The Savvy CIO

People use laptops, smartphones, iPads and other mobile gadgets all the time everywhere they go. Maybe you’re one of them. Many companies are moving to notebooks instead of desktop computers and equipping employees with smartphones to enable increased mobility. Maybe you belong to such a company.

Do you know how secure your business information is when you connect to wireless Internet in your hotel or at the airport or hook up to free WiFi at a cafe? It can be very risky, but there are a few simple ways to protect yourself, your company and your clients. In a recent article about information security, Chris Drake from E-Commerce Times stresses educating yourself and your workforce about the best methods to keep yourself safe from hackers. He offers these suggestions:

For Wireless Internet Connections

• Stay off the free wireless Internet. If you do use it, go through a secure VPN connection with the latest encryption methods.
• Subscribe to a mobile broadband service and use the mobile Internet access card.
• If you are not using your wireless connection, turn it off. This will help regulate when you are actually connected.

Use the Right Hardware and Software

• If possible, use a “travel only” laptop that contains only the basics and not all your work history information.
• Access your email through the Web instead of through physical software.
• When you are done on the Internet, clear your browser history.
• Store everything on an approved network instead of on your local harddrive.
• Type in passwords instead of having your computer remember them.
• Equip your mobile device with “lojack-like” software. In the event of loss or theft, you will be able to wipe out the contents on your device.
• Install antivirus software on your laptop.
• Require two-factor authentication to access your system

Drake also cautions to always keep your belongings with you at all times. It only takes a minute of turning your back or leaving the table, and your laptop could be hacked or stolen. Thieves and cybercriminals look for any opportunity.

Don’t assume that your boss or the IT department have everything covered. Know what methods you have in place to protect yourself. How valuable is your company’s information to you and your job? Can you afford to take chances?

I use local rail to travel in and out of Chicago every day. While waiting for the train to leave the Chicago station each evening, my laptop often reports two or three Free Public Wi-Fi connections eager to accommodate my web browsing needs.

I never connect.

Setting up bogus “Free Public Wi-Fi” connections in heavily traveled areas is a common trick of hackers and other folk with less than kind intentions.

By broadcasting a fake “Free Public Wi-Fi” connection with a packet sniffer enabled, an attacker can see everything that a person who connects to their broadcast can see, including passwords.

Here are a few security tips for travelers in need of Wi-Fi:

read more »

The business world is waking up this month. Is your IT infrastructure ready to support the incoming upswing? How can you prepare while still being cautious about expenses?

We’ve collected our posts about how to perform your own IT assessment into a single, downloadable document. We cover the key issues involved in twelve types of critical technology, including common mistakes, best practices, and our recommendations from years in the IT trenches. The technology considered includes:

1. Malware and Anti-Virus
2. Firewalls
3. Content Filtering
4. Physical Network
5. Internet Connection
6. Email & Collaboration
7. Wireless Network
8. Data Backups
9. Data Repositories (including servers)
10. PCs
11. Printers
12. Remote Access

Download it. Copy it. Share it with a colleague or your IT guy.

We’re committed to seeing small businesses reap the real benefits of IT, instead of seeing IT as a cost center or necessary evil.

Click to download the guide here: Highland Solutions IT Assessment Guide.

This is part 12 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post covers a critical area of technology.

Remote Access

Function & Value

Remote access enables users to access programs and files stored on a PC or server in your office when they are not physically in the office. Remote access can allow for a flexible work schedule, cover mistakes when a file or task is forgotten, and help you accomplish an emergency weekend task without an emergency weekend commute.

There are two common ways to provide remote access: VPN (virtual private network) and Remote Desktop. A VPN uses a piece of software on an external PC to connect with a VPN concentrator (often a firewall) inside the office. Remote Desktop runs on an external PC and connects with appropriate credentials to a PC inside the office.

External access is required for most businesses, but it can pose significant risks to your network. Here are the most common problems and how to avoid them: read more »

This is part 7 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post covers a critical area of technology.

Communications: Wireless Network

Function & Value

A wireless network allows wireless enabled devices like laptops and PDAs to easily gain access to the Internet or your local network without the expense or tangle of Ethernet cables.

Why do you need a wireless network? Wireless is more flexible and less expensive than a wired network and can be ideal for small or mobile offices as a primary network. Wireless also makes your office hospitable to guests needing access.

Why don’t you need a wireless network? Unlike wired networks, you cannot control how far a wireless network extends, so your network can be accessible from the parking lot or the office next door. Wireless is also much more difficult to secure than a wired network, and poses unique security challenges.

Wireless isn’t right for all businesses. If you already have a wired network, don’t add a wireless network unless there is real need.

If you do have or require a wireless network, pay attention to the following common problems and best practices. A compromise of your wireless network can be crippling to your business.

read more »

This is part 3 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post covers a critical area of technology.

Security: Content Filtering

Function & Value

A content filter is a piece of hardware or software that acts as a screen between the Internet and your users. The filter uses pre-set and customizable categories to prevent access to types of web sites. The least aggressive filters block only malicious sites, while the most aggressive allow only approved, work-related web sites.

If your organization provides Internet access to minors, you need to know the legal requirements of Internet content filtering.

We advise every organization to use content filtering to block malicious websites. How content filtering is used beyond that depends upon weighing the pros and cons of filtering.

What kind of content filtering is right for your business? read more »

This is part 2 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post will cover a critical area of technology.

Security: Firewall

Function & Value

A firewall is the gateway into your network, controlling all inbound and outbound access to and from the servers and PCs you control. A firewall provides the ability to securely access PCs and servers remotely, which is good for telecommuting employees as well as rapid response from your IT firm. Firewalls also often include anti-malware protection, anti-spam abilities (if you host your own email), Internet content filtering and broadcasting for wireless Internet access.

A firewall is the most important piece of your business’ security technology. Underpowered firewalls or wrong configurations can leave your network and data exposed. Here are the common problems we see with firewall use, as well as best practices.

read more »

This is part 1 of a series on IT Self-Assessment for small businesses. We’re providing information and guidelines for a simple IT check, giving you the ability to gain free insights into how your technology can serve your  business better. Each post will cover a critical area of technology.

Security: Malware and Anti-Virus Protection Overview

Function & Value

Malware and Anti-Virus Protection is software that monitors individual PCs for viruses and other malicious programs that may attempt to invade or infect your network. This type of software regularly updates itself with the most recent information about viruses and malware. If it detects an intrusion, it responds by destroying or quarantining the virus, stopping it from infecting the PC or spreading to other computers.

Malware and Anti-Virus Protection functions like a security firm for your house. Its value is in preventing costly damage and disruption.

Let’s take a look at common problems and best practices in protecting your company from malware and viruses.

read more »

Twitter, media darling that it is right now, is logging a bit of bad press for having company documents stolen.

The short version is a hacker got into an employee’s web email account, and from there was able to access information stored in Twitter’s Google Apps account.

Depending on where you read the story, the spin is:

Twitter has serious security issues (partially true)
Cloud computing is unsafe (mostly false)
Someone needs a better password (clearly true)

The real lesson to be learned here is be extremely cautious with your email. Think about it. Virtually everything online is linked to your email account.

Are you equally vulnerable?

read more »

Smart phones are everywhere. In 2008, nearly 90% of respondents to a survey said they accessed email or company information on a smart phone purchased either by their company or themselves.

How many people in your company are now carrying emails, files, passwords and network access around with them 24×7?

Mobile connectivity increases responsiveness and productivity, but have you adequately addressed the security risks these devices bring?

The main risks you should be aware of are:

• A lost/stolen device or memory card with information stored on it
• A lost/stolen device with the ability to access the company network
• Interception of data over WiFi or 3G networks
• Interception of data over Bluetooth connections
• Departing employees with un-wiped mobile devices they personally own
• Lack of clear ownership of the phone number (if the phone itself is used for business)

What can you do to minimize these risks?

• Require passwords/PINs on all devices
• Use encryption for files and storage cards (this can require third party software)
• Restrict what software and which employees can connect to your network from a mobile device
• Use SSL encryption when setting up email accounts
• Use centralized solutions tied to your email/collaboration system that have remote-wipe capabilities
• Provide clear policies and training for your staff
• Include mobile devices with access in your end-of-employment security checklist
• Be sure you have ready access to carrier and account information

Are you aware of other risks or solutions when it comes to mobile devices?