Smartphone Security

We all love receiving new technology during the holiday season, but we must remember to protect it.  Whether we like it or not, cell phones and laptops are no longer simply devices – they are an extension of ourselves.  They house important information and records that we wouldn’t dare give a stranger (social security numbers, passwords, confidential information). In fact, we use them for socializing, shopping, banking, browsing, and much more.  Simply for the ease of use, it becomes a habit to stay logged into your accounts on your devices, but the downside is that if your phone is lost or stolen, it can lead to identify theft.  Someone could also hack your phone and access information via web-pages you have visited.  The importance of smartphone security is something we should all be aware of and implement right away.

Nearly 40% of data breaches are caused by mobile devices.

  1. Employee negligence is typically due to employees who are busy, traveling constantly, or hurrying through a task, and simply not knowing or paying attention to the risks involved.
  2. Theft is a big problem since there are ways to breach a smartphone.
  3. Malicious attacks. Hackers are responsible for the majority of breaches and thrive on those who leave the doors wide open to an attack.  Don’t leave yourself vulnerable.

Here are some tips to enjoy that new device as well as protect your privacy and information:

  • Activate Screen Lock. Perhaps the easiest and first line of defense on any device is the lock screen. After any time of inactivity (usually 30 seconds for cell phones and slightly longer for laptops and desktops), the device should be enabled to auto-lock so no one else can access your information.  On a cell phone, the code is usually four characters, but can be longer.  No matter how protective you may be of your devices, there’s no guarantee that you may not accidentally leave it somewhere.
    • Encryption can do a lot to protect your phone’s data and the good news is that all iPhones and newer Android versions come with their phone automatically encrypt once you set a password.
  • Mind your Apps. We all like the simplicity and efficiency that apps provide, but it’s important to keep an eye on them. There has been an increase in malware attacks, especially on smartphones, since most users gain access to confidential information.  Always read the small print and consider the personal information the app requires. If an app requires significant personal information, reconsider installing it.
    • Always use official app stores. App stores generally approve and vet apps prior to granting them space on the platform. (Always make sure the Web site URL starts with a secure https:// and contains a locked padlock icon.)
    • Check permission for the app. Some apps will ask permission to access certain aspects of the device. While it will make sense for a GPS to ask for your location, the same cannot be said for a flashlight app asking permission to access your text messages.
  • Browse Carefully. When you access a web browser on your smartphone, you should be very careful because it is easy to accept messages that pop up. For instance, you might decide to save your password and other information as it leads to easier access later on.  Unfortunately, that can provide others a way to copy your data. Always use reliable and safe websites and never enter your information on new or unknown websites, especially when they are asking for sensitive information like your credit card or bank details.
  • Remote Wipe. Have security knowing that if your phone is lost or stolen, you can safely wipe the device to protect the data from falling into the wrong hands.  A similar feature can be enabled after a certain number of failed passwords to access the phone (usually it is around 10 attempts before the device is wiped).  This service provided to our clients enrolled under the CSP agreement.
  • Use caution with any links you receive via email or text message. Exercise caution when clicking on links. Phishing scams are not limited to email – a text message can incite you to click on a malicious link or ask for personal information.
  • Do not alter security settings for convenience. Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone, while making it more susceptible to an attack.
  • All Wi-Fi was not created equal. Be mindful when using open Wi-Fi. When you are not using your wireless connection, you should keep it switched off. This can ensure that no one else can connect to your device without your permission or knowledge. You should also check your device’s network settings as they might be configured to connect to a network automatically when in range and may not ask for permission. In addition, your home wireless router should also be protected through a password or security code.
  • Run the Updates. Don’t put off downloading updates. Many updates tweak and fix several flaws on your phone that could open a backdoor for hackers.
  • Wipe data on your old phone before you donate, resell, or recycle it. Your smartphone contains personal data you want to keep private when you dispose your old phone. To protect your privacy, completely erase data off of your phone and reset the phone to its initial factory settings.

 

“Smartphone Security Guide: Keep Your Phone Data Safe” – heimdalsecurity.com
“Mobile Security Threats” – nsiserv.com
smallbiztechnology.com
networkworld.com/category/malware-cybercrime/
“Smartphone Security” – fcc.gov
pcworld.com

 

2018 Tech Trends

Technology is drastically changing the way we live and work and more adjustments will be apparent in the years ahead.  Instead of thinking “bottom-up” or “top-down,” business and technology needs to be thought of in a hybrid solution.  “From the bottom up, they are modernizing infrastructure and the architecture stack.  From the top down, they are organizing, operating, and delivering technology capabilities in new ways.  In tandem, these approaches can deliver more than efficiency – they offer the tools, velocity, and empowerment that will define the technology organization of the future.”1

IoT is one such tool that continues to gain traction and will have an even larger impact in 2018.  It is estimated that there are currently between 8-15 billion IoT devices.  That’s more than there are humans on Earth!  These devices include everything from home security systems, pacemakers, voting machines, voice-activated cars, personal assistants (i.e. Alexa) and personal health trackers (i.e. FitBit), as well as toys, toothbrushes, and even pillows.2  Having these devices makes life simpler, but will truly help when the devices can “talk” to each other.  Josh Siegal, a research scientist at MIT highlights the importance of interconnected devices and their usefulness: “It’s not about the car or the home, it’s about how your car can talk to your home to tell it that you’ll be arriving home early because your car talked to the roadway to avoid traffic, and now you need to put the heat on a little bit sooner than you would – while still saving energy due to having a smart thermostat. People aren’t used to thinking in such terms today.”2

These new IoT devices must also be able to function with the older technology.  “Having the intelligence in the lightbulb makes it pretty easy to adopt. It’s as easy as screwing in a lightbulb. But the usefulness is diminished when my 8-year-old daughter turns off the light switch – and now my fancy internet-enabled lightbulb is offline.”2

Security is Paramount

Now, more than ever, security is a top concern for organizations.  Individuals were rightfully upset about the Equifax breach, but IoT devices have the potential to leak information that’s just as valuable and sensitive.  It doesn’t help matters that security of these devices seems more like an afterthought.  The most vital, and yet underrated IoT applications are those that “allow administrators to automatically update them when issues are found and enforce strong defaults for things like passwords and encryption.”2 This highlights the importance of conducting due diligence and not rushing the vetting process for a shiny, new technology.  Ultimately, organizations must balance the need for better production and employee satisfaction with protecting company data.  They must know what and where the devices are attaching to the networks and manage accordingly.

IoT Data Analytics

As IoT expands, so too does the amount of information available to organizations.  This information can and will drive business decisions.  A prime example of IoT data analytics helping an organization work more efficiently and profitably is Navistar, who reduced the cost of managing its fleet of 180,000 trucks from 15 cents per mile to just 3 cents.3 Opportunities for cost savings exist in nearly every business, but it must be done judiciously; cost savings needs to be weighed against the cost of storing and sifting through the data.

2018 is poised to see technology have an even greater impact upon organizations.  It helps to have a Managed Services Provider (MSP), such as Bryley Systems to help navigate the ever-changing landscape.  Contact us at 844.449.8770 or by email at ITExperts@Bryley.com to learn more. We’re here for you.

 

1 deloitte.com/content/dam/insights/us/articles/Tech-Trends-2018/4109_TechTrends-2018_FINAL.pdf
2 Schuchart, Wendy. IoT for Business: Five Key Trends for 2018. Channel Partners
3 forbes.com/sites/danielnewman/2017/09/26/top-10-trends-for-digital-transformation-in-2018/#734e6621293a

Warm Holiday Wishes

One of our engineers received this heartfelt card from one of our clients.

It’s a great feeling knowing that they value our partnership.

Wishing you and yours a happy holiday season!

Have You Considered Moving to Remote Desktop Services (RDS)?

These days, many organizations are looking for ways to help their remote workers and road warriors stay connected.  One solution that works for many is implementing RDS, or a Remote Desktop Services server, which enables workers to access the network anywhere from any device that is VPN compatible as if they were sitting in the office.

What are the benefits?

  • Implementation process and cost savings. Once the initial cost and time of setting up the server is made, it becomes cost effective to move to an RDS environment. “The enormous cost savings that is gained from a Remote Desktop Services server implementation is in the reduced time it takes to do the implementation and even more so in the time saved with ongoing maintenance and management of your company’s end-user desktop infrastructure.”1 Unlike a traditional environment, once the devices are configured on the server level once, individuals can easily add another user with the same configuration. This allows the initial setup cost to be divided amongst the number of users, opposite of a PC-based environment, where setting up a machine must be done separately.
  • Software Updates/Management. Since all users are connected to the same server, updates only need to be performed once to ensure that everyone has access to the latest versions. This drastically reduces costs, time, and potential for mistakes or inconsistency.
  • Scalable. Once the server is setup, it is simple to add a new user.
  • Enhanced Security. With an RDS, no data is stored at the local level of the machine. RDS prevents users from installing unauthorized software, further protecting the data.  With this enhanced security, organizations are able to save on purchasing expensive laptops with encryption and can purchase significantly cheaper laptops or “dummy” computers as all the processing is done through the server.
  • Increased Mobility. Unlike with a standard VPN, users on an RDS are able to end a session on one device and pick it up at the same point on another. For example, if you are holding a meeting in a conference room, you can log into RDS and take notes.  Upon completion of the meeting, you can close out of the session and pick it back up at the same point on your laptop or other device.
  • Disaster Recovery. In the event of the office burning down or inaccessibility, as long as employees have a compatible VPN device, they can work like nothing happened if the RDS server is being hosted at another location.

Before you commit to what to think about when considering moving to RDS? Is this solution right for your business?

  • What programs do you regularly use? If you use programs that use a large amount of memory, RDS may not work for you – speed will become an issue. Some programs that are not compatible with RDS are: CAD programs, Graphics Rendering programs, and any program that requires bolstered hardware.
  • What is the size of your largest files? If you are not at the physical site that hosts the RDS server, it will take a significant amount of time to upload a movie file for example.
  • How many users will be on the network? This ensures you can allocate the necessary resources to each user so they will not see a reduction in speed.
  • Will there be any printers added to the server? It is helpful to know which printers end users will be printing to from the RDS server if it is hosted in the cloud. If it is a large-scale printer (such as a large-format plotter printer) cloud based RDS may not be the best option.

 

Be sure to have a full list of programs that your organization uses to ensure they will work in an RDS environment.  A Hybrid solution may be a good option for these organizations.

Working with a Managed IT service provider can assist you in seeing if an RDS environment is right for your organization.  You are not alone in this process, Bryley can help. Contact us at 844.449.8770 or by email at ITExperts@Bryley.com to learn more. We’re here for you.

 

1 blog.hcd.net/terminal-services-remote-desktop-services-the-many-benefits/

Bryley Systems Donates to Clinton Fire Department who “Pay it Forward”

We love being part of this community and are honored to donate to our local fire department and see them “pay it forward.”

Clinton Fire Department thanks Bryley

Is Your Technology Ready for Winter?

Whether or not you love or detest winter, the fact of the matter is that it’s quickly advancing.  Around this time those of us in New England put snow tires on our vehicles, stake our driveways, and put sand or kitty litter in our trunks.  But what about our technology?  How can you protect it from the harsh New England weather?

 

  • Check your surroundings. Prior to turning on any heating device, make sure it is a safe distance from your technology – you do not want to risk melting portions of your device.
  • Keep your technology out of your trunk! Although keeping your laptop in the trunk is a far better option than leaving it in the back seat of the car, it’s still not optimal. If left in a trunk for an extended period of time, severe temperatures can cause computer equipment to fail.
  • Let your devices warm up. How many times have you come in from the cold and had your glasses fog?  It only last a few moments until your glasses acclimate to the new temperature.  The same phenomena occurs inside your computer, but can have more severe consequences including short circuiting the device.  Drastic temperature shifts can also cause the metal components in the devices to expand and contract, potentially causing damage.  The best way to avoid this is to allow your computer to acclimate to the new temperature prior to powering the device.
  • Do not place any heating elements (heating pad, hair dryer, etc.) on or near the device in an effort to speed up the warming process. This can cause more harm than good.
  • Protect your screens. Most screens have an LCD, or liquid crystal display, and run the risk of freezing, making them more susceptible to cracking or shattering.  To reduce the risk of this occurring, reduce exposure to extreme temperatures.
  • Have your charger ready. Cold temperatures cause batteries to drain, so it’s important to keep a charger handy to ensure maximum uptime.
  • Change the Power Settings. “You can keep your laptop warm by changing the power settings to power save mode. This keeps the laptop warm as it continues to run, and instead of shutting down the hard drive, it keeps it spinning. The longer the laptop can be kept running, the warmer it will stay as it generates its own heat.”1
  • Be wary when online shopping. Online shopping is a great way to avoid the crows and get items you desire, but be wary of cyber criminals. We recently wrote an article to provide insight to protect yourself from hackers.

Keeping these tips in mind will enable you to enjoy the winter months and protect your valuable devices.

 

1 “Keeping Your Devices Safe in the Cold” – pcrichard.com

“Winter-ize Your Technology” – abc13.com

“Winterizing Your Computer” – tahoetopia.com

“Top Cold Weather Tips for Laptops” – lifewire.com

Shopping Online — Safely

Shopping online is very convenient.  You can click here and there and order whatever product you desire and have it delivered to your front door.  You can compare pricing, look for deals, compare products, and it all can be done quickly and in the convenience of your own home, any time, night or day.  The downfall?  Wherever there is money and users to be found, there are malicious hackers roaming around.

Use familiar web sites.  You need to be aware of the safer online shops, like Amazon.  One tactic favored by malicious hackers is to set up their own fake shopping websites. Fake websites can either infect you the moment you arrive on them by way of malicious links. However, the most dangerous aspect you should be concerned about is the checkout process. Completing a checkout process will give cybercriminals your most important information: credit card data (including security number), name, and address. This opens you up to credit card fraud or social engineering attacks.

What are some key things to be aware of as you’re shopping?  Sticking with popular brands is as good as any advice when shopping online. Not only do you know what you’re getting by way of quality and price, but you also feel more confident that these well-established names have in place robust security measures. Their efforts can be quite remarkable, as researchers at Google and the University of San Diego found last year.”1

 A few things to be aware of: 

  • Leery URL’s such as “coach-at-awesome-price.com” or “the-bestonlineshoppingintheworld.com”
  • A strange selection of brands – as an example, the website claims to be specialized in clothes but also sells car parts or construction materials
  • Strange contact information. If the email for customer service is amazonsupport@gmail.com” instead of “support@amazon.com” then you should be suspicious that online shop is fake
  • Are prices ridiculously low?  An online shop that has an iPhone 7 at $75 is most likely trying to scam you

The old adage “if it seems too good to be true, it probably is,” rings true in this case, and it’s best to steer clear of these sites.

Use Secure Connections.  Wi-Fi has some serious limitations in terms of security. Unsecured connections allow hackers to intercept your traffic and see everything you are doing on an online shop.  This includes checkout information, passwords, emails, addresses, etc.

Before You Buy Online…

  • If the connection is open and doesn’t have a password, don’t use it.
  • If the router is in an exposed location, allowing people to tamper with it, it can be hacked by a cybercriminal. Stay away.
  • If you are in a densely-crowded bar with dozens of devices connected to the same Wi-Fi hotspot, this can be a prime target for an enterprising cybercriminal who wants to blend in and go unnoticed. Continue to socialize, don’t shop.

Access secure shopping sites that protect your information. If you want to purchase from a website, make sure it has SSL (secure sockets layer) encryption installed. The site should start with https:// and you should notice the lock symbol is in the address bar at the top.

Update your browser, antivirus and operating system.  One of the more frequent causes of malware is unpatched software.  Online shoppers are most at risk due to the sensitive information involved. At a minimum, make sure you have an updated browser when you are purchasing online. This will help secure your cookies and cache, while preventing a data leakage.  You’ll probably fuss over having to constantly update your software because it can be a time consuming operation, but remember the benefits.

Always be aware of your bank statement.  Malicious hackers are typically looking for credit card data, and online shops are the best place for them to get their hands on such information.  Often times, companies get hacked and their information falls into the hands of cybercriminals.

For this reason, it’s a good habit to review your bank account and check up on any suspicious activity.

“Don’t wait for your bill to come at the end of the month. Go online regularly and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don’t see any fraudulent charges, even originating from sites like PayPal. If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems.”2

Using a credit card vs. a debit card is safer.  Credit cards have additional legal defenses built in that make them safer to purchase online compared to debit cards.  With credit cards, you aren’t liable if you are a victim of a fraudulent transaction, so long as you report the fraud in a timely manner. Secondly, credit cards give you leverage when it comes to disputing transactions with a seller. If you pay with a debit card, you can’t get your money back unless the seller agrees to it. With credit cards, the money you paid for a product isn’t counted against you until due process is complete, debit card holders however can only get their money back after this step.  Ultimately, banks are much more protective of credit cards since it’s their money on the line, not yours.

Additional tips for safety:

  • Never let someone see your credit card number – it may seem obvious, but never keep your PIN number in the same spot as your credit card
  • Destroy and delete any statements you have read
  • Notify your credit card issuer of any address change. Doing so will prevent them from sending sensitive files to the previous address
  • Keep confirmation numbers and emails for any online purchases you may have done
  • Immediately call your credit card company and close your account if you have lost or misplaced a credit card

Use antivirus protection.  The most frequent tip on how to be safe online is to use a good antivirus tool. It will keep you safe against known malware.  ”Before you begin shopping, outfit your phone or tablet with mobile security software. Look for a product that scans apps for viruses and spyware, blocks shady websites, provides lost-device protection and offers automatic updates.”3

Do not purchase from spam or phishing emails.  A phishing email with a fake offer for a desirable product is a hard thing to resist for many shoppers, so they make an impulsive decision and click on the “Order Product” or “Buy Now”, and that’s when the malware attack starts.  A phishing email is not like a standard email. The cybercriminal simply wants your click, and nothing else. The Unsubscribe button won’t stop the email spam.  The best solution in these cases is for you to simply mark the email as spam, this will remove the mail from your inbox and block the sender from sending more spam.

Keep a record of your transactions.  If you are a frequent online shopper, it may be difficult to remember from which site you bought a certain product.  So, write it down: what you bought, when and from what website.  Compare your spending details with the banking records from your online banking account, keep track of which websites you use for shopping and buying stuff online.

Hold on to your receipts and destroy them when you no longer need them.  Keep the receipt for your purchase, just in case you need to confirm it again, as well as for warranty and return issues.  If you want to get rid of receipt, make sure to destroy it completely, so that any possible identity thief won’t be able to find any information about you.

Don’t give out more private information than you need to.  ”In order to shop online you need to provide two types of information: payment information, such as credit card data, and shipping location, which is usually your home or work address. Be suspicious of online shops that ask for information such as: date of birth, social security number or any other similar information. They don’t need it in order to sell you things.”4

Don’t keep too much information on your smartphone.  These days, everybody stores a lot of important personal information on their phone, and most of us rarely take the time to secure them.  These devices are now much less about calling people, and more about photos, social media, etc.  Increasingly, people shop online using their smartphone, but this carries its own risks. Fake online shops can infect your smartphone with malware, and then have access to information such as phone numbers, notes, photos, and even app contents.  Be careful what information you store on your smartphone.

If you take a few safety precautions, you can enjoy the convenience of technology with peace of mind while you shop online.

1 welivesecurity.com – ESET Security Forum
2 pcmag.com
3 trendmicro.co.uk/home/internet-safety-for-kids/smart-mobile-tips-for-online-shopping/ – TrendMicro
4 bettermoneyhabits.bankofamerica.com/
staysafeonline.org – Powered by National Cyber Security Alliance
americanbar.org – American Bar Association
foxnews.com
usatoday.com

 

Bryley Success Story

Bryley technicians recently assisted one of our clients from what could have been a serious situation. The client’s server went down, and Bryley techs responded quickly to the matter. Actions were performed onsite, but further testing needed to be performed back at the Bryley Office.

It was determined that the client’s server was overheating and needed to be replaced or they risked losing their data. Luckily, Bryley had a spare server that ran on a similar operating system, so technicians were able to move it over and recover their information. The client was pleased to have their data recovered and is conducting regular backups.

We are extremely fortunate to recover their data, but this case highlights the importance of regular checks of one’s equipment as well as conducting backups on a reliable service, such as Bryley’s. Let Bryley help you double-check your IT infrastructure, recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.