In recent years the majority of security threats and compromises have come from within the company. A common threat to companies is the logic bomb - malware that targets IT systems and deletes data. As a logic bomb is introduced from within the network, the blame often lies with a disgruntled employee with full access to internal systems.

Insider threats Giving employees full access to the network when they don’t need it is a common mistake often made by companies. There’s little need for an employee who does graphic design to have access to weekly sales records. This practice could set your company up for a considerable security problem in the future.

Dawn Cappelli, an insider-threat expert at the Carnegie Mellon Software Engineering Institute stressed, "These types of insider attacks happen to businesses of all sizes, from small companies to very large corporations." This is an important issue businesses should be aware of if they want to remain secure.

Take Precautions Security threats can be a particularly harsh nightmare for small businesses, as many don’t have an IT department or staff with the technical expertise needed to maintain a secure network. If you’re one of these organizations, it’s a good idea to hire an outside consultant to help you with your network security. With consultants, it’s important that you maintain close contact with them to ensure any issues that crop up are dealt with expeditiously.

If you don’t work with an external company there are a few things you should do when you have an employee leave the company. First, their accounts should be deleted immediately and their access privileges should also be revoked. Second, if you have accounts with shared passwords, you should change them to ensure an ex-employee can’t gain access to the system.

If you’d like to learn more about internal security, and measures you can take to ensure you are safe, we are ready to help you. Please contact us.

Here are six key non-IT functions and processes that need to be in place to ensure your company is ready to effectively execute your BCP.

Easy to use plans Many continuity plans have been developed mainly for the IT department, as such, they can be a little complicated to understand and follow if employees don’t have a technical background. You should aim to have a plan that’s easy to follow and can be understood by all employees.

Communicate plans Remember that your plan encompasses all facets of your organization. It’s crucial that every employee knows their role and the relevant actions to take when the plan is executed. To do this, you need to ensure that all employees have access to a copy of the plan and any changes or updates are clearly communicated.

Test plans Beyond communication, it’s important to conduct regular tests, with every quarter being sufficient. The tests should be as real as possible and span all departments within the organization. This will ensure that employees are aware of how they, and the systems, will react under duress. It’ll be beneficial to your business if the first time the employees execute the plan isn’t during an emergency.

Short term and long term plans Your BCP should consist of both long term and short term elements that can be easily adapted to meet changing business environments and the emergence of new threats. You should aim for an even mix of short and long term solutions that cover as wide a variety of situations as possible.

Ensure buy-in from all levels If you’re in the process of instituting a BCP you should ensure that the whole organization is onboard with the plan. If an employee is unsure about the validity of a part of the plan, take the time to find out why and ask for suggestions. An uninformed or uncooperative employee could be the difference between survival and failure in a disaster situation.

Update and Review After every test, staff turnover and technological update, you should review the plans and make changes if necessary. Essentially, if anything in the company changes, review and update the plan. Remember: just because you have an effective plan this month, doesn’t mean it’ll be so in the future.

Continuity plans are only as strong as the weakest link. In an emergency, the last thing you want is an employee following the wrong process or be unsure of what they should be doing. If this happens, you could see an exponential growth in recovery time and costs. We’re ready to tell you more, so please contact us if you would like to talk continuity planning.

The smartphone has become one of our most beloved devices. Like a favorite pet, we take it everywhere with us, show it off every chance we get and even use it as a way to conform or stand out. No matter which brand you have, you probably have important information stored on your phone, and should be taking steps to ensure that it’s secure from prying eyes.

Whether you have an Android, iPhone or Windows Phone 7, here are two tips to keep your smartphone secure:

Lock your screen If you have data or information on your phone you would like to keep secure, the first thing you should do is lock your screen. Most smartphone users lock their phone with a 4 digit number combination, but it’s recommended you use a password for higher security.

• On Android. To establish a password on your device go to Settings and select Security. Press Screen lock. On Ice Cream Sandwich, you have six options for security, with the least secure at the top and most secure at the bottom. Many users select Pattern or Password. Enter the password twice and press Confirm.
• On iPhone. Select the Settings app followed by General. From there select Passcode Lock and turn it on. You’ll be asked to set your passcode and confirm it.
• On Windows Phone. To set a passcode go to the home screen of your device. Open Settings from your Application list and select Lock & Wallpaper. Press Password, enter your password and then press Done.

Enable remote wipe While passwords and other security codes will go a long way in preventing others from accessing your phone, it often isn’t enough. The next step in device security is to set up the ability to remotely wipe your device.

• On Android. At this time there is no native remote wipe option on your phone. You’ll have to download an app from the Play store. The apps work by using a push service - you “push” the commands to your phone from another source i.e., a website. When you install the app, you’ll have to register your phone and access it from a website.
• On iPhone. The iPhone has remote wipe capabilities which can be accessed through iCloud. On your device select Settings, iCloud and turn on Find my iPhone. If you lose your phone log into iCloud and select Find my iPhone. From there you’ll be able to remotely wipe your device.
• On Windows Phone. If you lose your phone you can remotely wipe it by going to the Windows Phone website, logging in and selecting My Phone. From there you’ll be able to wipe your phone.

Social media is one of the most important communication tools of the modern era. Companies use it to connect with customers and like minded individuals, all in the name of building trust in their brand and products. While almost every company has a social media presence, they have been slow to trust employees to use personal social media at work. On average, 31% of companies block employees from accessing their accounts.

There are four distinct advantages to allowing social media:

• Increased productivity. There have been a number of studies that have found that judicious use of social media in the workplace will actually increase productivity. A study conducted by the University of Melbourne found that employees with access to social media are 9% more productive than those without.
• Increased buy-in. Employees like to feel trusted and empowered. If they don’t you can expect to experience higher turnover and lower morale. A good way to gain trust is to allow employees to use social media in the workplace. If an employee feels like they are trusted, they’ll be more likely to stay with the company.
• Recruiting. Small businesses have started to use social media for recruitment, but limit efforts to one account. If you have 10 employees in your organization, each with a social media account with 100 friends, you have the potential to reach 1,000 people. This is achievable if employees are allowed to access social media at work and are encouraged to share posts.
• Identification of business opportunities. Through the use of social media, employees in charge of sales and business development can source new clients and build fruitful relationships.

No matter what you decide, allowing access to social media is a good practice for your business. If you would like to learn more about social media and how you can leverage it in your business, we are happy to talk with you.

If you mention “OS X” and “virus” in the same sentence, you’ll get some weird looks from Mac users. Traditionally viruses and trojans on OS X were near non-existent, but there’s a Mac specific trojan, codenamed Flashback, that has affected more than 600,000 computers. This is big news as it shows that machines running OS X may not be as secure as first thought.

Many Mac owners are unsure of what exactly the Flashback trojan is, what it does and how to ensure they’re not infected. We’re here to help clarify the situation.

What is a Trojan and What Does Flashback Do? In general terms, a trojan is a piece of malicious software that infects a computer and gives control of part, or the whole computer to hackers. The Flashback trojan takes advantage of an OS X Java vulnerability and infects computers by tricking them into downloading a fake Java update.

When the program is installed, Flashback will download and install the main trojan code without the need for permission from the administrator. From there it proceeds to hijack your browser, redirect search queries to websites developed by hackers, and then take advantage of pay-per-click advertising.

Why Should I be Worried? While this version hijacks your browser, there are far more sinister things it could do. As this trojan acts as a downloader, there’s nothing stopping the developers from updating the malware to steal passwords, banking information and other confidential information.

How do I Ensure My Mac is Clean? Apple has released an update for machines running OS X 10.6 and later. The first step you should take is to update your computer to patch the vulnerability. To update your Mac:

1. Press the Apple logo, located in the top right hand of your screen.
2. Select Software Update...
3. Press Install and Restart.

Flashback has infected a higher number of Macs than any other trojan to date and goes to show that Macs also have security flaws. This also serves as a reminder that you should have a virus scanner and security program running on your Mac. If you have any questions regarding the security of your Mac or other devices, please don’t hesitate to contact us. We are here to help keep your machines secure.

It used to be that your work and personal time had clearly defined separation. You spent the day at work focused on your job and at the end of the day you’d turn your brain off, go home, cook dinner and relax. As a collective whole we seem to have lost our ability to focus. We spend most of our days worrying about the work that needs to be done.

It’s time to reclaim our focus at work and here are seven tips to help you do so.

1. Practice productivity wind-sprints. While at work, we’re normally doing work while browsing Facebook or chatting. This can be harmful for productivity and shifts your focus from important work related activities. Interval training is a great way to increase your focus. Get a timer, set it for ten minutes, and focus solely on your work. When the timer goes off take a two minute break.

2. Defensive scheduling. Our days are filled with commitments and we struggle to keep up with our projects or find time to work uninterrupted. Schedule a meeting with yourself at a convenient time. Treat this meeting like a real meeting, no interruptions. This is your time to focus on important tasks or projects.

3. Socialize with your tablet. Separate work from social activities with a tablet. We’re often just hitting our stride with work when BING, we get a chat message. What do we do? Immediately reply to the message. When we do that we lose our focus and struggle to regain it. Why not use use your tablet for all social activities and work computer strictly for work? Combined with tip one, this could really help you focus.

4. Realize your unconscious focus. The vast majority of managers often aren’t sure what the top issue in their mind is. It comes with multitasking, we’re always making less important ideas critical, and this takes our focus off the most important issues. To realign your focus take some time, let your mind wander, and make note of the ideas you keep returning to. These are your most critical issues.

5. Focus on most important tasks first. When you get into the office in the morning switch off your phone and email alerts. Focus on your most important priorities, this will give you time to get your most important work out of the way, before you shift your focus onto other less important projects.

6. Disconnect. Many of us don’t take time to give our brains a rest, we’re always thinking and possibly worrying about work. It’s beneficial to your mental and physical health if you take time each day to disconnect from the office. Temporarily sever all ties with the office and focus on something you enjoy doing. Remember, this is your time don’t think of work, focus on the activity.

7. Can’t focus? Consider if what you’re doing is right for you. If you find that you really can’t focus, even with the previous techniques, it might be time to consider that what you’re doing is actually something you don’t care about or enjoy. If this is true for you, then it’s time to start looking for a change.

With these tips you should see an increase in your focus and productivity. If you would like to know more about how to improve your productivity please contact us, we can help.

News agencies have been carrying stories about companies that have been asking job applicants for their Facebook logins and passwords before or during an interview. This is a slightly unsettling trend when observed from the job interviewee viewpoint.

It’s become a common practice of employers to look at the social profiles of potential employees to get to know the job seeker on a more personal level. Users have responded by ensuring that their profiles are private, much to the chagrin of would-be snoopers. So what have companies done? Some have started asking potential employees for access to their social media usernames and passwords. This new practice has the masses wondering, “Is this legal and am I protected?”

Currently there are no laws (in the US) that state that it’s illegal for employers to ask employees, potential or otherwise, for their social network usernames and passwords. There are however lawmakers in California, Maryland and Illinois who have introduced legislation that will bar companies from asking for account information. But this is by no means law yet.

Facebook has weighed in on this as well, “This practice [asking for passwords] undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.”

What Facebook means by this is that if a company does check into a potential employee, sees they are part of a protected group e.g., LGBT, and does not hire a person on those grounds the company could face claims of discrimination. Beyond that, Facebook also pointed out that giving out or soliciting passwords to your or another user’s account is a breach of Facebook’s Statement of Rights and Responsibilities.

According to most articles, this is a fiasco. But if you look at it from an HR point of view, you want to know that the person sitting across from you really is who they say they are. You are protecting your interests as much as the interviewee is protecting their privacy. Short of asking people for their passwords there are five legal actions you can take to find out more about an interviewee.

• Basic Internet search: Your results may return hits for other people with the same name. To get around this, narrow the search by adding an email address, phone number or address.
• Facebook: It’s perfectly fine to use Facebook to search for a job seeker’s profile and do a little social snooping. Don’t forget, there are other social media sites out there, LinkedIn is a particularly good source for discovering a person’s work history. A big boon of Linkedin is that users tend to be free with their work related information on this site.
• Conduct background checks: It’s a good idea to conduct checks, especially if you work with money or other high value items. If you don’t have time to conduct checks, there are companies that will conduct checks for you. It’s important to be aware of the law regarding background checks in your region.
• Ask for, and check references: Companies just don’t do this anymore. It only takes a few minutes to call or email each reference provided. If you call the referrers and ask the right questions, you could learn a lot more about the applicant this way.
• Prepare ahead of time: We are all busy, but it’s important that you look over a resume before the interview. Pay close attention to employment history and take note of gaps in employment or short stints (less than one year) at companies.

With the increasing severity of natural disasters in recent years, many larger companies have started to develop and implement a continuity plan to ensure that they can still conduct business, no matter what happens. Businesses in the process of developing a plan will eventually need to decide if they want to use software or templates?

The decision between templates and software can be a tough one to make, as whichever one you choose, you’ll be using and relying on for a long time. To help you we’ve covered some pros and cons on both choices:

Using Software If you choose to go with a software program, you will be walked through the whole process allowing you to develop a useable plan. Another benefit of using software is that you’ll be able to develop reports if needs be.

The drawbacks of using software include cost, inflexibility and learning time. For the most part, business continuity planning software is not cheap, and at times can be inflexible due to limits within the program. If you have a niche need, the software may not cover it. In addition, as with mastering any program, the learning curve can be quite steep.

In general, using software would be advantageous for companies that have a bigger budget for the development of a continuity plan. Software is also a good bet if you don’t have staff who are experts in continuity planning, or if you operate in an industry where a continuity plan is necessary, e.g., companies working with healthcare insurance, or manufacturing companies that have introduced ISO 9000.

Using Templates If you feel that your company is not ready for software you can use templates to help you develop your plan. These solutions are mostly written plans that you adapt to meet your business needs. They’re useful if you’re just starting to do continuity planning, as they provide a normally solid foundation, and are generally a lot cheaper than software.

A limitation to using templates is that they can be a little too basic at times, and may not meet your needs. Granted, most plans will follow a basic structure and your developer will need to adapt some steps for your relevant region and industry.

As each industry is different, it’s hard to make a recommendation on what type of planning style companies should take. We recommend you take your time, do your due diligence and weigh out what’s best for your business. No matter which method you choose to go ahead with, ensure that it’s easy to implement, and that you’ll be able to teach your staff how to run the plan.

If you feel really lost or are not sure what to do, talking to professional consultants could go a long way in helping you develop a plan. If you’d like to learn more about business continuity planning please contact us - we are happy to help.

In the past five years, there has been a significant rise in the sharing of files and information between computer users. Many businesses have also taken to sharing files using cloud services and peer-to-peer (P2P) networks, allowing users to share files with each other over the Internet. This brings about a number of issues, both with file recoverability and overall security.

With the seizure of a number of cloud storage and sharing websites, including Megaupload, and the seemingly omnipresent malware in P2P files and the shaky security in relation to P2P networks, businesses have had their hands full staying secure. Do you know what your options are when it comes to data security?

Cloud Services Knowhow The recent seizure of Megaupload’s files and servers by the US Government caught many people and businesses unprepared. While Megaupload’s main purpose was file sharing, it was found that a large number of organizations were using their services to store files. If you had files stored on Megaupload, the chances of getting the files back are non-existent.

It needs to be pointed out that many cloud services don’t guarantee that files stored on the service will be recoverable in the event of a crash, or disruption in service, e.g., a government seizing servers. If you read the user agreements of a number of major cloud services, they all have clauses stating that if data stored on their service is lost for any reason, it’s gone forever, and the hosts can’t be held liable for losses.

Risks of P2P With high speed Internet widely available at low prices, P2P file sharing has become incredibly popular, it’s almost uncommon to find someone who has never used a P2P service. If you or your employees use P2P at your office, there are a number of potential security threats you should be aware of:

• The unknown share: If you put a file in a folder that is shared on a P2P network, it’ll be shared with all other people connected to that folder and almost anyone can access it. This is normally done by mistake, i.e., not looking where the file will be saved when you save it. There’s also malware out there that will move files into a shared folder which the developer of the malware can find and upload with ease and without the user knowing it is happening.
• Open network: Typically P2P works on open networks: users give and share. What this means is that when using P2P on a poorly configured network, the whole network could be unsecure, allowing for access to other computers connected to the network.
• Untracked data: If you share a document with another person, and they then share it with others, there is potentially, an unlimited amount of people that can get the data. If you want to take it back, it can be impossible to do so, even if the original document is deleted.
• Storage hijacking: There’s news of malware that has been developed with the purpose of downloading illegal material onto your hard drive. This could pose a problem if the data is found, as you will be liable.

Second, it’s not recommended to keep single copies of data on one cloud service. Chances are high that in your business, you store your data and backups in a place separate from the computer. This makes sense with the cloud as well - keep your data with a number of different cloud services. If it’s important enough, have physical backups of what you put in the cloud.

For P2P networks there are also a number of steps you can take to protect the data on your network:

• The most obvious one is to ban employees from using any file sharing services outside of your network.
• If you do allow file sharing, it’s a good idea to establish and strictly enforce a protocol for this. You should also set which users are allowed to share files, and what files are appropriate to share. Be sure that all staff are aware of your policy and the measures that will be taken in the event of any deviations.
• Develop a system to classify documents by whether or not they can be shared, and who they can be shared with.
• If you work in an office where you need to share files, but don’t want to use a P2P network or the cloud, and are unsure of other solutions out there, don’t worry. There are companies that specialize in document sharing solutions that should be able to provide you with assistance.

Smartphones have been a part of our personal lives for a while now. It’s no surprise then that we are starting to also use them for business purposes. In fact, many of us already check our work email on our personal device. As smartphones become more powerful and popular, employees are wanting to “Bring Your Own Device” (BYOD). Is your company prepared for this?

When employees use their own device for work, it can be hard for their company to manage what the user is doing, after all it’s a personal item. Add to this the growing number of malware programs aimed at stealing information from devices, and you’ve got an issue that’s not going to go away anytime soon.

What Exactly is BYOD? BYOD came about when businesses began to assign laptops to employees for use at home or on the road. Companies quickly came to realize that the laptops were not as secure as the desktops at the office, and that employees were also using the laptops for personal use. To address this, companies introduced security measures and procedures to keep data on the laptops safe, while limiting personal use. This worked well until the introduction of the smartphone, which has now given employees the ability to access their office data on their personal devices, and has moved them off the machines provided by the company. Because of this trend, companies are being forced to examine or implement a BYOD policy.

Pros of BYOD The most obvious benefit of BYOD is the fact that the cost of the the technology is shifted from your company to the user. Think about it: no more costly hardware upgrades and minimal to nonexistent upkeep costs, thus bringing about significant savings.

The next upside to BYOD is user satisfaction. If your employees are allowed to use their own devices, they’ll generally be more satisfied with the systems they’re using, because they’ve already made the personal choice to buy that particular device.

There are some ancillary advantages to BYOD as well, including having employees on the most up-to-date systems, as many employees will buy newer, or top of the line models. The other advantage is that the usually slow update cycle can be exterminated, employees will be in charge of keeping their devices current, not the company.

Cons of BYOD As with all stories, there are two sides to this one. The biggest disadvantage of BYOD is that you’ll lose control of the hardware, and employees will generally be more reticent in allowing other employees to use their device.

Another major issue to overcome is usage policies. As employees will be using their own device, it’ll be harder to tell them what is considered acceptable use. As opposed to when employees are using company devices you can implement a fair-use policy.

The final negative side of BYOD is of what happens when an employee leaves your company? If they’ve been using their own device it can be a chore to get the data back, let alone establish who owns the data in the first place.

So What Can I do? If you take a step back and observe, you’ll notice that smartphones are becoming more and more mainstream, and while in the short term you could say no to personal devices at work, it won’t work in the long term. It would be beneficial if you developed a BYOD plan that clearly states your expectations, and has a usage policy regarding network and data use. You don’t have to implement it right away, but it’ll help to have the plan ready, for when you do decide to allow employees to use their own devices. You could also set up a trial with some employees, observe how they get on with the devices and reevaluate your position after the trial period.

You should also establish a set point of security measures that are not optional. This is particularly important for companies that operate under set data security mandates, e.g., mandates regulating data storage in relation to point of sale and credit systems. Methods of increasing security include software that must be installed, and basic security measures such as a locked screen, or regular data backup.

It is also important to establish a process for when an employee leaves your company. Set up a policy regarding who owns what data and the steps to be taken at the end of employment. If your employee uses a device with a removable memory card, you could set up a partition - mini non-physical hard-drive within the larger physical hard-drive - on the card where data from the business is to be stored, allowing for easy access and retrieval.

Should your company go BYOD, or abstain? Be aware that this is a major trend and in the near future employees will start to push to use their own devices at work, if they haven’t already. If you’d like help setting up a BYOD plan or more information concerning security measures, please contact us.