Top IT Security Bloggers

  • It was inevitable: Malware-infested PowerPoint exploits Mayan Doomsday fears

    CSO Online
    Researchers at Sophos say a booby-trapped PowerPoint presentation titled "Will the world end in 2012?" is circulating.

  • FTC expands Children's Online Privacy Protection Act

    CSO Online
    New provisions in the Children's Online Privacy Protection Act cover apps, exempts 'platforms' like App Store and Google Play and requires parental approval before companies can gather kids' photos, videos or geographic location.

  • Left to your own devices: Making BYOD work for your organisation

    Clearswift Blog



    Ipadtouch-is

    Bring your own device (BYOD) continues to be one of the dominating security themes going into 2013, but what does this mean for organisations large and small, and why is it an issue?


    To some extent, the culture of BYOD has developed as a direct result of companies saving money by not purchasing dedicated corporate devices for their staff. More frequently it has often been surreptitiously brought into an organisation with execs buying the latest 'gadget' and then requesting corporate email on it, opening the flood-gates for BYOD use – and without a second thought for information security. Employees are happy to use their own devices because they are familiar with them – after all, they chose them themselves, and it is a continuation of the blurring of lines between work and home life. However, once that device holds company data, it needs to be covered by the company’s security policy. What… you don’t have policies relating to BYOD? Don’t worry, you are not alone…


    Of tablets sold worldwide, only 25 per cent have been purchased for company use, whereas two thirds of people with personal tablets will use them for work at some point (source: Canalys). It's predicted that 100 million tablets will have been sold by the end of 2012 (source: ABI Research), meaning that nearly 50 million personal tablets will need to be incorporated into company BYOD security policies – and this doesn’t include smartphones, laptops and netbooks.


    Essentially, people use their own devices to suit their needs and ultimately to be more productive, which is commendable. Many organisations have policies in place regarding use of laptops, but the proliferation of smart devices at work means that another level of protection must be added. Here are some questions your organisation should consider to ensure you reap the benefits of BYOD:


     



    1. Do you have a policy in place defining what information/data can be accessed via employees' own devices? Do you ensure corporate data is segregated from the personal data of the user?

    2. Which apps do you allow to have access to your corporate data? Some apps are 'helpful', backing up data on the device to the cloud automatically (and unencrypted) – is this where you want your data to reside? Is this a data breach waiting to happen?

    3. While on the subject of apps… what is the policy to ensure that there is compatibility between apps and what are the licensing rules for corporate ones – if they are to be installed on a BYOD?

    4. What happens to that data when the employee leaves? Do you ensure all corporate data is removed?

    5. Do you have a policy on appropriate cases, screensavers and ringtones to avoid embarrassment in meetings? Employees are brand ambassadors, especially in meetings.

    6. Are you comfortable with your employees' friends and family having access to their devices? Could they cause an inadvertent data leak?

    7. What happens when the device breaks or is lost? Is that the end of productivity until it is fixed? (After all, there is no central IT department to ‘instantly’ replace it.)

    8. What happens when a corporate application doesn't work on a user’s device – due to incompatibilities, especially browser support? Who pays for the fix?


     


    If alarm bells start ringing with any of these questions, it may be time to reconsider your BYOD policies and those around information security.


    Guy Bunker


    To hear more about BYOD, including comment from Clearswift's Guy Bunker, have a listen to InfoSecurity’s dedicated webinar.





    Permalink

    | Leave a comment  »

  • Is the world ending Friday? Maybe, maybe not, but curiosity could be infectious

    Sophos - Naked Security
    Interested in the buzz around the Mayan calendar ceasing to increment after December 21st, 2012? Don't go looking for presentations about the topic, you might be in for a nasty surprise.

  • Pikspam: An SMS Spam Botnet

    Symantec Security Response Blogs

    The recent discovery of an Android SMS spam botnet by Cloudmark, which is detected by Symantec as Android.Pikspam, has gained media attent


    read more

  • Unsophisticated Wiper Malware Makes Headlines

    TrendLabs - Malware Blog
    Iran CERT recently announced that it uncovered a possible targeted attack using a malware that wipes files that will run on certain predefined time frame. They noted its efficiency in performing its routines despite its simplistic design. The way this malware was created was also deemed unusual, as the author wrote a series of batch [...]

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Unsophisticated Wiper Malware Makes Headlines

  • Shocking Delay in Fixing Adobe Shockwave Bug

    Krebs on Security
    The Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) is warning about a dangerous security hole in Adobe's Shockwave Player that could be used to silently install malicious code. The truly shocking aspect of this bug? U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won't be fixing it until February 2013.

  • Fraudulent Facebook 2013 Demo

    Symantec Security Response Blogs

    Fake applications offered by phishing sites continue to appear. In December 2012, a fake app was seen that was titled, “Facebook 2013 demo”. Social networking users in India were most likely targeted in this phishing attack because the phishing URL consisted of certain words in Hindi. The phishing site was hosted on a free Web-hosting site.


    read more

  • Dell acquires Credant Technologies

    CSO Online
    Dell says Credant Technologies will help it delve deeper into the mobile data protection market.

  • Botnets for the Masses

    Symantec Security Response Blogs

    Not so long ago, aspiring bot-herders, who wanted to get started with a botnet of their own, would have to hang out in the right circles or learn how to make one themselves. If they hung out in the right circles they would be provided with guidance and documentation to get started. If they were creative enough and had enough time and skill they could create their own from scratch.


    read more