Here’s what you need to know before your business buys a drone

DRONELike the Pony Express 150 years ago, the Drone Express may change the way you get mail and packages. Of course, the Drone Express is still a few years away, but drones are allowing organizations to think up new ways to conduct business.

Insurance companies, for example, rely on drones to inspect houses for damage; government engineers use them to examine buildings, bridges, and railroads; utility companies check phone lines with drones; and law enforcement and fire departments employ drones to scope dangerous scenes like burning buildings or forest fires.

But as you consider how drones can help your own business, there are a number of issues and regulations around commercial drones to know and address before your first flight. Here are the most important ones to consider to ensure your drone launch lifts off successfully. Continue Reading…

Tags: ,

Ransomware 101: What it is and how to protect yourself

Ransomware
Ransomware was once a blip on the cyber security radar, but times have changed: Ransomware attacks grew nearly 500 percent, to 3.8 million attacks, from 2014 to 2015.

Ransomware has been headline news ever since hospitals became big targets. One survey found that only 18 percent of hospitals haven’t been hit with ransomware attacks. But health care isn’t alone: Police departments, schools, and churches are all seeing ransomware attacks grow in frequency. Still, some organizations fail to protect themselves or are simply unaware of the threat ransomware poses. Continue Reading…

Tags: , ,

Printer security is no joke, so why are you forgetting about it?

security lockAn employee at an investment bank read documents left on a shared printer. They contained information about upcoming mergers and investment decisions, and the employee used that information for his own financial gain.

One network-connected printer at a large beverage manufacturer ran out of ink, and continued to send out messages to all connected network segments. Those repeated messages crashed a dozen programming logic controller devices, and rebooting them halted production for hours. Continue Reading…

Tags: , ,

Incident management isn’t enough — here’s what IT really needs

incident managementIn all of the latest IT security threat reports, one theme is clear: Breaches and compromises are on the rise, both in quantity and sophistication, and there’s no sign of them slowing down. Organizations of all sizes are at risk. Businesses need to be ahead of the game, maintain a strong security posture, and be prepared for anything.

But is it possible to be prepared for the unexpected? Yes it is, but only if you focus on developing and implementing sound incident management practices.

This includes everything from initial detection of an intrusion in the IT environment to response and recovery services. But here’s the rub: Incident management programs are useless if they can’t detect an incident or attack in real time. This is the key component to the IT security universe. Continue Reading…

Tags: , , , ,

Cyberattackers had a great 2014. Here’s how to stay ahead of them in the second half of 2015.

Symantec Internet Security Threat Report 2014 was a banner year for cyberattackers, but not security. The high-profile data breaches of last year prove that antivirus is not enough, and the numbers of spear-phishing and web-based attacks, malware targeted at virtual machines, and ransomware continues its climb to historic levels.

Symantec highlighted the various methods hackers are using to attempt to steal company data in the 20th edition of its Internet Security Threat Report (ISTR). After a thorough reading of this April report, it’s clear that businesses of all sizes are at risk: Continue Reading…

Tags: , ,

3 perimeter security challenges, and how organizations can fix them

perimeter securityIT administrators have plenty of perimeter security tools at their disposal, from firewalls to spam filters to intrusion detection solutions. But despite all the preventative measures, most organizations still have gaps in their security controls or processes, which could lead to cracks in their system. A coordinated attack from an outside threat could penetrate these seemingly thick walls of perimeter security due to poor security management and overlooked system vulnerabilities.

Securing a network’s perimeter, defined as the demarcation point for exchanges among data, assets, employees, and partners, is a struggle for many organizations because of its complexity. IT departments can be easily overwhelmed by operating a complete perimeter security system because individual solutions are often stitched together, and therefore require multiple management controls, protocols, and licenses.

Companies with fewer than 2,000 users experience the most significant challenges, because the laundry list of best practices that includes firewalls, VPNs, web and mail proxies, and intrusion prevention systems (IPSs) is typically expensive and arduous. In response to individual threats, the piecemeal approach of perimeter security is often deployed over many years.

The threats don’t stop, and with infrastructure constantly under attack, the risk of a breach remains high. Here are three common challenges mid-size businesses are facing with regard to perimeter security, and how organizations are solving them. Continue Reading…

Tags: , , , ,

Tackling security vulnerabilities in health care

health care data securityNetwork security is critical for any organization, but in the health care space, with the personal and medical details of millions of individuals in the balance, the stakes are even higher. Out-of-date software, unimplemented patches, or even outdated passwords could be the vulnerability that exposes the sensitive information of an innocent and unsuspecting patient base. Two recent security breaches suffered by prominent U.S. health insurers highlight these vulnerabilities.

In February, Anthem Inc., the second-largest health insurer in the U.S, revealed that a previously-disclosed hacker attack compromised the health care records of as many as 80 million individuals. A few weeks later, Premera Blue Cross reported that the personal, bank, and health data of an estimated 11 million individuals was exposed when hackers penetrated its system in a similar assault.

These two high-profile security breaches have intensified the spotlight on data security, and raised several important questions for health care organizations (what HIPAA calls “connected entities”) and groups that provide supporting services to health care entities (called “business associates”). These groups should be asking the following questions: Continue Reading…

Tags: , , , , , , ,

One of the biggest security flaws in your network is one of the most unexpected

secure printingData breaches seem to make headlines every week. And as of late 2014, 43 percent of 567 U.S. executives surveyed said their companies experienced a data breach in the past year.

But what’s shocking is how unprepared U.S. companies are for these hacks: 80 percent of the executives said employee negligence was a root cause, and 27 percent of companies didn’t have a response plan in place.

Still, the threat of a hack has pushed network security to the top of the IT priorities list, and organizations are locking down servers and networks. But there are a number of less obvious targets that could still expose sensitive data. Printers are just one example of the ancillary devices that could leave your security strategy vulnerable. Continue Reading…

Tags: , ,

The biggest security mistake you can make (and how to avoid it)

biggest security mistakeNo organization is immune to security risks. Between malware, viruses, network attacks, and data breaches, organizations must keep a watchful eye on the health of their IT environment.

But often the biggest security risk is the one you’re not paying attention to. It’s not forgetting to patch security vulnerabilities, or not running antivirus, or relying on outdated software. Those are bad ideas, for sure, but there is one idea that’s worse than all of those combined: Not conducting regular data backups.

Organizations that don’t follow through with regular data backups aren’t alone, and a proper system backup solution doesn’t have to be a budget-busting endeavor. IT can easily fill this security gap with the right support. Continue Reading…

Tags: , , , , , ,

Intrusion prevention systems: The must-have piece to your network security puzzle

intrusion prevention system (IPS)Network security is not a one-and-done process. Organizations can no longer install a few firewalls and expect their data to remain safe from breaches. If IT managers didn’t know this already, they learned it from the Target point-of-sales attack and the Heartbleed bug — just when we thought our information was safe, hackers developed new ways to snake through our systems and steal valuable data.

The only way to get ahead of these thieves is by changing the way organizations look at network security. Too many take a patchwork approach, implementing just a piece or two of a larger puzzle. One piece alone puts your organization at risk, but when you connect many systems and measures together, you complete the security picture.

One of the more important puzzle pieces that too many organizations still don’t have in place is an intrusion prevention system (IPS). The IPS operates on the front lines of network defense, working in tandem with intelligence gathering systems that comb logs for suspicious activity, application security tools that detect and thwart attacks on vulnerable applications, and data protection systems that keep your most sensitive information locked down.

And while it’s just one part of a comprehensive security plan, IPS is a must-have in today’s era of larger, more frequent, and more damaging breaches. Yet other tools are still in use as a first line of defense against intruders, including firewalls and intrusion detection systems (IDSs). Here’s a breakdown of why IPSs should be an integral part of your larger security ecosystem. Continue Reading…

Tags: , , ,