How to Setup Status Alerts for UPS Device

Today, reliable power supply is a key element in ensuring the continuity of operation of many devices. Without uninterrupted power supply, many companies, institutions, and private users would not be able to function. Therefore, more and more people decide to purchase a device that will provide them with uninterrupted power – Uninterruptible Power Supply, or UPS.

However, owning a UPS is one thing, and monitoring its status is a completely different matter. So, how to set up status alerts for UPS?  There are three basic ways to read the status from a UPS:

  • Dry Contact
  • SNMP Signals
  • Email alerts

Dry Contact

Dry Contact is an output on UPS device where the device sends a signal to an external system (e.g. an alarm system, control center, SMS gateway) when the power switches from the electric grid to the UPS (or reversed). The signal is usually a simple state change from an open to a closed circuit on the dry contact. The state change allows for quick notification of the power outage, but an external system is required to process the signal.

SNMP Monitoring and SNMP Traps

The second method is SNMP monitoring or SNMP traps. The SNMP (Simple Network Management Protocol) protocol allows monitoring of various network devices. If a UPS device is equipped with SNMP capability, you can monitor its state via external monitoring software (for example Network Monitoring System). With SNMP monitoring an external system periodically polls the UPS device about its status. SNMP traps, on the other hand, allow the UPS to send SNMP information to the system whenever its status change. The UPS device must be equipped with Network Interface Card (NIC) to take advantage of SNMP monitoring of SNMP traps.

Email Alerts

The last method is Email alerts. In this case, the UPS sends an email notification about the status change. Usually, you configure an SMTP server on your UPS device management portal/software, and this server is used then to send emails from a UPS device to a mailbox of your choice. The UPS device must be equipped with Network Interface Card (NIC) to use Email alerts.

How To Ensure Quick And Effective Reaction to Failures?

However, no matter which method is used, to further facilitate the critical information about power outage from UPS it should be received by a response team in a fast and reliable way. This will assure that the information will not be lost or stuck among many other status updates in IT infrastructure. The critical information from the UPS device might be managed within a Network Monitoring System (NMS). Another interesting and easy alternative is to use a hardware SMS gateway. SMS guarantees instant deliverability and offers a channel that is accessible to everyone. Thanks to the integration of the hardware SMS gateway with the UPS, the administrator can receive a notification in the form of an SMS when the UPS is turned off/on or when its status changes.

SMSEagle is an example of a hardware SMS gateway that offers fast integration with uninterruptible power supply devices (UPS). The integration with SMSEagle can be easily made via:

APC UPS users can also use the thoroughly described SMS integration manual for APC UPS.

Create the right solution for your business!

The functions of SMSEagle allows businesses to incorporate SMS communications into their systems in a way that makes sense to them. To find out how, get in touch with our team.

Opening the Door to Intelligent Building Management Systems with SMS-based Alerting and Notifications

Whether it is a central corporate skyscraper, a network of retail outlets, or a fleet of remote warehouses, staying connected to enterprise buildings through effective monitoring and controlling has never been more crucial in ensuring the safety, resiliency and efficiency of enterprises’ day-to-day operations. Building management systems (BMS) in particular, have come a long way in addressing this with the ability to continuously regulate environments, detect security threats and prevent disasters, as well as optimize sustainability and monitor employees.

Connecting buildings via SMS

Many BMS applications are hosted in the cloud. Delivering alerts via these applications requires Internet connectivity. This however may pose major risks to the reliable delivery of such alerts as the last mile connectivity may be impacted by the very events the applications are expected to alert on, or may be temporarily inaccessible due to usual outages or performance issues.

There is also a range of BMS systems that are hosted in offline environments for security reasons. In times of increasing cyberattacks, the offline environment provides a much higher security level. But how do achieve a correct level of alerting and notifications in such a scenario?

In these scenarios, effective monitoring and notification systems can make huge differences. SMS-based communication solutions such as SMSEagle SMS/MMS Gateway can relay alerts from a BMS server to the receiver cell phones, directly to 3G/4G cellular operators, without Internet.

Reporting from the floor

SMS-based alerting systems can be used to support the regulation of a building’s environment. A data center for example, has to operate under minimal temperatures. Detection of changes in this and other parameters such as air flow or humidity levels triggers alerts from the sensors to a locally deployed BMS server. These alerts are automatically forwarded to SMSEagle SMS/MMS Gateway where they are converted into SMS messages and sent over the regular cellular network to the intended recipients.

BMS applications coupled with SMSEagle SMS/MMS Gateway can go a long way in staving off threats such as fires or floods. By having smoke or water sensors installed in key areas, alerts can be sent in real-time to the BMS server and onto the gateway upon the detection of an impending disaster. The SMSEagle integration plugin with AVTECH Room Alert, or Schneider StruxureWare, for instance, can be configured to bypass email servers and send alerts from its wired sensors directly to the gateway, resulting in virtually no points-of-failure. This is especially important during disasters such as earthquakes or hurricanes, which often result in the Internet being inaccessible.

Security threats such as theft, sabotage or espionage need to reach the attention of security staff in real-time so that losses can be minimized. The SMSEagle integration plugin with a security BMS application such as Schneider EcoStruxure™ Security Expert enables visibility across main monitoring points, from entry authentication at elevators to license plate recognition cameras, all of which are linked to the BMS server via the enterprise local area network. From here, threat detection alerts can be sent to the relevant parties immediately.

Enabling smarter buildings

There are many security BMS providers with a worldwide reach. For example, Johnson Controls, a leading security BMS provider, selected SMSEagle SMS Gateway (see Case Study) when it needed to provide its client with a localized alerting system within the LATAM region. Utilizing a local SIM card and offering seamless connectivity to any 2G, 3G or 4G network globally, the gateway delivered cost savings for the client and enabled monitoring across all of its premises worldwide.

From preventing electricity wastage to ensuring fire alarms are attended immediately, SMS-based communication using a Hardware SMS Gateway provides a superior alternative to securing and sustaining the management of today’s connected buildings.

Create the right solution for your operation

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow BMS to incorporate SMS alerts and notifications into their systems in a way that makes sense to them. To find out how SMSEagle will allow you to create the solution you need, get in touch with our team.

In the fast lane: Speeding up fleet management communications with SMS

The fleet management industry is slated to grow at an 18.3% CAGR from 2022 to reach USD 67.38 billion in 2029. Advancements in real-time communications, coupled with enhancements across cloud applications are seeing fleet management becoming a critical capability across industries such as logistics, insurance, automotive, field service and mining.

SMS: A powerful alternative to data connectivity

While fleet management typically revolves around cloud applications and Internet connectivity, there is a growing need for alternative means of communication for fleet management systems, in cases where data connectivity is not readily available and where immediate response is critical. This is where an SMS-based solution such as SMSEagle SMS/MMS Gateway comes into play. The solution offers seamless connectivity to 2G, 3G and 4G networks around the world and comes with rich features including email integration, callback support, SMS forwarding, auto-reply, failover and MMS support.

Unlike cloud-based SMS gateways which are Internet-dependent, the SMSEagle gateway allows information from vehicles, drivers and freight to be relayed to the relevant stakeholders reliably, at any time and in any location via a single, dedicated hardware. This is particularly critical in situations that require real-time actions from respondent teams. By using a local SIM card, SMSEagle ensures a cost-effective method for keeping the entire fleet, the stakeholders and the cloud application connected at all times.

Enhancing real-time fleet communications with SMS

From regular to predictive maintenance, fleet owners can program their telematics unit to trigger real-time SMSs every time maintenance thresholds are exceeded. These thresholds include component failures, temperature and speed limits. SMSEagle SMS/MMS Gateway enables immediate access to this information on the enterprise LAN network, including distress messages from the driver, regardless of Internet connectivity. This allows maintenance and emergency teams to be adequately informed of any impending incidents. In fact, leveraging the gateway, timely instructions and alerts can be relayed to the telematics unit and field staff, as well as onto the driver dashboard.

The SMSEagle gateway can also be used to send customized, personal reminders and notifications to drivers. To monitor driver behavior and ensure safety precautions are adhered to, in-cabin video recorders or sensors can be programmed to initiate emergency SMS messages upon the detection of irregular, careless or dangerous maneuvers. Emergency messages communicated via the SMSEagle gateway may include videos and images for easier monitoring and enforcement.

In terms of cargo management, the cargo monitoring device fitted with a local SIM can send information gathered by its temperature, movement and vibration sensors via automated SMSs to an SMSEagle gateway. The fleet manager with access to the gateway is able to retrieve the information on their systems and use this data to monitor the condition and location of their freight, as well as the progress made on each consignment.

As far as it goes

With fleet management increasingly spanning larger fleets and wider geographical boundaries, the need for reliable fleet communications and automated alert mechanisms has never been more imperative. SMSEagle SMS/MMS Gateway can be deployed as either the primary or backup communication channel that is highly cost-efficient and lean in terms of system requirements, and which can trail any fleet across any location securely and reliable.

Create the right solution for your operation

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow fleet management industry to incorporate SMS communications into their systems in a way that makes sense to them. To find out how SMSEagle will allow you to create the solution you need, get in touch with our team.

Benefits of Receiving SMS Alerts from Temperature Sensors

The widespread use of technology has led to different kinds of innovative applications in almost all domains. One amongst these advancements is temperature sensors that determine the degree of hotness or coolness and convert it into a readable unit, which can be further sent to interested recipients via SMS to help in malfunction monitoring or early alarming.

Medical applications, food monitoring, packaging, petrochemical handling, automotive monitoring, biological research, geological studies, HVAC systems and consumer electronics, temperature sensors play a crucial role in all these fields.

Apart from measuring optimal heat and humidity levels, many temperature sensors act as preventative warning systems that determine whether there are impending risks or malfunction. Overheating detection plays crucial role in those systems, thus protecting from major disasters like fire. Temperature sensors which are now affordable and easy to use may prove very effective in early alarming and prevention.

There are many temperature sensors, but they are commonly categorized as contact and non-contact temperature sensors.

Contact sensors are those in direct contact with the object they are to measure and include thermocouples thermistors, thermostats, thermistors, Resistive Temperature Detectors (RTD), and Thermocouples sensors. Semiconductor-Based sensors also fall under this category.

The non-contact temperature sensors measure thermal radiation. They are often used in hazardous environments like nuclear power plants or thermal power plants. Some examples: Optical pyrometers, radiation thermometers, thermal imagers, and fiber optic sensors

These sensors combined with external systems that warn of impeding threshold levels can send alerts via for examples SMS texts to the connected devices about temperature levels. Any untoward activity can thus be easily caught via these messages.

Automatic Alerts:

These messages can detect unusually high and low temperatures via these message alerts. This can keep track of the proper functioning of the devices. Any slight change in temperature sets off a notification about the rise or drop in temperature. One can take appropriate action by lowering or raising the temperature through remote control or informing the relevant offices.

Regular monitoring:

Regular monitoring can help to detect irregularities and easily map usage patterns. It takes out the manual aspect of checking on the temperature in a facility, unit, or device as regular updates are received.


Temperature sensors help improve productivity and safety by monitoring and tracking temperature levels across many industries. Combined with fast alarms and notifications, sensors are lifesavers in hazardous environments. They also help in the effective maintenance of devices and facilities.

SMSEagle NXS-line devices can be easily equipped with external temperature sensors, allowing you to take leverage their advantages in the rapid notification of problems via SMS. SMSEagle application allows to setup automatic alerts for the sensors and provides regular monitoring of the ambient temperature via historic temperature chart.

Create the right solution for your operation

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow companies to incorporate SMS alerts and notifications into their systems in a way that makes sense to them. To find out how SMSEagle will allow you to create the solution you need, get in touch with our team.

SMS Gateways: Alarms and Notifications for Offline Environments

As the news of 5G towers are surfacing, we are leaving old technology like pagers and SMS far behind in the past. But with these rapid developments rise concerns about privacy and security. And surprisingly, the answer to these concerns sometimes is not more advanced tech, but a return to our technological roots with intention.

In this piece, we shall look at the need for notification systems in High Availability Offline Environments and why SMS Gateway services can be the answer.

Monitoring High Availability Offline Environments

High-Availability (HA) environments are well-tested and strongly equipped systems that are dependable enough to operate continuously without failing. These environments focus on avoiding single points of failure and ensure that their application continues to process requests.

In these high availability systems, effective monitoring and notification systems can make huge differences. For example, during situations of connective scarcity, effective management of notifications is crucial, as these alerts can often be the difference between solving the crisis and suffering extreme losses. Or during unforeseen malfunctions that run the risk of interrupting the business-critical application processes, notifications and alerts become extremely important as a lack of rapid recovery will lead to a snowball effect and harm the HA environment.

These notifications and alerts are usually in the form of push notifications, that is, notifications via mobile app, phone call, email, and SMS.

But for offline environments, the narrative is a little different. Offline environments may develop due to different causes, the most common ones being cutting off the internet due to security measures or internet inaccessibility due to the nature of the location.

Despite the offline nature of said systems, aiming to keep a High Availability environment is often the priority. As discussed earlier, notification and alert systems in high availability systems play a significant role. Most of these push notification features get bottlenecked when the systems are offline, except for two – Calls, and SMS.

What are Hardware SMS Gateways and How Do They Work?

When all the other ways of communicating effectively among peers are blocked in Offline Environments, only SMS and phone calls remain. And this is where hardware SMS gateway devices come in.

An SMS gateway is an interface that allows users to send SMS without phones. Hardware SMS gateways offer a direct connection to 3G/4G cellular operators, without Internet.

How it works? To send and receive text messages, hardware SMS gateway must obtain a connection to a short message service centre (SMSC) which is a special server inside a cellular network. In 4G LTE (packet-based all-IP) network SMS is encapsulated in a SIP message and carried over IMS core network to SMSC. In 3G UMTS network SMS is sent using the SRB (Signaling Radio Bearers). In both cases these are internal connections only within a cellular network. When a text message is received in short message service centre (SMSC) it is forwarded to its intended address via cellular network core. SMSCs are responsible for routing text messages and regulating the messaging process. If the recipient is unavailable (for example, when the mobile phone does not have network access), the SMSC stores the SMS message and then forwards it when the receiver is available.

Hardware SMS Gateways As The Solution

Hardware SMS Gateways are the most opted-for solution in High Availability Offline Environments as a communication system. Here are some of the reasons why:

  • communication access via a cellular network (WITHOUT the Internet),
  • on-premise installation that allows complete data confidentiality
  • high reliability,
  • remote accessibility

Hardware SMS gateway devices continue to be a feasible and secure solution to offline workplace disruptions.

SMSEagle provides world-proven and dependable devices as hardware SMS/MMS Gateway manufacturer. SMSEagle devices are easily configured and managed via a web browser, are easily integrated via integration plugins or API . SMSEagle’s Network Monitoring feature may be also used to you conserve your high availability in a small scale.

Enable IoT with SMS

According to Statista, the number of IoT (Internet of Things) devices connected worldwide will jump to 30.9 billion units by 2025—significantly more than the 13.8 billion units forecast for 2021—as connected cars, smart home devices, and connected industrial equipment become the norm. With the number of networked sensors increasing in all areas of our lives, we’re enabling automated, real-time interactions between assets, machines, systems, and things.

But like everything else in business, turning information into actionable insights depends on fast, reliable communication. That’s why SMS is essential for enabling IoT.

Why is SMS the right choice for IoT?

SMS is the ideal communications mechanism for IoT because it includes five essential characteristics:

  1. Global coverage: Stable 2G, 3G, 4G, and 5G networks reach every corner of the earth, including areas with unreliable—or no—Internet coverage.
  2. High deliverability: SMS traffic has close to 100% delivery rates—especially if you use a reliable SMS platform like SMSEagle.
  3. Secure: Send information bypassing third-party providers with full data confidentiality.
  4. Cost-effective: IoT employs bulk SMS messaging to send data, which can be extremely cost-efficient when using the right provider.
  5. Reliable: Essential for IoT, SMS delivers notifications promptly and reliably. Even in the event of a power outage or when mobile data is switched off, an SMS message will still reach its destination.
  6. Power-efficient: Eliminating the need for a permanent connection and requiring little power, SMS extends the battery life on IIoT (Industrial IoT) devices from weeks or months to years.

Irrespective of whether an alert needs to reach a computer, human, or another machine, SMS is the best choice for every scenario. It is the only communications channel that works on every cellular device and every network.

Deploying SMS to enable IoT in factories and intelligent buildings

Here are two examples of how SMS is enabling IoT:

  • Factories: IoT devices monitor equipment via digital inputs and outputs, sending time-sensitive alerts about changes in environment or equipment characteristics such as power, security, and temperature. As noted in the IoT Agenda, SMS is already used in existing IoT systems to wake up a device and put it into transmission mode. However, SMS can also be used as an efficient data transport for sending configuration updates or managing a device’s power supply so it can collect and store data while extending battery life.
  • Smart Buildings: IoT devices monitor environmental conditions and mechanisms, sending infrastructure failure alerts to Building Management Systems (BMS). Integrating IoT with BMW and SMS allows facilities managers to receive alerts through multiple channels simultaneously—including alarm systems, building intercoms, and messaging systems—and communicate with occupants and technicians, receiving and sending updates to ensure the safety of tenants and visitors.

IoT and IIoT are enabling the future, and SMS plays an essential role in ensuring affordable, reliable communications. Whether you’re responsible for managing facilities or manufacturing equipment, using SMS to enable automation offers ubiquitous and pervasive coverage for fostering innovation. And you can deploy it today in over 200 countries with access to more than 93% of the world’s population—out of the box.

About SMSEagle

SMSEagle is a leading global brand of SMS gateway hardware supporting. Designed for reliability and easy integration with existing systems, SMSEagle supports bi-directional SMS communications via your web browser, email system, or an API. It also converts email messages to SMS and can send SMS alerts from network and security monitoring systems and SMS tokens from authentication systems. For more information, visit

Create the right solution for your operation

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow businesses to incorporate SMS communications into their systems in a way that makes sense to them. To find out how SMSEagle will allow you to create the solution you need, get in touch with our team.

Network Security Essentials: A Checklist for your Business

I hardly need to labour the point that network security is essential in an age where companies of all sizes are hacked. Hardly a week goes by without data breach headlines in the mainstream media. 2021 is so exception so far, with high-profile hacks including LinkedIn, Parler (an almost complete website scraping in this case), Mimecast, U.S. Cellular and many more. The reasons for these successful breaches, which compromised the data and privacy of clients, ranged from targeted attacked, exploits on misconfigured cloud services and unsecured data to malware injection and scamming. Many of these data breaches could have been prevented. It makes you wonder why, in 2021, companies (large and small) are still so careless and cavalier with important client data, especially when you consider that lack of IT personnel or funds is not an issue for the global giants. Didn’t these companies have a simple checklist or basic code of practice for network security? Remember to protect all client data as if it were your own data by using encryption, authenticated access and any other precaution possible. Consider the following an overview or starting point for creating your own checklist.

The Basics

Let’s assume, as many do, that larger companies have a handle on the basic elements of network security. Firewalls are configured correctly. Administrators have a full list of their hardware and software and all security updates and patches are installed promptly. They have a robust backup procedure that ensures prompt restoration of company data even after a ransomware attack. Brilliant! Now what?

Despite the naysayers, password management is still an issue and not due to password length, authentication method or complexity but instead due to longevity i.e., passwords are in use too long without being changed.

Employees will also log into personal solutions during office hours and if part of a BYOD policy, ALL will have devices approved and with OS versions approved by IT? Again, let’s assume enterprises have no flaws in all these areas, despite almost daily reports of data breaches. Enterprise-level solutions seek to address more advanced problems…

SIEM, NGF and User Error Prevention

Modern network security is aimed at identifying emerging threats and reducing the impact of human error (which is still the biggest threat to your data). In fact, a recent joint study from Stanford University and Tessian indicates that 88% of all data breaches are caused by employee error. The Blame Game is not the solution here as the study also points out that “Your employees are focused on the job you hired them to do and when faced with to-do lists, distractions, and pressure to get things done quickly, cognitive loads become overwhelming and mistakes can happen.”

Therefore, recognising that security awareness training is not the entire solution and that employees are not cybersecurity experts, companies must use technology to help with the problem. While classified as enterprise solutions, most of them are available to smaller companies, whether it’s next-generation firewalls (NGFWs), analytics-driven security information and event management (SIEM) or remote solutions offered as-a-service. All companies should perform a risk assessment and identify their greatest threats to network and data security, then and then arranging a trial of available solutions.

Even a brief look at NGFWs will confirm they are a key step in enhancing cybersecurity, including basic firewall function with several additional benefits. These include intrusion detection systems (IDS), intrusion prevention systems (IPS), application awareness from Layer 2 to 7, reduced infrastructure footprint, and antivirus and malware protection. Finally, NGFWs do not affect your network speed. Surely, a worthy purchase that can help reduce user errors by blocking threats?

Email & Internet

Your anti-malware solution (if not part of a NGFW) must scan incoming emails and monitor internet traffic. Companies need to decide if they prefer to only allow certain websites (based on a whitelist) or block some (based on another list). Whatever you decide, security (and perhaps productivity is the primary consideration). Different companies will have different ideas on this and are free to do so, since company-owned equipment is involved. However, I’d advise against keyloggers, surveillance cameras and the like as they can affect employee morale.

Ransomware and Backups

There is always the possibility of an emerging threat penetrating your firewall and ransomware is the worst of these, requiring that a ransom is paid (and that we ‘trust’ the cybercriminal to act ethically?) or full restoration from clean backups. Therefore, your backup and disaster recovery plans must be fully tested and verified as working before the worst happens. It’s obviously too late when it’s discovered the backup is worthless. Industry practice is to have at least three backups with at least one air-gapped (drives or tapes stored in a fireproof safe, for example). Backup verification is worth emphasising… Ever heard of bit rot? It’s the death of hard drives, SSDs and tapes (all magnetic media, in fact) over time and underlines the need for regular backup or archive verification.

In conclusion, all the above and any additional technological solutions you wish to make to mitigate identified risks should be part of an overall IT policy, outlining security goals with examples and user scenarios where possible. Security is an ongoing task and is constantly evolving as new threats emerge. That is the reason for data backups, penetration tests, encryption and other processes. If BYOD is present, do you have a mobile device management (MDM) solution? An employee has left the company. How long do you wait before disabling the user account and all LAN credentials? How about DHCP? These and other questions are yours to answer when ensuring maximum LAN protection. How will you proceed, or do you already include all these recommendations in your security posture? If so, well done, you’re immediately ahead of many global companies…

4 User Authentication Issues Developers and Admins Struggle With (Solved)

User authentication is how admins and developers like you and I enforce secure access to user accounts. But in the face of increasing cybersecurity concerns, our challenges have grown taller.

Look at the statistics. In the first three quarters of 2018 alone, attackers launched about 1.4 million phishing URLs. As you know, phishing targets a user’s authentication rights and identity.

Meanwhile, in the real world, most people are not taking precautions to secure their accounts. In a study published in 2019, 67 percent of participants do not use two-factor authentication at all for their accounts. Out of those that use 2FA, 55 percent do not use it at work.

This laxity to security puts admins on edge. So this article identifies and provides solutions to some of the problems you face in implementing user authentication for your apps and websites.

1. Getting Users to Set Strong Passwords

The passwords of nine out of every ten employees can be hacked within six hours. And two-thirds of people use the same password for most of their accounts. So imagine a black hat hacker stealing that one password, and it’s the same password for your online banking.

The Problem with Getting Users to Set Strong Passwords

Users worry that they’ll forget their passwords all the time if they use unique passwords for each online account they set up. This fear deters them from following their admins’ suggestions even if they know better.

Most users don’t know that they can safely store passwords on a password manager. So far, it looks like admins haven’t done much in telling users about password managers.

The Solution for Admins and Developers

Tell your users about the dangers of using a single password or repeating passwords. Let them know that a secure password manager like KeePass, LastPass, or others saves them the stress of remembering passwords. These password managers also help them set strong passwords. Teach them how to use browser extensions for password manager of your choice.

2. Encouraging Users to Implement 2FA for Their Accounts

According to a Google Engineer, Grzegorz Milka, more than 90 percent of Gmail users do not use 2FA in their accounts at all. Understandable because most users see it as an extra huddle to accessing their account.

So they avoid it.

Albeit, users still want security. So they’d rather rely on password managers because they make login automatic and require fewer huddles. While a password manager is good, admins must let users know that the more security layers they use, the less likely they’d be hacked.

The Problem with Implementing 2FA

The problem is that most users are not seeing the risk of leaving their email accounts to one authentication mechanism – passwords or passphrases only. Hackers, on the other hand, are looking for accounts with the least resistance to hacking.

The Solution for Admins and Developers

Your job as a developer or admins is to help your users see the risk and understand its costs. So the question comes to “How do I help them see the risk?”

Let them know that attackers might have hacked their accounts already. So having a 2FA in place is a step to stop further compromise even if these hackers compromised their user passwords.

Here’s a case in point. Yahoo had been hacked since 2013 or earlier, but no one noticed until years later in 2017 when the announcement and investigation kicked in. That’s a full four years before people realized they’d been hacked.

Employees need to know that using two-factor authentication puts a demand on the account to notify them, the user, of any unauthorized login attempts.

Secondly, users need to know that they might have been hacked already and may not know it now until later in the future. So setting up a second-factor authentication can help them save their accounts. Security experts say that hackers stole anywhere from 7.5 to 8.5 billion records in 2019 alone.

3. Preventing SMS Spoofing

Hackers understand the power of 2FA, and they’re trying hard to phish their way through that second layer of security. In a study published by Thycotic, 68 percent of black hat hackers said their biggest challenge is multifactor authentication.

Consequently, admins and developers are saddled with the responsibility of helping their users understand and prevent SMS spoofing.

In case SMS spoofing sounds new to you. It’s a phishing technique that hackers use to gain control of their target’s information or devices.

So these hackers would send an SMS message to their targets and making it appear as if the message is coming from a target’s trusted source. A trusted source could be their employer, senior executive, or finance department staff.

For example, a hacker could send SMS messages to your employees that appear to come from you, the admin, asking them to click a link to give some sensitive information. Your employees would click the link, believing the message came from you, and then unknowingly compromise their device, share some sensitive data, or both.

Hackers can use SMS spoofing the same way they use email spoofing,

  1. Collect sensitive information to aid their hacking activities or sell on the dark web
  2. Take control of your device and use that access to perpetuate other hacking or identity theft attacks.

So you want to sensitize your users on how to spot and stop a phishing attempt.

The Problem with Preventing SMS Spoofing

The biggest problem with preventing SMS spoofing is ignorance on the part of system users. Additionally, admins are not investing enough resources in educating their users on how to spot and block these spoofing attempts.

Admin and developers might be underestimating the impact of an attack too, and that’s why they are not investing enough in educating their users about SMS phishing.

The Solution for Admins and Developers

Due to the high-level security that 2FA bestows on users, spoofers are desperate to break that line of defense. As an admin or developer, here are your options for preventing an SMS spoof attack.

Invest in Employee or System User Education

Educate your employees and users to not click on SMS links from unknown sources or that they haven’t verified. Let them take this phishing test.

That spoofing test focuses on email spoofing. But it sensitizes users to pay more attention to the messages they receive. Ultimately, attackers want to deceive you into taking an action that grants them access to your sensitive data or device. Hence you want to train your users on how to spot these deceptions.

Use a Signature Message

Set up a signature that goes with every SMS you send to devalue any phishing attempt immediately. For example, “Prevent SMS spoofing: call the number that sent this SMS.”

This prevention technique works because people who spoof phone numbers don’t own them. Tell your users to hang up and call the number back. When they call, they’ll reach the real holder, not the spoofer.

4. The Social Sign-in Puzzle

In the bid to improve authentication, developers introduced social media sign-in. The idea is that users would sign in to third-party websites and apps using their social media accounts, like LinkedIn, Facebook, Twitter, and Gmail.

This arrangement is pretty secure. So the problem here isn’t with the security of the process. But the convenience of the user.

The Problem with Social Sign-In

Social sign-in saves users the hassle of creating new passwords. But these users must remember how they signed up for the service. Hence, this authentication often creates issues for users.

Customer Churn Because of Forgotten Authentication Channel

Your users may signup for your service, but since they don’t use it often, they’d forget how they accessed the site. If they have very little to lose, they’d churn and never return to the service.

Loss of Access to User Account After Loss of Social Account

A user may lose access to the social media account they used to sign up. If that happens, they may churn and stop using the service. Even if they don’t churn, users may define this event as a poor customer experience.

Security Concerns

Users may feel unsafe granting third-party apps permissions to their social accounts. This concern may intensify if the app requests access to “control,” “send emails,” or “make posts” on their behalf.

The solution for Admins and Developers

You want to treat the use of social sign-in as an experiment to know how your users find the experience before you discard or adopt it fully. Secondly, admins should provide backup sign-in methods for users in case they lose access to their social accounts.

Developers and admins must provide brief explanations for what they mean when they ask for permission that might deter users from adopting their social sign-in option.

End the Authentication Struggle

Most admins and developers struggle with user authentication because they don’t invest in user security awareness. Users will take more responsibility, the more they understand the risk that comes with being lax with their account security.

In summary, let your users know that

  1. Clicking unfamiliar links or downloading unexpected attachments could expose them to security risks
  2. They shouldn’t take phone calls without confirming the identity of the caller or never give sensitive information over a phone call
  3. If they think their system might be infected or compromised, they should contact an admin

The cost of falling victim to a security exposure outways the cost of preventing it. Hence, you want to invest in prevention, and that includes enforcing 2FA. You also want to test user authentication channels that might improve your security and user authentication experience.

Create the right solution for your operation

Your obstacles are unique, and the solutions for them should be too. The functions of SMSEagle allow businesses to incorporate SMS communications into their systems in a way that makes sense to them. To find out how SMSEagle will allow you to create the solution you need, get in touch with our team.

Password Management —Secure Passwords Essential for User and Business Protection

It’s safe to say that most users rely on hundreds of passwords to access their devices, websites and apps. Few will remember these passwords, unless of course they are in the habit of using the same password for multiple logins–a big security no-no. For years, security pros have emphasised the need for different passwords, as identical passwords make it way too easy for hackers. If they obtain one password and it’s also used in to access online banking, for example, your resulting zero balance is to be expected.

Let’s call it a rule–never use the same password twice, or variants of it.

Some of you may think this is obvious and I do agree but according to the UK’s  National Cyber Security Centre, in collaboration with Troy Hunt (a Microsoft regional director), the password ‘123456’ has been detected 23 million times in the breaches collected. They’ve also published a top 100,000 list of most frequently used passwords… ‘qwerty’ and ‘password’ are also in the top five.

Change User Habits

Network administrators cannot assume that users will select secure passwords, making it necessary to enforce password policies, with rules for password selection. These rules should include but are not limited to:

  1. No passwords based on keyboard layout–such as ‘qwerty’ or ‘123456’
  2. None based on names of family members, employers, pets, birthdays or favourites–‘walle’, ‘pokemon’, ‘liverpool’–hackers will use social engineering to find likely passwords and your love of Metallica leads to an easy password hack.
  3. No real words, regardless of language–hackers can check against entire dictionaries in minutes.
  4. Avoid short passwords that are easily remembered–where possible my own passwords exceed 20 characters.
  5. Change passwords from time to time – perhaps once every month or at least four times each year.

Obviously, adopting a new complex password strategy requires some form of management. How will this be achieved?

Storing Complex Passwords for Easy Retrieval

I’ve thought it about this for some time and believe there is no single solution, as it will depend on budget, company size and level of security awareness. A big no-no is writing passwords on post-its and sticking to your monitor or in your wallet. How about Excel or MS Word? Sure, it could be used but if the Excel file is unprotected then all passwords are visible once accessed by a hacker.

BYOI (bring your own identity) is one option but I believe it’s only effective if two-factor authentication is employed to verify the user (by sending a code via SMS, for example). In such an environment, all passwords are stored in the cloud, needing one login password to access all others. With the global identity and access management market predicted to reach more than US$22 billion by 2025, such solutions may only be viable for the middle market and enterprises.

How about secure login via social media platforms or search engines such as Google? I’m not really interested in sharing more data with global giants but the decision is yours.

Password mangers are often touted as a solution to password bloat and I do find them useful. However, they also have weaknesses, some of them caused by the OS used preventing security processes from completing, as indicated by the Washington Post.

I use one (not disclosing which) but I store my password file and token (required to access the password file) on a memory stick. When I need a password, I insert the memory stick, perform the required action and remove it immediately afterwards. I wear the memory stick around my neck so apart from a violent attack or removal from ‘my cold dead hands,’ I believe my data is quite safe. I avoid all related cloud-based services and rely solely on the memory stick – with a secure backup in a fireproof safe.

The most useful feature of password managers is the inbuilt password generator tool – I recommend at least 20 characters, including special characters, alphanumeric and underlines for all passwords, especially ones involving financial or medical data.

Company and Personal Data

While I’m not advocating a choice for password management, there are many options available and segregation of personal and company data must be part of any password management policy. BYOD (bring your own device) can complicate matters but any effective strategy must also include device encryption and partitioning to separate personal data. If an employee leaves the company, remote erasure of all company data, including passwords, must be possible, without disturbing the user’s personal photos and other files.

According to research from the Ponemon Institute and sponsored by Yubico, The 2019 State of Password and Authentication Security Behaviors Report stated that while 66% of those surveyed agree that it’s very important to protect passwords, 51% believe they are too difficult to manage. Both parties have a point. Managing passwords is a chore but weigh the inconvenience against the costs of a breach, not just financial but reputational.

In conclusion, I’ve outlined some suggestions for password management. It’s up to you to decide how you will enforce a password policy and how it will be rolled out effectively. Enhancing staff awareness is a given but what methods will you use to ensure all employee passwords are secure and are changed regularly? Two-factor authentication is worth considering but do the added costs and IT resources outweigh the benefits? After some brainstorming with IT and executive stakeholders, you’ll be able to choose the best path for password security, one that will at least slow down persistent hackers. Best of luck.

Bring Your Own Device (BYOD) — Security And Other Considerations For Stakeholders

Today’s employees are always connected, thanks to ubiquitous broadband and a wide range of portable devices, from smartphones, tablets and laptops to fitness trackers and a plethora of smart devices such as watches, cameras and GPS navigators. How necessary is this level of connection?

Cinemas and restaurants are no longer peaceful, with beeps, chimes, vibrations and other alerts notifying everyone in the vicinity that something else (generally of a trivial nature) has occurred in your vast network of contacts. It makes sense that social addicts want to spread this contagion to the workplace since not being connected can produce a sense of withdrawal not unlike that of those coming off hard drugs. We need someone to like that oh-so-interesting photo of last night’s chicken chow mein. We need someone to know how we feel at work… Or do we?

BYOD Motivated By Cost Savings?

Let’s look at the motives behind BYOD adoption for companies and device users. Visitors to your home quickly request access to your Wi-Fi as most are tied to a set data plan by their mobile carrier, with a monthly cap and corresponding rate per gigabyte of usage. Using Wi-Fi, device users can access broadband Internet and reduce data usage over 3G, 4G or 5G. Therefore, we can safely conclude that users want BYOD to save money on data charges by connecting to the company Wi-Fi.

Employers also want to save money, of course and by allowing employees to use their own devices, do not have to issue company-owned devices. Since it is likely that personal devices are of a higher spec than those purchased for business use, there are also possible productivity benefits.

In an ideal world, the story ends there, everyone involved saves money and lives happily ever after. Unfortunately, there are drawbacks for both parties, ultimately caused by data, user and device management requirements.

Can any company afford to provide Wi-Fi access without considering potential security risks to the network and the data residing on it? No, as every jurisdiction is likely to have regulations and mandatory requirements relating to data security, personally identifiable information (PII) or indeed e-discovery. Therefore, any cost savings in allowing BYOD are likely cancelled out by the management of BYOD devices.

Practical BYOD Issues

As a former network administrator, I appreciate the additional workload a BYOD program can place on the IT team (the team blamed when the network is breached or data is lost).

The problems with BYOD from a security perspective include but are not limited to:

  1. Permission management–to ensure secure access (by user, device or network credentials), a solution aimed at mobile device management (MDM) is best.
  2. Device Management–companies need to decide on the device types and manufacturers they will allow on the network. Additional requirements could relate to the device OS revision/version involved. To allow all mobile device access is a mistake as cheaper brands could use an earlier OS version with known vulnerabilities or apps that can exploit network connections.
  3. Security updates–if the device owner does not encrypt the device or install security updates then it is a weak point on your network.
  4. Viruses, malware and other threats–again, virus scanners and other security tools must have the latest updates to protect the device and, in turn, the company network.
  5. Employee exit procedures–When the owner of a BYOD device leaves the company, the device must be cleaned to remove company data in a secure manner. This can require admin access to the device, a problem for many device owners, who do not like being ‘spied on’.
  6. Lost or stolen devices–If a BYOD device is lost or stolen, there is a potential data loss/breach involved. For this reason, the remote wipe is a useful admin feature. Unfortunately, such control is often a problem for device owners (see (5)).

For employers considering BYOD, device admin is typically the single thorny issue. If a user does not want the company to administer the device (and I wouldn’t) then the company should not allow the device to connect to company Wi-Fi. End of story. If the same employee needs a company device for travel or remote work, then issue a company-owned device as the company can administer it as they desire.

In conclusion, I believe that constant connectivity is not needed, unless you are a volunteer firefighter or an on-call medical professional. For family emergencies, SMS is still an effective way to receive an urgent message. After all, employees can still use their mobile carriers for internet access if needed at work. From a company perspective, is it easier to only allow company-issues devices access to the network? It varies from company to company, but for the most part, when full administration of employee-owned devices is necessary, the resulting admin and security risks may not be worth it. There are also HR (if an employee uses the device on work tasks outside working hours, expect to compensate that employee) and legal considerations (under e-discovery, mobile devices are included, and data loss can result in substantial fines) in some jurisdictions. I recommend you identify all potential risks before embarking on a BYOD strategy. What do you think? Is the use of personal devices an issue in your company?