to be calm and dependable.
SMSEagle hardware SMS gateways send SMS messages directly to 3G network without using Internet connection. The gateway will work even if Internet connection fails. The SMSEagle gateway, once purchased, is located in your company premises. These assures you control over security and confidentiality of SMS communication. No matter the temperature or humidity conditions the hardware sticks with you.

If you care about quality and security, you need a reliable SMS gateway solution to ensure that your mobile carrier isn’t the weakest link in your security chain.

Read More

Network Monitoring — How SMS can Reduce Risk and Improve Response Time

Posted On 21 lipca 2017 By Michael O’Dwyer In Articles @pl /  1

As a network administrator, your role is a complex one but your primary task is to keep the network active and ensure that all users have smooth access to all network assets. You may have to conduct performance tests, hardware and software inventory audits (including virtual machines) and monitor areas from UPS battery status to current website connections. Configuration and maintenance take up more of your time. A variety of monitoring tasks are necessary and you perform all of them using a combination of enterprise solutions, third-party software and open source tools.

Where does SMS fit into this high-tech environment? In technology terms, SMS has been around a long time (since 1992) and many falsely believe that it is no longer of value today. This is not the case as the technology is still used in many practical applications, in emergency alert systems, in marketing and, of course, it also has valuable applications in network monitoring.

Network Downtime

Sometimes technology fails, an unfortunate fact of life, but true nonetheless. When your network goes down, your business will grind to a halt in most cases. A power outage, for example, will typically mean that all network communication will cease from that moment on. Uninterruptible power supplies (UPS’) may delay the inevitable for a few hours and generators will ensure local access continues. However, if the power loss is not confined to your building but instead a blackout affecting your neighbourhood, city or county, then you can assume your broadband connection has been lost.

If this occurs during office hours, when IT staff are onsite, then normal service will resume as soon as the power returns. However, what happens if the outage occurs outside office hours and you have an e-commerce store that relies on your servers and a high-speed broadband connection? You may have scheduled backups or support sites that have been interrupted. In such a setting, it is important that service is resumed quickly.

In most cases, you will be unaware of the outage until the start of the next working day. Can your company afford such a delay? Consider the financial and reputational impact of this downtime.

Citing a 2015 IHS report, Network Computing’s Joe Strangelli estimated “ a cost to North American companies of $700 billion a year for ICT outages. This includes lost employee productivity (78%), lost revenue (17%), and actual costs to fix the downtime issues (5%).”

Of the 400 mid to large U.S. companies surveyed, an average of five downtime incidents take place each year, with costs for each incident ranging from $1 million to $60 million.

Luckily, it is possible to eliminate some of the risk.

SMS Benefits

If your network goes down, response time is the most important factor as solving the problem quickly reduces downtime costs.  Sending an alert to your IT admin may seem an obvious solution but how is this achieved?

An SMS gateway is a way to build in some form of redundancy to your network alerts. If your network is down, a standard email or network alert will not work as… the network is not operational due to loss of power or loss of connection. An SMS gateway has its own power source, a SIM card to allow cellular network access and preconfigured alert messages. Once the gateway detects connectivity loss, it sends an SMS to the network administrator. It can also send emails if a 2G+ data connection is available. 2G is slow but functional. SMS is effective for several reasons – it works on all mobile networks (from GSM to 4G) and on all mobile phones.

In addition, the recipient is more likely to respond quickly to an SMS alert than any other form of electronic communication. Given the number of tweets, beeps, pings and other audio notifications on smartphones, it is surprising that SMS still retains top status in terms of response rates, but marketers confirm that SMS creates a genuine sense of urgency for each received message.

Therefore, your network administrator is sure to act quickly after receiving an SMS alert, and with any luck, can get your network operational as soon as possible.

Other considerations

Companies with SMS gateways in place can relax, secure in the knowledge that essential connections are monitored and that once inactive, an alert is sent out to the responsible parties.

However, alerts alone are not enough to ensure network uptime. As mentioned previously, technology will fail and a comprehensive inventory of spare parts is necessary to mimimise network downtime. Human error and cybersecurity threats are other issues that alerts will not solve–but IT and security awareness training for all employees will not only mitigate these threats but also reduce the risk of network downtime.

In conclusion, when network downtime occurs, you need a rapid response team. Given the cost of downtime to your company, it is worth ensuring your network administrator receives immediate alerts when the network fails. This not only makes financial sense but is a no-brainer for maximising business continuity and preventing reputational damage.

Read More

How to Choose the Perfect SMS Gateway for Your Organization

Posted On 16 stycznia 2017 By Megan Morreale In Technology @pl /  2

The SMS Gateway that you select for your organization is important—it’s the portal that connects your team with other contacts mobily.

Your connection to mobile carriers like Verizon, AT&T, Sprint, Virgin, Bell and more is important and will make or break your success in the event of a connection loss.

Without the time, resources or desire to develop your own gateway, many information technology (IT) leaders are in the market for SMS mobile solutions. The right SMS gateway provider will help you move forward.

Connecting with the right provider can be tough. These three tips will help you choose the perfect SMS Gateway provider for your organization.

Choose a Provider with Good Coverage and Network Quality

The first step in choosing an SMS gateway provider will be to ensure that they’re providing you with the coverage you need. Some providers don’t have the ability to deliver to certain countries or mobile operators, and you’ll want to make sure you choose one that extends to your needs.

Some providers might not be able to guarantee of delivery—an SMS message could be routed to other gateways that are not controlled directly by the gateway providers themselves. In addition, some might not be able to reach mobile phone numbers that have been ported between operators.

If you have the opportunity, you’ll want to test a gateway provider’s network quality before you decide to choose them. Some may offer you a small amount of free messages for new users. If so, take advantage to ensure quality is adequate for your needs.

Choose a Service that Works when the Internet is Down

For some business, their SMS gateway is an essential part of communication and IT functionality. You want to be sure that you’re getting your SMS message, even if there are internet connectivity problems.

This happens when your SMS provider frees you of having to work with 3rd party vendors, and connects you directly to carriers. With SMSEagle, you are connected directly to the GSM network and can be controlled optionally by SNMP—meaning you’ll never have to worry about an SMS message coming through, no matter what internet connectivity problems you may be having.

Choose a Business Oriented Partner

While you’ll easily find a gateway service provider that will allow you to securely send SMS, some are better suited for managing your SMS communications.

Look for a SMS gateway provider that will work with you and your needs, providing the business functionality and support you’ll need to ensure your IT operations run smoothly.

Finally, when looking for a channel through which to send SMS communications, make sure you find a provider that provides you with the functionality you need without nickel and diming you. In some cases, many providers charge extra for the “bells and whistles” that should come with basic functionality. Choose a reliable provider with technology you know you can count on.

Consider SMSEagle as an SMS Gateway for your Organization

We are a powerful device for sending SMS messages for your organization—a reliable, cost-effective and secure solution that controls SMS alerts, notification and tokens for controlling your servers and services.

We guarantee the success of your SMS message regardless of internet connectivity, and send SMS directly to GSM network with SMSEagle SMS Hardware Gateway. We even monitor your network and send you alerts when your services are down.

With SMSEagle you get the whole package – a provider that knows and is compliant with the regulations and legislation pertinent to you, GSM/3G protocol, works when the internet is down, and is a business oriented provider.

For your SMS communications, who are you going to trust? Trust the provider that gives you everything you need, and provides you with secure, reliable SMS messaging at all times.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

Read More