(Video) How mobile is your business

Hi. My name is roger and today I’d like to talk about how mobile is your business technology. And why does your business need to be mobile. Business world has changed rather drastically in the last couple of years but more and more people are doing business on mobile phones, tablets, laptops.

Because they can. Because all the associated systems utilize the cloud technology component of any business. So if you want be able to collaborate and you don’t know quite how to do, but you have an application that does that.

Then the application needs to be able to be used in a coffee shop. And you need to be able to get into that application at home. And if you’re [Indiscernible 00:00:52] where you’re doing project management, all of those emails that then come through the system saying you need access to the system at all time.

But the mobility is really critical about one other thing and that’s the connection to the digital world that device has. This 3G or 4G is irrelevant. As long as there is a component that connects you to the rest of the digital world then you can utilize and make your business mobile. But mobility doesn’t mean everything has to go into the cloud.

By having components like info soft for instance which is a sales component you can utilize, you don’t really need it on phones. You may need it on tablets because you can then go and have a meeting with someone and take notes directly into the system.

Very hard to do it as a phone device. But it can tell you when you have an appointment, and where you have to be, and why you have be there and what you are talking about. So mobility today in business is really really important because that’s the way we are going.

In the next five years we may not need offices because everything will be in the cloud. You will be working from home, everybody will be able to work in coffee shops. A great idea have a business where everybody can come to you and between everything else and all you can serve coffee. So how mobile is your business technology? It depends on your requirement.

Thank you.

[End of transcript]

 

CyberCrime – Using Security Policies to protect your business.

Most small or medium business and not for profit organisation have policies in place to protect, not only the organisation, but also the staff and users from cybercrime.  Being human, we don’t want to follow these rules. 

We like to circumvent them so that we can do what we like and when. 

This is not a new phenomenon, but it has become more pronounced with the advent of the internet. 

With the introduction of Bring Your Own Device (BYOD), ignoring an organization’s protective polices has gotten even easier and more tempting.

This anything-goes attitude is prominent among internet users.

For instance, here’s a statement it’s not uncommon to hear at an SME:  “My organisation doesn’t have a wireless access point, so I added one to the network.”  The person who makes this statement isn’t considering the security and privacy implications of their actions—they’re thinking about the convenience of being able to surf the internet on their Wi-Fi tablet.

Most people do not understand that putting in a wireless access point without understanding the cyber security implications is a severe problem for most organisations.  SME’s do not have the robust and secure technologies that enable them to detect a rogue AP, and such an AP can remain on the network long after the convenience is forgotten.  We recently did a site survey on a new client and found three of these devices on the network that management knew nothing about.  One of them did not have a password, which means that anyone has access to the network.

What about cloud-based storage?  Let’s say I want to work from home on a confidential document, so I install Drop Box and copy my super-sensitive document into the folder, and now I can work on it from home, on my tablet or even on my phone.  Lucky me.  That super-sensitive information that I was working on is seen by someone in a coffee shop, and it is now all over the internet.

Another thing that we have found is that all internal mail for a user can be redirected or copied to an external web server—Google, Yahoo or Hotmail.  Once again, privileged and commercial in-confidence information can haemorrhage from an organisation because someone wants to be seen as important.

Now in most cases, an organisation has put in place a policy that was designed to protect them against this situation.  But an isolated policy is not enough.  In all organisations, cultural change has to be incorporated into every aspect of people’s interactions with technology.  Maybe carrot-and-stick methodology will work—maybe just stick.  Either way, to enforce a policy you need to change the normal culture of most internet users.  That cultural change can be enforced with a set of policies, as well as technological solutions to reinforce those policies.

Businesses have many reasons for wanting to deploy policies to protect their security and privacy.  Some businesses want to cultivate work/home balance; others have top-secret information or intellectual property that they want to keep inside the business.  No matter what the reason, without changing the culture of the business, the policies might as well not exist.

The golden rules for BYOD in the workplace

BYOD is huge, it is one of the up and coming technologies that SME’s either embrace or totally hate. Either way it is something that is going to become more prominent over the coming years.

Gone are the days where a business gives you a laptop and mobile phone when you start, in today’s business world the reality is that your staff would rather bring their own device than be controlled by your requirements. So not only do you have to protect your information and critical data but you need to understand how to manage the BYOD revolution.

Here are a couple of ideas that could help.

Make sure that all devices have a Personal Identification Number (PIN) or password. This is the first and only level of protection for a stolen or misplaced device. All BYODs need to have a PIN. The attitude of no PIN no device is a good stand to have.

If data is to be downloaded to the device then all that information needs to be encrypted, so that anything at rest of the device cannot be casually read or used.

Applications that bypass security and get to the heart of your business should be tempered with paranoia. File sharing like drop box need to be weighed with benefits.

Have a BYOD policy, this protects your business but it also explains what your business expectations are of the device. If staff fail to sign that policy then they have no expectation of being supported by the business. This policy will also include what rights your business has to the unit, Including auditing, management and remote wiping of the unit.

Define the devices you will support, with minimum operating systems requirements, versions of android or IOS have to be stipulated.

Finally make sure that the devices do not have apps installed that can or will compromise your business security.

Although BYOD is the up and coming technology your business needs to be wise enough to manage it correctly. It is a disruptive technology, but it can be used for good. It is also here for a while so you have to get use to it but you can do it on your own terms.

Protecting mobile devices here are four ideas!

The proliferation of the BYOD and business supplied devices makes it very easy to loose any of them.   Whether they are lost or stolen the final outcome is the same.   To make sure that your business is protected you need to make sure that they are protected at all times.

Keep it safe

This in the physical protection of your device.   Most mobile devices are accidentally lost or stolen at places where you have to relinquish normal levels of control over the device.   Most user will keep them safe but there are times when that personal protection is overcome by a lapse in thought.

To make sure that the device is safe then you need to make sure that you manage your level of oversight.   In places where you have to go though security, where you think it would be safe to not be watching your device is invariably where it will happen.   Keep your eyes on your device at all times when going through a security check.   Do not leave your device at a table when you go to get another cup of coffee.   Always keep it close to your person in crowded areas.

Keep it encrypted

The critical business information if it is on your tablet, phone or laptop should be encrypted.   This ensures that the loss of the device will not endanger your business.

Most businesses do not encrypt data because it is an extra level of inconvenience for the users, but the loss of this critical information will have a detrimental effect on your business if lost or stolen.

Keep it separated

In the world of BYOD you are often in the situation where the line between business and home blur.   If possible keep the two separated.   That can be done in a number of ways, different accounts and passwords for mail, separate business by using RDP or VDI so there is a definitive separation between work and home.

Keep people informed

This is critical, if your device is lost or stolen then you need to inform the authorities as soon as possible.   If the item was insured you will need to complete a police report.   If there was business information on the device then you need to ensure that that critical information is reported to the owner.

There are a number of systems available that will allow you to track your lost piece of kit and will also allow you to wipe it remotely if lost or stolen.   Do not hesitate to do this if you know it is stolen, the faster this system is activated the better will be the chance that business information has not been compromised.

So by keeping the device safe, keeping the information encrypted, keeping business and home information separated and keeping everyone informed you will have a better understanding of your business protections and how they apply to your mobile devices.

BYOD for small business – a work in progress

So you work for a company, so you think the IT systems that they supply to you are inadequate, you think, why cant I use my iPad to do my work.

More and more small and medium business and not for profit organisations (SMB) are facing these type of requests.    The bring your own deceive (BYOD) phenomena is not going to get easier but in my opinion it is going to get a lot worse, especially for the SMB’S space.

Here are four ideas to make it easier for your organisation.

Start with a “written” policy.   All SMB’S need to have a written policy on device management.  This makes it easier for you in the long run as you start with a system of control in place.   This policy states where you stand in the management of your data.   A written policy will be readily accepted by both users and management as everyone knows where they stand.   One of the largest problem is when a device is moved on with outgoing staff.   The policy also has to cover the required security of the information on it.   Your business does not want to loose intellectual property when someone leaves.   A caveat of using your own device is that it can be wiped prior to leaving the organisation.

Segment your network.   This allows all wireless connection to be connected outside the main network environment.    This means that unless the device is physically plugged into the WIRED network access to restricted information can be managed correctly.    Make sure wireless connection also have decent authentication and encryption capability.    If the BYOD doesn’t have the correct security requirements then do not lower the security requirements to allow that system to have access.   This is one of the points that should never be compromised for a staff member.

Develop a security standard.   Just because a staff memeber brings in a device doesn’t mean that it is automatically going to be allowed to be used.   Create a standard level of equipment that the business will support and this list needs to be published internally.   The list can be added to and subtracted from as new devices become available.   This will allow your IT people to have more control over the devices being bought into your organisation.  it will also allow your business to restrict the use of the device as well as what can be stored on the device.   A combination of Microsoft exchange 2010 policies and the types of devices allows you to control a number of the features.

 Draw the line between corporate and personal.   Once you start to bring devices onto your network you also need to define what level of support your IT department will supply.   Will it just be corporate mail, or will it be the total device.  Furthermore do you have the power to remote wipe the device when it is lost or stolen.   If there is corporate information on the device this has to be thought through.   Again this should be defined in the BYOD policy.

The introduction of hand held devices will improve a business but it has to be tempered with some level of control and management.   Without the control, your IT department will be run off their feet trying to keep you staff’s devices in control.

I bought in my iPad can I use it for work?

3D Small People - Flight On PhoneMobile devices are invading our homes, workspace, businesses and organisations.   They are being demanded by workers, Y gen users and teenagers.   Management are always in the situation of trying to catch up with their use and fold them into their business model.

One of the major problems with mobile devices is the how do you secure them and what needs to be secured on the device.    Mobile defence and security consists of 3 areas – the device itself, the data, apps and access to information and the rest of the network.

Here are some ideas for making sure that mobile devices are as secure as possible.

The device – what happens if the device is lost or stolen?    Without a good security strategy it would not matter if the device is issued by the company or it is personal there will be incriminating and business critical information available on the device.   Passwords and encryption is widely used to restrict access to mobile devices, even home users can use
“mobileme” to find their iPhone / iPad or set it up that after 5 failed attempts at access it wipes the device and can only be reactivated by talking to the provider with the account holders information.   There are even better applications available at a business and corporate level.

In the business world it depends on whether you only allow access to the business through business supplied devices or it is open slather you still need to have some level of control.
If you control the device then you can wipe the device if it is lost, stolen or misplaced without any repercussions.   You also need to ensure that all devices have some level of backup and
recovery feature to ensure that important business data is not lost.   If the business doesn’t own the device then you also need to ensure that control over the system allows for the remote
removal of information deemed business critical.

The data, apps and access information that is on a device can be business critical.   Specific apps developed for the business may have critical implications if accessed by unauthorised people on a stolen device.  Some applications also deliver and retain business data on the device itself.   Finally all of those web sites or applications that have access to personal information – banking software, linked in, Facebook, what happens if that information is compromised.   As a safety system never allow the device to save your password, yes I know it is so convenient to have that one click access but!

The use of mobile devices is also compliant on the main business security strategy.   They should always comply with traditional defences like firewalls, encryption and secure passwords and should not be used as a bypass for information access on the business network.   If possible wireless access to information through a device should be done through separate network
access and VPN’s thus adding additional levels of protection and security.

How you protect your information is compliant on your business security strategy.   If you want your people to bring in their own devices or you are going to supply them then
that is your decision but it needs to fit in with your business direction and requirements.    If you have staff that constantly loose or misplace equipment I would seriously think about making the systems as secure as possible.