Pages

Sunday, April 28, 2013

4 Ways To Increase Password Security for SMB's

4 ways to increase password security for SMB's
gigaom.com

Passwords are the weak link for companies of all sizes, but many small and midsize businesses (SMBs) rely on their workers to make the right choice in selecting strong passwords.
While establishing a password policy and educating workers are good first steps, they are not sufficient to convince users to select good passwords.
SMBs frequently inherit their employees' selection of passwords, and while three-quarters of workers choose passwords for security, they also compromise to more efficiently gain access to their accounts.
"A business is only as strong as its weakest link, or weakest password connected to that business, whether belonging to a customer, partner or employee," CSID stated in the report.
Here are 4 Ways for businesses to increase password security
Create Visibility
Mozakdesign.com
1. Create visibility
SMBs generally have no idea the strength of the passwords that their employees are using on internal systems, whether they are reusing the passwords on external services or how many different passwords they have. The first step for businesses to gain visibility should be to adopt a central system for managing employees credentials, whether a password-management service in the cloud or full identity and access management (IAM) solution.
Without such a system, companies will be blind as to the degree of risk they have, LastPass's Siegrist says.
"The scary thing is that most people don't know any better, so if you don't have any tools or procedures in place, you just have no shot of getting to a safe place," he says.
LastPass for instance, gives each employee's account a security score based on their currently stored passwords. While company administrators cannot access the passwords themselves, they can discover when a worker is not following policy.
2. Centralize password management
Even for companies that do not need a full IAM system, the centralized management of employees' passwords goes beyond just gaining insight into workers' password habits. Companies that have administrative control over their employees' accounts can add new workers and delete old ones who no longer work at the firm, heading off the risk from disgruntled employees.
"As companies grow, even to 50 or 100 users, tracking where they've added users have added accounts into different applications not only becomes a burdensome process, but can also become expensive," says Patrick Harding, chief technology officer of Ping Identity, a cloud identity provider.
Ping's product eliminates passwords for many cloud applications by using a single sign-on approach that replaces passwords with Security Assertion Markup Language (SAML) to securely access online accounts.
Single Entry Point
Liebsoft.com
3. Pick a single entry point
In addition to centralizing the administration of the identity storage, companies can benefit from simplifying a user's need to enter in a credential to a single login event. By limiting the number of times a user has to enter in a password, companies can make their workers more efficient and focus on a single channel to secure, Harding says.
"If you only have to authenticate once a day, make that authentication stronger than a password, even a strong password," he says.
Using two-factor authentication for an e-mail account can double as the log-in credentials for the single sign-on system.
4. Change employee behavior
Finally, companies should use any improvements in their management of passwords to educate them about good passwords selection, LastPass's Siegrist says. When employees reuse a password, remind them of company policy against reuse. If workers have not updated old passwords, then remind them to do so, he says.
"You can set policies to perfectly customize how safe you want your employees to be, and know that they are doing it,"Siegrist says.

Thursday, April 18, 2013

Top 6 BYOD Risks

In my last post I discussed the top Benefits of BYOD and ended with the promise to discuss the main risks or concerns associated with BYOD.  Before I do; it is important to understand that new technologies such as the enterprise cloud, cloud-based apps, social media, and high-powered mobile devices offer more ways to access corporate data.


1. Data Management, segregation for compliance reasons
Many financial regulators or auditors require certain sensitive data to be adequately protected and stored with documented evidence to prove. With Cloud and Mobility this can prove a challenging equation. Key Challenge will remain the assurance and evidence although IT/Security Departments should be provided with a clear guideline on data management policies or devices (3rd party included) on which data is stored



2. (Unknown) 3rd Party Access via Mobile Apps
When employees download and install their personal apps on their personal device, they allow unregulated third-party access to other sensitive, corporate information stored on their devices. Additionally Wi-Fi Access points could potentially access corporate data. 

3. Data Tracking (Nightmare)
The ability to track and manage corporate data has become more difficult with the adoption of new technologies like Cloud and Mobile Storage Services in the Enterprise. Organization are often not equipped to track data effectively and need to rely on 3rd party providers and rely on employees to follow the guidelines.

4. Lost or Stolen Devices:
A simple truth is that PC's or even Laptops do not go missing that easily as a smartphone or tablet, due to the sheer size. The risk is in the fact that Mobile Devices in general are either not password protected or lack a robust protection. An additional factor of risk is corporate espionage via deliberate targeting of device. 




5. Employees leaving 
Employees leaving a company "forget" to inform HR of their own device containing corporate information. Unhappy employees can leak information to competitors. 
Most of this can be mitigated fairly easy by reminding HR teams and employees that any corporate data either stored on mobile devices or cloud service remains owned by the company. Termination or Exit Policies are almost in all companies common practice

6. Additional Cost instead of Savings
Many CEO's view BYOD Policy as an easy cost-saver, however to manage and monitor points 1,2,3 and 5 (point 4 is ambiguous) new IT policies, hardware and employees need to brought into place which is likely to be more costly as the graph indicates. 
The picture here is not as black and white though as the graphs below will demonstrate


After spending a lot of time on BYOD researching it I am still not sure whether the benefits  (at this time) outweigh the risks involved. I can see the immense potential and benefits for both employers and employees but am still uncomfortable with the complexity and possible security and policy gaps. 





Thursday, April 11, 2013

Top 5 Benefits of BYOD


The latest trend in a lot of public and private organizations is the allow employees to use their personal devices for work purposes. 
In this blog I am going to list the 5 main benefits.



Here we go! 

1.  EMPLOYEE REQUESTS: 
Employee Satisfaction
The most obvious benefit to embracing BYOD is employee engagement and retention. If you are in an industry full of creatives, Gen-Y or tech savvy employees, it's a no brainer and you probably had BYOD before we all came up with the catchy label. Giving employees choice and respecting different preferences can demonstrate progressive workplace culture and nurture employee loyalty. 
On the other hand, if you are in a necessarily conservative industry such as the military equipment manufacturing industry, it is likely also a no brainer that security issues may outweigh any potential benefits. For the many companies in between these two extremes, employee engagement and retention may be one of a number of benefits to consider.

2.  CLIENT ENGAGEMENT: 

Certain clients in certain industries may have a preference for one type of device over another. If you are visiting a Blackberry dependent tech client in Waterloo, whipping out your iPhone is both rude and stupid. Allowing BYOD flexibility to support various platforms may be essential to reflecting business reality.


3. INCREASED PRODUCTIVITY: 
BYOD may positively impact employee productivity. Letting people connect their tablet to the company email and document system may facilitate convenient and more frequent after hours work. Rather than lugging a cumbersome laptop home, employees can use their tablet to finish up a document or clear out their email after the kids go to bed. Business travellers, trade show attendees and salespeople on the road all may find BYOD a critical piece to maintaining productivity out of the office.

Wednesday, April 10, 2013

Top 5 Trends that Impact E-Commerce in 2013


2013 is according to many going to be the year of Mobile commerce, so what does that mean for Online retailers?Let’s take a look at the top 5 trends that will be shaping E-commerce for 2013, and let us see what actions web designers and developers can take to stay on the top of these trends.

1. Localization – Big Opportunities For Small Businesses

Online retailers no more shy away from creating indigenous e-commerce websites. Here we are not referring to merely offering your website in different languages. With going local, we are referring to a totally localized user experience. Thus, expect to see more websites based on traditional design
aesthetics including the use of local color preferences, local language, local offers and essentially local products and services. For small businesses the move is indeed welcomed especially if they cater for niche markets. Ours is a curious generation which loves to explore. The local stuff which is marketed across as traditional and exotic easily attracts customers and generates revenue.
Localization will also pave the way for more personalization whereby users will continue to enjoy an even more one-to-one customer experience. Websites will automatically adapt to show user preferences and tastes. However, personalization will not be only based on past purchases or browsing habits (such as the recommendations offered by Amazon). Instead, we will see more intelligent algorithms that are able to predict which products or service may appeal to you based on advanced segmentation and user profiling.

2. M-Commerce Is The New Buzzword

Online businesses have realized the need for deeper mobile integration. Witness to this is the increased use of responsive web design that dominated 2012. From a user interface perspective, online businesses will continue to adapt to and make the most use of the available screen real estate of the device from which they are being accessed. As such, there will not be one e-commerce site for the desktop and another for the mobile device. Instead, thanks to Responsive Web Design, there will just