Creating a BYOD Policy for your SMB

March 7th, 2013

Bring your own device (BYOD ) is the practice of allowing employees to use their personal mobile devices in the workplace. According to ZDNet, at least 44% of organizations allow BYOD now and another 18% plan to be on board by the end of this year.

BYOD has plenty of pros:

  • Cost effectivenessobvious cost savings for businesses due to the fact that employees are purchasing & maintaining their own devices. A less evident benefit is that staff members are likely to be more careful with their personal devices thus saving maintenance and replacement costs.
  • Increased productivity–allowing employees to work on their own devices from anywhere could translate to a more efficient work force.

So, of course, there must be some cons.

  • Data Security – risks due to rogue cloud users, unregulated apps third-party apps, disgruntled former employees and similar issues are all potential threats to an organization’s sensitive data
  • Physical Security – small mobile devices such as tablets and smart phones can easily be lost or stolen thus potentially giving the ‘finder’ access to your corporate network and sensitive company data
  • Compatibility Issues – Android, iOS, Blackberry, Microsoft Windows mobile to name a few current platforms. With all the possibilities out there (not to mention what could be coming down the pike), devices brought by workers are likely to face compatibility issues.
  • Legality Issues – organizations that are subject to compliancy rules such as HIPAA must observe these restrictions at all times.

What is needed for any company considering sticking their big toe into the BYOD waters is a well-defined, clearly written and easily enforceable BYOD policy. Most large corporations have likely addressed this issue but it imperative that all organizations despite their size consider implementing a policy.

So you need a clear, concise policy that all employees will sign on to. What should this policy address?

  •  List allowable and restricted devices and platforms. Prohibiting access to devices that do not meet some standard of security requirements is imperative. If possible, IT should inspect individual devices and to ensure they haven’t been jailbroken or rooted, thus compromising security.
  • List mandatory and prohibited applications. Include a list of safe applications that would be beneficial to an employee’s production and the organization’s security. Defining those applications that could carry a security risk is also wise.
  • Clearly define which employees (or groups of employees) will be allowed to use their own devices. For example, those employees who spend a vast majority of their work hours outside the office or facility will be granted permission, while those traditional in-house workers are restricted.
  • List mandatory security measures. Requiring multi-layer password protection and use of data encryption will help. Some organizations require the use of an app like Divide which separates work and personal desktops on mobile devices. This can add an additional layer of security.
  • Financial considerations should be defined. For example, who pays for repairs should a device become damaged while in use for business purposes? Who pays for voice and data charges?
  • Clearly state the consequences of violating the organization’s BYOD policy.  

Consider hiring an IT consultant with knowledge and experience in mobile technologies to assist your understanding  the pitfalls of BYOD and how to avoid them.

 

Related articles
Enhanced by Zemanta

Tags: , , , , , , ,
Posted in IT Security, IT Support | No Comments »

Malware and scareware and ransomware, oh my!

February 5th, 2013

Malware (or MALicious softWARE) comes in many forms but all forms have three basic goals: disrupt operation of your computer/network/ device, gather private information or gain control of your system. Common forms include viruses, Trojan horses, worms, rootkits and spyware. Each form works slightly differently but all methods are designed to make your life miserable.

Has this happened to you – you are at your desk, surfing the Internet and a box pops up out of nowhere  telling you your computer is at risk, or an infected file has been detected. These pop-ups look like legitimate Windows system warnings and if you just download whatever solution they are purporting, all will be well.

This is another subset of malware is called ‘scareware’.  These malicious programs entice you to download them through scare tactics. The intention of scareware is to access your credit card information, gather sensitive information (account info, logins, etc.) by monitoring your activity, or take over your computer all-together creating a spam-sending ‘zombie’.

Should you come across a suspicious pop-up, exit your browser immediately. Better yet, reboot your computer by clicking Ctrl-Alt-Delete.

In recent years, there has been a proliferation of another category of ‘scareware’ called ‘ransomware’. This despicable menace is essentially online extortion.

It works much the same as scareware with one exception – a payment is demanded from the user in order to restore the device to working order. Your computer will be rendered inoperable by locking or encrypting files or disabling input devices.  Some programs have been known take control by using your webcam to take a photo of you and display on the screen.

The intimidation may include fictitious threats from local law enforcement demanding you to pay a fine or face possible legal issues. One scam reported last summer, a malware program known as Citadel accused users of viewing child pornography and other illegal content. The victims were then instructed to pay a fee allegedly to the US Dept. of Justice!

Other times the ransomware threats can mimic a message from a valid software vendor, like Microsoft.

In a report released by Symantec last November, it is conservatively estimated that 2.9% of infected users acquiesce and pay the ransom. Considering there are hundreds of thousands of infected devices, this can translate in quite a handsome payoff for the criminal (or increasingly, gangs of cyber-criminals). Moreover, even if the funds are paid, there is no guarantee your device will be restored to its previous state.

So, how does your device get infected? A common method is termed a ‘drive-by download’.  Drive-by downloads occur when the user visits a malicious or compromised Website or opens an infected HTML-based email message.  The malware will then be automatically installed on the system. Many times, you only need OPEN an infected email!

Ways to protect yourself from malware in all forms include:

  1. Enable the pop-up blocker in your browser
  2. Install a reliable anti-virus, anti-malware program and update often
  3. Never open a suspicious email or email attachment
  4. Never download or install a program who’s origin is unknown
  5. Always backup your essential data and sensitive documents
  6. Be aware and observant

In the event you find your computer, network or device compromised, call your IT professional immediately.

Enhanced by Zemanta

Tags: , , , ,
Posted in IT Security, IT Support | No Comments »

Preventing Your Cloud from Going Rogue!

January 29th, 2013

Perhaps you have come across the term ‘Rogue Cloud’. Technically speaking, it is not the cloud itself that is operating outside the norm but the users.

A rogue cloud user is an individual (or group) within a larger organization who utilizes public cloud services for work-related purposes without knowledge, permission or management of the organization’s IT department.

Recently, there has been an explosion of the popularity of public cloud services such as Google Drive, Microsoft Sky Drive and DropBox. In an effort to be more productive, employees may utilize these public clouds to store sensitive data and confidential documents. An estimate released in 2012, claims the number of Dropbox users at 50 million and given the service is low or no cost, it is most likely that number is climbing.

.

In a recent survey of over 3000 organizations worldwide commissioned by Symantec, more than 75% of those businesses who responded admitted that rogue cloud deployment was an issue. Among those, 40% reported the disclosure of sensitive information with 25% experiencing a loss of goods or services, hacking or similar issues.

So what’s wrong with an employee being more productive, you say? Plenty.

  •  Security Issues

How secure is your company’s information on a public cloud? Who knows?

Last summer, Dropbox acknowledged a security breach. From the Dropbox blog:

Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.

Also last summer, hackers breached Wired writer Mat Honan’s iCloud and Amazon public cloud account and as he put it on his blog – destroyed his entire digital life.

As you can see, there are potential security issues that arise from storing data on a public cloud rather than keeping it within a business’s secure internal network or private cloud

  •  Backup Issues

Obviously, documents and data stored on public clouds are not contained within in an organization’s normal backup procedures, exposing the potential for loss of critical data. Mission critical data can be lost or misplaced. Or what happens if the data is in the public cloud account of an employee who is abruptly dismissed from his/her position?

So how do you avoid these pitfalls?

  •  Create and enforce an Internet security policy

A well-written Internet security policy should cover:

  • Define restrictions of employee use & suitable behavior (acceptable vs unacceptable sites, sharing copyright materials, etc.)
  • Outline procedures that should be followed to protect and manage your systems and data
  • Assign responsibilities so everyone knows their respective tasks
  • State the consequences if the policy is disregarded

Once written, it is important for management to review the policy with employees explaining the reason for its implementation, methods of enforcement and penalties for breaching the agreement.

Your company’s Internet security policy should be revised periodically to be sure it is keeping up with the latest technologies and new categories of pitfalls and threats.

  •  Implement a private cloud solution

A private cloud allows you and your employees  to access your company’s applications and documents from anywhere safely and securely thus eliminating the need for public cloud utilizations. The ability to share and edit documents in real time between multiple users is an added bonus.

Benefits to a well-designed customized private cloud solution include:

  • Security
  • Scalability
  • Reduced maintenance cost
  • Redundancy
  • Reduced equipment cost

A private cloud is the clear choice for organizations looking to reap the benefits of cloud computing without compromising critical security policies or overall system flexibility.

 

Enhanced by Zemanta

Tags: , , , ,
Posted in Cloud Computing, IT Support | No Comments »

Welcome, Tina!

January 9th, 2013

Micro Support Group is pleased to welcome newest IT professional to our team.   Read below to find out more about Tina.

  •  What drew you to the IT field?  What is your IT background?

I have always loved finding out how things work and how to fix them. However my first introduction to a computer didn’t go so well. The very first thing I did was accidentally format one – that was back in 1988 – couldn’t even remember what operating system it was running.

After that I decided I should go to college and learn about how to properly work with one.

I have been in the banking field since I was in high school and just found I was always attracted to those keyboards and screens full of information. I got my associate degree from Bunker Hill Community College and was given more work on computers in the bank.

I began my career at a bank in Amesbury printing reports before they had a network.  As they built their first network, I assumed the position of Network Administrator. My primary functions were to make sure that security was up to date, backups were done, complete and tested, users were assisted and desktops were maintained and setup.

  •  Would you mind telling us a little bit about your family?

I’ve been married to my husband since 2007. We are the proud parents (or as she might say “parrots”) of our 5 (going on 6) year old daughter.  My husband took over his father’s business of producing antique wood car parts in 2008 just before his father passed on. Our daughter is a member of our local Daisy Troop. She is fascinated by and loves dinosaurs as evident by her vast collection of dinosaurs and books.

  •  What do you enjoy doing in your free time?

Right now I’m knitting a scarf for the first time for our daughter.  I also quilt and cross stitch as well.  I love taking our daughter to different events and activities.

This past fall I started teaching Sunday school to kindergarteners at our church. Last August, I participated in the Bible Camp run by the church I previously worked at as Administrative Assistant and Treasurer.

Oh, and did I mention my daughter and I love to go to Disney. We have made sure that she gets there once a year since she was 15 months old. (PS – I’ve been using the same stroller each time and can offer a wide background on things to do with little ones and ways to save money and time!)

Posted in IT Support | No Comments »

Six New Years Resolutions to Consider

December 27th, 2012

No, we are not going to discuss those last 10 pounds or your need to get off the couch. We are talking about resolutions concerning your TECHNOLOGY side.

1.       Change passwords regularly

By regularly,  at least once a month.

A good password is at minimum eight characters long and contains letters (both upper and lower case), numbers and non-alphanumeric characters, such as “&” and “%”.  Avoid using easy to guess codes like ‘12345’, ‘password’ , ‘abc123’ or the name of a family member or pet.

Consider using a phrase with the words separated by a character. For example: Coffee^is^my^favorite^drink   or  I@love@my@cat@Ziggy .

And certainly, create a password or phrase that you can easily remember!

2.       Create a backup and disaster recovery plan

Data is the heart of any enterprise from a small business to a Fortune 500 company. A disaster whether natural,  accidental or man-made can wreak havoc on your business.  Regularly backing up your critical data is not a luxury – it’s a necessity.

Backing up to tape is expensive, difficult to manage, and hardware intensive. Consider moving to cloud backup system which solves all of these problems. The data is stored encrypted so it is always secure. Since there is no hardware onsite, you avoid backup catastrophes due to bad tapes, excessive data, or failed hardware. Cloud backup is quick, cost effective, reliable and secure.

A disaster recovery plan is a documented set of actions a business uses to recover from a disaster. It can also aid in protecting the IT infrastructure. Once in place, these plans should be reviewed periodically and updated when necessary.

The plan must address: why (objective and purpose);  who (who will be be responsible in case any disruptions happen)  and  what ( what are the procedures to be followed when the disaster strikes).

 3.       Update (or upgrade) your software

A software update  (or patch) is applied over software that you already have installed. They provide minor bug fixes and enhancements and are usually provided free of additional charges.

A software upgrade is an up-to-date version of your current software. These upgrades usually involve a purchase but can many times be obtained at a reduced price for current users.

Keeping your software current allows you to take advantage of the latest in hardware support, updated features and security enhancements.

4.       Refresh (or redesign) your website

Few things can turn off potential clients more than an out-of-date website. I can tell you how many times I have seen websites that looked like they have been abandoned. Makes me wonder whether the company is just lazy or out of business. Other than losing possible customers, there are boatloads of reasons to refresh your web content. To name a few:

  • Improve search optimizations – many major search engines scan or crawl sites for new content. The gathered info is used to adjust the search rankings.
  • Updated design & functionality can increase your website’s allure. Be sure that your site does not contain any broken links or non-functioning or outmoded menu items.
  • Current material appeals to readers looking for new information. Feed into this need to obtain & maintain a following.

Updating web content is one of the most important things you can do to ensure the long-term success of your site. Look for inspiring ways that to refresh your website on a regular basis such as blogs, articles and forums.

5.       Replace obsolete equipment

It goes without saying older hardware is far more likely to fail than new equipment. Some estimates say that can add up to 50 hours of downtime per year per PC.

And if you subscribe to Murphy’s law, that failure is most likely to occur at the most inopportune time.

Be pro-active by devising a plan to bring all your devices up to date. By upgrading and/or replacing outdated devices, you will also enjoy improved energy efficiency and increased performance.

6.       Go mobile – Take advantage of the Cloud

Go “above and beyond” this year and put information that you consistently need access to or want to ensure you don’t lose into the cloud.  Many worry that the cloud is not a safe place for your data but with increased security and protections provided by most technology companies the cloud is likely a safer place than your home PC which can easily be infected with viruses or be devastated by serious hardware problems.

If you are like most people, mobile devices are no longer a luxury but a necessity. Some 75 percent of mobile users say mobile devices are now “critical” to their jobs, and 67 percent say their businesses would be less competitive without the use of mobile devices.”  The cloud is a critical part of all these mobile devices and can help you to stay organized and protected.

——————————

Well, we hope these suggestions help you in the upcoming year.  If these resolutions spur any questions or make you want to take action give us a call.  We are happy to help you have a technologically excellent and safe 2013!

 

Happy New Year!

-The Micro Support Group Team

_______________________________________________________________

For more info:

http://www.pcmag.com/article2/0,2817,2368484,00.asp

http://www.forbes.com/sites/kevinjackson/2011/09/17/the-economic-benefit-of-cloud-computing/

http://www.sans.org/reading_room/whitepapers/recovery/disaster-recovery-plan_1164

http://www.markethealth.com/articles/view/five_reasons_why_you_need_to_constantly_refresh_your_web_content.php

 

Enhanced by Zemanta

Tags: , , , , ,
Posted in IT Security, IT Support | No Comments »

Six tips for online shopping safely

December 10th, 2012

Protecting yourself online is important year round but with the holiday season upon us, the significance of being vigilant increases exponentially. Would-be thieves are rampant and even more eager to take advantage of busy & distracted consumers as they try to check off the items on that holiday list. Here are some guidelines to follow:

  1. Avoid using debit cards for online purchases. A debit card can expose your private bank info to thieves. This is also true when paying by online checks. By using a credit card, you will be protected under the Federal Fair Credit Act, securing your right to dispute charges and/or withhold payments. It is also a good idea to obtain a credit card that you use exclusively for online purchases.
  2.  Be sure the site you are browsing is legitimate. For example, if you think you are at shopping at the Best Buy website, be sure your URL says www.bestbuy.com  NOT www.bestbuy.XXXXXX.com or www.bestby.com.  Duplicitous, lookalike sites abound and thieves are more than eager to accept your personal information.  Be wary of email with links leading you to these fraudulent  websites. An online business displaying a certification seal from the Better Business Bureau, Versign or TRUSTe may put your mind at ease but you should investigate further. Confirm that the business’s use of the seal is legitimate by clicking on the seal which, if legitimate, will link you to a confirmation page on the certifying party’s site. Report unauthorized use of the seal to the organization.
  3. Avoid shopping or banking while connected via public wifi. Thieves may be nearby ready to snatch your sensitive info via use of ‘sniffers’ – a piece of software that grabs all of the traffic flowing into and out of a computer attached to a network . Protect yourself by using anti-sniffing tools, encryption or by saving your sensitive business transactions for when you are on a secure, trusted network.
  4. Never send sensitive information by email. Credit card numbers, social security number, bank data and other personal info is not necessarily protected from the prying eyes of unauthorized users both during its journey and after.
  5. Look for security clues during checkout.  When you’re ready to place your order with an online merchant, you should be transferred to an order form with a Uniform Resource Locator (URL) that starts with https://. When you click “Send,” to transmit your payment info, your browser’s HTTPS layer will encrypt it. Many browsers will also display a lock icon in the location bar or on the status bar at the bottom
  6. Keep your browser software up-to-date.  New security threats are constantly evolving. Updates provide the latest security patches to maintain your personal security. Also, take advantage of security settings on your browser.

Here are some additional resources:

www.ic3.gov

Report suspected cases of Internet and e-commerce fraud to the FBI’s Internet Fraud Complaint Center .

http://www.ftc.gov/bcp/menus/consumer/tech/online.shtm

The Federal Trade Commission guides for online shopping and E-payments.

www.bbbonline.org

The Better Business Bureau certifies web merchants with a privacy seal of approval. You can research merchants through the BBB and also report e-commerce fraud problems at these sites.

www.fda.gov/ForConsumers/ProtectYourself/default.htm

The  U.S. Food and Drug Administration provides for buying online prescriptions and over-the-counter drugs.
Enhanced by Zemanta

Tags: , , , , ,
Posted in IT Security | No Comments »

Happy Thanksgiving!

November 20th, 2012

Posted in Uncategorized | No Comments »

Early Closing due to Sandy

October 29th, 2012

Micro Support Group will be closing today (10/29/12) at 3pm due to the impending storm. Should you have any questions or concerns, please call our 24 hour support line at (978) 778-4218. Stay safe!

Posted in Uncategorized | No Comments »

Important Message Re: Hurricane Sandy

October 29th, 2012

To our hosted clients:

We are monitoring the path of the hurricane which is predicted to travel south and west of the Boston area.  At our hosting site we are expecting 1-2 inches of rain and winds gusting up to 60 mph.  We have experienced hurricanes and other severe weather conditions in the past and have not had an outage in service, so we do not expect any issues with Sandy.

The hosting facility where your equipment and data are located has multiple, redundant paths to the Internet and the ability to generate its own power sufficient to support the servers, communications equipment, and cooling systems in the event of a power outage.  Should a power outage in the area of the hosting facility be of significant length the facility has contracts for fuel delivery which will keep the generators running indefinitely.

We have monitoring systems in place so we will learn quickly of any problems at the facility.  We also receive periodic bulletins from the Massachusetts Emergency Management Agency so that we will be informed of any changes in the weather forecast.  We will also be in contact with the hosting facility staff if conditions change.

We are expecting to conduct business as usual tomorrow.  Should you have power problems in your facility please contact us and we will do everything possible to help re-route you to your applications and data.

Posted in Uncategorized | No Comments »

Announcing MSG’s new Cloud Services Hosting Facility

August 28th, 2012

Micro Support Group, Inc. (MSG) would like to announce the opening of its second hosting facility.  This additional facility has an initial purpose to provide geographic diversity and redundancy to MSG’s existing major hosting facility located in Massachusetts.  MSG has been providing “cloud services” for over 10 years for its clients.  This new facility, located in the Rochester New York area, is designed to grow as MSG’s “cloud services” grow providing additional security, bandwidth, and disaster recovery options for its clients.

Posted in Uncategorized | No Comments »

« Older Entries