TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Smart Phones

Does Your Company Need An Internet Usage Policy?

Scott Blake is a Senior Network Engineer with Tech Experts.

With the growth and expansion of the Internet, it is important to make sure that your business has a policy in place to protect its assets.

Depending on your business, an Internet Usage Policy (IUP) can be long and drawn out or short and to the point.

An IUP will provide your employees with guidelines on what is acceptable use of the Internet and company network. IUPs not only protect the company, but also the employee.

Employees are informed and aware of what is acceptable when it comes to websites and downloading files or programs from the Internet.

When employees know there will be serious consequences for breaking the IUP, such as suspension or termination of employment, companies tend to notice a decrease in security risks due to employee carelessness.

You will need to make sure your IUP covers not only company equipment and your network, but also employee-owned devices such as smart phones and tablets. You may be surprised at the number of employees that feel they do not have to follow the IUP because they are using their own device to surf or download from the Internet.

Make sure you address proper usage of company-owned mobile devices. Your business may have satellite employees or a traveling sales force. Even when they are away, they need to be aware they are still representatives of the business and must follow the business IUP.

After all, it would not go over well if your sales staff was giving a presentation to a prospective client and suddenly, “adult content” ads popped-up on the screen because one of your employees was careless in their web habits.

The downloading of files and programs is a security risk in itself. Private, internal company documents and correspondence downloaded from your company’s network can become public, causing unrepairable damage.

On the same thought, employees downloading from the Internet open your company’s network up to malware attacks and infections.

There are a lot of hackers that prey upon the absent-minded employee downloading a video or song file by hiding a piece of malware within the download. Once the malware makes it into your network, there’s no telling what damage it can cause.

As for non-work related use of the company network and Internet, make sure your employees know there is no expectation of personal privacy when using the company’s network and Internet connection.

Make it well-known that the network and Internet are in place to be used for work purposes only. Improper use of the network can reduce bandwidth throughout the company network.

This includes all mobile devices owned by the company. This way, your employees know that no matter where they are they still must follow the guidelines of the IUP.

Make sure all of your employees sign the IUP and fully understand what it is they are signing. Make sure you answer any and all questions they may have.

This will help clear up any confusion your employees may have. This way, there can be no excuses as to why the IUP was broken.

Whenever you update the IUP, make sure you have all of your employees sign and understand the new additions and/or changes to the IUP. It may seem like overkill, but you’ll be glad you did if you ever run into any violations of your company’s IUP.

For assistance in creating Internet Usage Policies or if you have any questions, call the experts at Tech Experts: (734) 457-5000.

Is Antivirus Necessary For Smartphones?

July_2015_CellPhone_email_sizeChances are, you have an antivirus program installed on your personal computer. You may not, however, have the same sort of protection for your smartphone.

If you don’t, you’re certainly not alone. Being part of a majority, however, doesn’t make the data on your smartphone safe. The same threats that lurk in cyber land can attack your phone as easily as a personal computer, but there isn’t a lot of attention being given in the media and other venues about viruses on smartphones.

So, despite that lack of attention, should you install antivirus protection on your smartphones and tablets?

The truth is that you should. Smartphones are fast becoming the prime method of accessing the Internet, and the amount and nature of sensitive data on these devices puts you, your business, and even others whom you hold dear at risk.

Since many viruses are designed to gain access to personal information on devices, the risks are greater than you may think. We may not think about installing antivirus applications on our smartphones because it doesn’t address a widespread problem at this time.

In the near future, however, viral attacks on phones is inevitable. From an employer’s standpoint, the need to protect smartphones is even more important than on a personal level. With more and more business being conducted via handheld devices, a virus on a smartphone has the potential to interrupt operations, causing costly delays and compromising sensitive company data.

Security software applications that can protect smartphones are available for download. Look for one that is not just vigilant against malware, however.

It should also provide an option to remotely wipe smartphones clean in the case of a viral attack to protect company data as well as have a GPS location feature to facilitate easy recovery.

Another feature experts recommend in a security software application is the ability to limit the types of applications employees download onto their company-provided smartphones.

Security Tips To Keep Your Mobile Phone Secure

We’ve all seen the stories about celebrities getting their mobile phones hacked and having their private photos splattered all over the web.

Although you may think there is nothing of real interest on your phone, you are still at risk of security invasion. Any number of people could have motive to do so from exes to a colleague who perceives you as a threat, and even innocuous content on your phone can be taken out of context to reflect negatively on you in general.

Use some of these simple tips to protect your mobile phone and reputation:

Passwords
Your passwords are your primary defense against would-be hackers – from your lock code to email account password. Don’t share your passwords with others. Also, make sure your passwords aren’t easily guessed, such as your pet’s name or child’s birthday.

A secure password may not be as easily remembered, but it is far harder to hack. Finally, shield your phone’s screen when entering passwords in public lest onlookers take note of which buttons you push.

Clear Out the Cobwebs
In addition to creating more storage space on your mobile phone, it is just wise to remove old text conversations, photos, and other data periodically.

Back up the things you want to keep onto other devices, so you can access them later. With all of the excess stuff you don’t use on a regular basis gone, you leave less for hackers to work with if the security of your mobile phone is breached. In the event of being hacked, you would also likely lose all of those things, so backing such info up protects you twofold.

Beef Up Security
Take advantage of the lesser-known security features of your mobile phone. For example, turn off the Discoverable mode on your Bluetooth.

Look on your phone under Security to see if there are already included options, such as an automatic lock screen that activates after a certain period of inactivity.

There are also applications you can download to increase the level of security on your phone, including apps that allow you to access and control your phone remotely in the case of loss or theft.

How The “Internet of Things” Will Affect Small Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Just when you thought you had the Internet mastered, something new crops up on the horizon.

One of the newest advances that will likely revolutionize the world is the Internet of Things (IoT).

If you haven’t heard of this, you’re not alone, but this idea is fast becoming a realization. Simply put, the IoT refers to how it is possible to remotely control and monitor just about anything via sensors and, of course, your Internet connection – from opening your home’s garage door from your office to the level of dog food remaining in your pooch’s bowl.

This concept recently gained definition at Apple’s Worldwide Developer Conference when the company unveiled two applications for iOS8.

The first was the HealthKit app, which lets users keep up with health and fitness data without wearing an actual tracker. The other was the HomeKit that can remotely control electronic devices like lights and cameras at home. [Read more…] about How The “Internet of Things” Will Affect Small Business

Risks When Employees Use Their Own Mobile Devices

Michael Menor is Vice President of Support Services for Tech Experts.

BYOD (Bring Your Own Device) is an exciting development for increasingly mobile and interconnected employees, but also a new challenge for IT security teams.

Gone are the days where security professionals can lock down a finite set of machines and facilities; instead, they must manage an ever-growing, ever-changing landscape of employees, devices and applications, many of which have access to information that needs to be protected.

According to an article on eWeek, a survey was done on organizations with mobile devices connecting to their networks: only 33 percent have any official BYOD policy governing the use of personal portable devices, 67 percent do not.

The security risks are inherent in BYOD between viruses, hacking, improper security, and more. Flat-out thefts of smartphones, laptops, and tablets are also an issue.

In New York City alone, police data show that Apple products were stolen in a total of 11,447 incidents in the first nine months of 2012. That is an increase of 40 percent compared to the previous year.

Of course, employee education and awareness are important as informed users are more likely to act responsibly and take fewer risks with company data. Unfortunately, employees can be careless and criminals crafty, which is why network security defenses and policies are so critical.

Although implementing a restrictive device policy may feel like the most secure approach for your company, it can easily backfire.

Your craftiest employees are going to find a way to connect their devices to your network no matter what. And employees who do obey your “no iPhones” message will probably resent the policy and experience lower productivity.

Bring Your Own Device conceptToday’s workers expect to have 24/7 access to their information. They want to be able to catch up on emails on the evening train ride home or access information while away from the office.

BYOD lets IT staffs eliminate the hassle and expense of provisioning, distributing, and maintaining hundreds of corporate-owned mobile devices.

But setting up a BYOD program isn’t without its challenges. For starters, when you give employees free rein to bring in their own devices, you put your corporate documents and data at the mercy of the native security on these devices.

When you consider that many of your employees probably have “1234” as the PIN on their iPhones, that’s a pretty sobering thought.

Another major concern is your network. When you allow today’s increasingly powerful smartphones and tablets to request resources from your network, you really put your infrastructure to the test.

Are you ready to serve data instantly to hundreds of increasingly powerful hand-held mobile devices?

What if your mobile employees want to watch training videos, play back webinars, or listen to conference call recordings on their devices – can you deliver this kind of bandwidth?

Like most things, there are upsides and downsides, but a decision should be made on what best suits you, your employees, and your business.

When it comes down to it, BYOD isn’t a completely ridiculous idea. In fact, the benefits of BYOD may be worth the extra security precautions required to implement it.

(Image Source: iCLIPART)

New Security Risk For Android Phones

Just when you thought you had safeguarded your mobile device from any misuse, a new threat emerges.

For Android users, it’s a big one. Rapid7 has recently discovered a security bug that allows cyber criminals to access a smartphone user’s data.

Although this security problem is widespread, Google has responded that it will take no action to fix it. The bug exists in phones operating on Android 4.3 and below, and allows hackers to control your smartphone.

Although Android 4.4 and 5.0 users are not vulnerable to this risk, this issue affects approximately 60 percent of Android users – almost a billion people worldwide.

Google’s official response is that their policy is not to develop fixes for older software versions, but it can notify people of the risk and others are welcome to create their own fixes.

To date, there are no known patches to address this issue. There is, however, one way to ensure your safety if you possess an affected smartphone. Simply download and install a newer version of the operating software.

Security Tips For Your Smart Phone

Today it is fairly easy to carry out business tasks using smart phones. Emailing, browsing the Internet and even creating or editing documents is now a breeze.

So technically, smart phones are now carrying a large amount of sensitive data that needs to be protected. Not only are Smart phones subject to the same threats as PCs, but they are also quite easy to misplace and lose.

Here are a few tips that will help you mitigate some of these security risks:

Screen lock the phone
Whenever you leave your phone unattended, lock your smart phone to require a password or PIN code or set it to lock after few minutes. This will prevent unwanted access and will protect your data in case the phone is lost or stolen.

Enable remote device wipe
Check if your phone allows the memory-wipe function in case it is lost or stolen. Some phones have this feature embedded, but most others will require that you download an app and potentially pay for the service that goes with it.

Apply system updates
From time to time, smart phone vendors, mobile carriers, or hardware manufacturers update the operating systems on their phones. These updates usually include useful and necessary security-related improvements.

Turn off Bluetooth discovery mode
Many people leave their smart phones on Bluetooth-discovery mode around the clock. On some phones, this feature is set by default; however, check your phone and make sure it is disabled when you are not using it. Failing to do so, your phone will constantly be discoverable to others and allow people to connect to your device without prior authorization.

Install mobile anti-virus
Malware purveyors are increasingly targeting smart phones. It is now important to use anti-virus software for your phone just like you would do for your PC.

This is particularly important for Android devices as they are built on an open platform susceptible to malware.

Mobile Devices: BYOD Deserves Special Consideration

by Jeremy Miller,Technician
A good majority of people now bring a device of their own to work and many even use their own device at work. There are many reasons that this could be good or bad or down right terrible.

There are always inherent risks when employers allow employees to use a personal device at work especially if the device attaches to the network or has confidential data stored on the device.

Allowing employees to bring their own device can be very beneficial to your organization.

If you choose to allow devices you must understand the risk and create rules that keep the device from being used maliciously.

It is best practice to create an Acceptable Use Policy for Devices. This will cover a variety of things including:
• Proper use during and after-hours.
• What types of apps are allowed to be installed?
• Which type of data will the device be allowed to use.
• How to prevent abuse.

A good AUP will allow a business to allow users to bring in their own devices and use them to increase their productivity without letting the employees abuse the privilege of being allowed to use a personal device at work.

Allowing employees to bring their own device can: increase productivity at a low-cost to the business, make employees happier, and allow users to be reached at any time.

Allowing employees to bring in their own device can be bad as well. The first reason is employees’ abuse devices all the time.

In every workplace there are employees that will use their devices in a matter that is not related to work such as checking Facebook or texting when it is not necessary.

Then there are employees that will want to use their device at work and at home, but will not want to follow the Companies Acceptable Use Policy.

This is not only disobedience but risky, because many of the stipulations in the AUP are to protect the Company’s business flow. Allowing employees to bring in a device that connects to email will sometimes require an IT person to help get the email to sync with the device.

If you do not have onsite IT this can cost you money every time there is an issue with the email not syncing. The ugly part of allowing users to bring their own device is the lack of control and security.

With the lack of standardization each device is at least a little different. On top of that each app installed is a potential risk, especially the free apps that include advertising.

Risks emerge every day, this means that in order to be sure that the device is secure you will have to continuously assess the risk for each device in use.

There is always a risk that your employees could fall victim to social engineering.This is when they either knowingly or unknowingly give away confidential information to a party that is not allowed this information.

This can be mitigated by educating users on a continuous basis, a good way to do this is a lunch and learn style of meeting. All employees with a personal device being used for work should be restricted to which applications they are allowed to download.

This is because each app has its own code and permissions that are required to run it. If the permissions for the application can compromise any data at any point it should be reviewed and then allowed or disallowed.

In conclusion many companies already allow the use of a personal device for work. Trying to implement a plan after allowing the devices is much trickier because you are further limiting a user on their own device.

A plan is absolutely necessary to protect you from legal implications, and to be up front and informative of the consequences for breaking any rules outlined in the Acceptable Use Policy for Devices.

Letting your employees know what is expected will reduce the legal and liability risk that a company may face.

For Small Businesses, Smartphone Security Is As Important As PC Security

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Although there aren’t any prevalent security attacks or threat mechanisms associated with smartphones in the market today, security vendors and analysts are urging mobile device users to use security best practices on them, just as they would with their computers.

With recent advancements around mobile devices and technologies, particularly smartphone devices, more and more people are staying connected both in the home and office environments.

Analysts at Forrester Research, a leading authority on security in the small business IT space, say the new breed of smartphones, such as Android and iPhone-based devices, are built on operating systems that are “fairly-well locked down.”

However, although they said using these types of devices are generally safer than PCs because malware can’t run on them (yet), there are still privacy and data risks to be aware of.

GPS hacking is just one concern – a rogue phone application sending your location to an outside service without your permission.

Privacy-related issues will emerge as third-party “fake” applications access more of your personal data.

These would be apps that look legitimate, but are designed to steal your personal information.

Fixing this type of issue will be simpler than a PC, though: The operators of the “app stores,” (Apple and Google) can find the offenders and remove them from the sites in a matter of minutes.

Security and privacy are a concern especially for users who bring and work with their personal devices in and out of the workplace.

The safety of the data on those devices becomes an even larger issue.

Smartphones allow business owners and employees to be more connected with each other. Users are sending information via e-mails and through attachments, all of which are susceptible to loss or theft.

Smartphones that are used for business communication should be treated like office PCs when it comes to data protection. The security threat is there – you have to protect the data that’s on the device.

One of the biggest security mistakes customers make with their mobile devices today is that they fail to use even the most basic security protection methods such as passwords.

Most users don’t set up passwords on their mobile device because they think of their smartphone as just a phone.

But really, it’s a small, low-power computer that happens to let you make phone calls, too.

For small business, it’s time to start thinking of smartphones as another entry into your business’ data. If they’re used for business communication, they need to be monitored, protected and updated just like a PC on your network that attaches to your server and financial data.

Should You Trust Every App You Install On Your Phone?

Nope — some of them are plundering your personal information and beaming it to potential bad guys. (Do hackers ever sleep?)

Two researchers revealed that they’d researched one seemingly benign wallpaper app and found that it was sending phone numbers and subscriber information (like names and addresses) to a remote computer.

The app in question came from Jackey Wallpaper, and it was uploaded to the Android Market, where users can download it and use it to decorate their phones that run the Google Android operating system.

It includes branded wallpapers from My Little Pony to Star Wars.

Essentially, these apps collect your phone number, subscriber identification, and even your voicemail phone number as long as they are programmed automatically into your phone. It sends the data to a website, www.imnet.us. That site is evidently owned by someone in Shenzhen, China. The app has been downloaded anywhere from 1.1 million to 4.6 million times.

“Apps that seem good, but are really stealing your personal information are a big risk at a time when mobile apps are exploding on smart phones,” said John Hering, chief executive, and Kevin MaHaffey, chief technology offi cer at Lookout, in their talk at the Black Hat security conference in Las Vegas. “Even good apps can be modifi ed to turn bad after a lot of people download it.”