The Global Risks Report 2016, your next suspense novel…

If you’re looking for a scary story, put down the latest spy novel and pick up the 11th edition of The Global Risks Report 2016, courtesy of the World Economic Forum.

The cyber attack threat takes center stage in North America, standing out as the most likely risk by far. The report reflects the perceptions of nearly 750 experts and decision-makers in the World Economic Forum’s constituencies surveyed in late 2015.

The risks perceived as the most likely to beset various regions this year include:

Social volatility
Interstate conflicts
Economic instability
The truth is that governments, businesses, organizations, and citizens in most parts of the world face pretty much the same dangers from cyber threats as their North American counterparts.

The Grant Thornton International Business Report 2015, for example, shows that cyber attacks are estimated to have cost Asia Pacific businesses $81 billion in the preceding 12 months, while firms in both the EU and North America saw revenue losses just over $60 billion.

Cascading Effects

Cyber dependency is a global trend in a world where digital businesses reside in increasingly connected, smarter and more automated environments.

That means that an entity’s risk is increasingly tied to that of other entities, making it harder for any single party to fully protect itself. This raises “the odds of a cyber attack with potential cascading effects across the cyber ecosystem,” the report states.

Consider also the impact of other risks that can lend more fuel to the cyber-attack flames. “Chronic and resurgent violence, conflicts, and economic and social volatility will remain prominent features of the current and future reality,” the report notes. Such conditions only make it easier for bad actors to gain new recruits to conduct cyber-attacks, be they criminal or terrorist in nature.

Raise Your Defenses

The World Economic Forum’s 2015 Executive Opinion Survey, out of 140 global economies, 18 put cyber-attacks on their list of top three risks and eight consider them a risk of highest concern for doing business. These are Estonia, Germany, Japan, Malaysia, the Netherlands, Singapore, Switzerland, and the United States.

Growing awareness is a good thing, but improved readiness to face these attacks is even better. If there’s a happy ending to this scare story, it is that defenses can be improved, although organizations must first fully grasp the extent of their cyber-security risks and the investments required to better manage those risks and build resilience.

The Global Risks report recommends actions that businesses can take to better defend themselves, such as:

Fostering greater cooperation throughout their value chains
Sharing cyber breach data with law enforcement
Building up security for under-protected areas like machine-to-machine connections
It’s unlikely that every organization can prevent every cyber attack, but companies should emphasize methods to identify and effectively mitigate them by streamlining mechanisms for:

Early detection
Response and recovery
Rapid mitigation
Better manage the consequences
That sounds like a good plan to us, and hopefully it’s one that organizations of every stripe will waste no time putting into action.

3 BEST VPNS FOR ANDROID

Summary:  Using the internet on an Android phone or tablet with the default settings leaves you very vulnerable online.

It means hackers can gain access to your personal information and control your device. A Virtual Private Network, or VPN, will protect your Android device.

A VPN encrypts your presence online so that someone cannot remotely put malware on your smartphone or tablet, download apps, or steal personal details.

To be fully protected online when using Android, get Express VPN today.

 

 

NOT USING A VPN IS DANGEROUS

My Android smartphone started doing some really weird things last year.  It began to download apps all by itself.

When I started flicking through the home screens on my phone I noticed random app icons that were never there before.

I certainly never downloaded them and I have no idea how they got there. Even though I deleted the apps from the device, new apps kept reappearing every few days.

It was through a friend I realized my Android phone had been hacked and I needed protection.

Infiltrating an Android device is actually more straightforward than you might think.   For example, if you regularly use public Wi-Fi, it is easy for a trained hacker to gain access to your device.

Some common signs that your device has been hacked include:

  • Battery being drained quicker than usual due to malware
  • Internet data is being used up quicker than normal
  • Apps are being downloaded without your consent

If any of these issues are happening to your Android device then you need to take action.  You should run an anti-virus and clean your phone, but this is just a reactive measure.

You also need to be proactive to stop it from happening in the future.

MY 3 BEST ANDROID VPN RECOMMENDATIONS

There are so many VPN services out there that claim to be the best.  However, I speak from personal experience on what the top 3 services are for Android operating systems.

I take my security very seriously now.  After my device was hacked last year, I went through several VPN services before I found one that I was comfortable with.

I want to help you guys protect your data and your information and this is why I have decided to share my top 3 recommendations with you.

#1 EXPRESS VPN – 9.5/10 – THE BEST VPN FOR YOUR ANDROID DEVICE

Express VPN should be your first choice to protect your Android device.

They have over 100 VPN locations in 78 countries, which provides you an incredible number of options regardless of your location.

Express VPN also provides its users unlimited bandwidth, unlimited speeds, zero logging of your Internet activity, ease of use and their reliability is through the roof with 99.9% uptime rate.

Needless to say, Express VPN is a reliable service that is perfect for your Android.

Express VPN is affordable, only $8.32 a month with a 12-month subscription and they offer a 30-day money back guarantee.

You also get world-class live chat and email support 24/7, and Express VPN boasts an impressive average response time of under 30 minutes.

Downloading the app and using the service is super easy, too. Since we are concerned with security we have to mention how Express VPN protects you, with 256-bit encryption.

The experts at Express VPN provide this high level of encryption to ensure your security and privacy.

When combined with their speeds and customer service, it’s easy to see why Express VPN is our top choice for your Android.

To get the best protection and service available for your Android, check out Express VPN here.

#2 IPVANISH – 7/10 – HARDER TO USE ANDROID APP

IPVanish also have an Android app but it is not as easy to use as Express VPN and also has a slow customer support team.

I have friends who are not great with new technology. It takes them a while to figure out how to use different apps and software.

With Express VPN they could open up the app and be secured in seconds.

It is much harder to use the IPVanish app. If you don’t have a lot of time to spare then you should get the Android software from Express VPN instead.

Another problem with IPVanish is that their customer service is really slow. I had issues installing the app on my Android device and need to contact their support team.

It took hours from submitting my support ticket to receiving a reply. With Express VPN I had a response in minutes and a solution to my problem within the hour.

If you want to use a reliable and simple Android app that will allow you to use the internet anonymously then get Express VPN.

You can visit the IPVanish website here.

 

– See more at: https://securethoughts.com/3-best-vpns-android/#sthash.p2u8ZsKL.dpuf

Is the Cloud Secure?

 

There seems to be a common misconception about the cloud not being secure. Organizations are worried that by utilizing the cloud, they risk compromising important company information and confidential data. This could not be further from the truth. In fact, the cloud adds security to your environment and workspace. It is more secure than using your laptop! A global study of more than 4,000 organizations done by the Ponemon Institute Thales e-Security found that using the cloud for processing and storing critical data is almost an inevitable solution. More than half of all participants responded that their organizations already transfer sensitive or confidential data to the cloud while only 11% say that their organization has no plans of doing so. This is down from 19% two years earlier (Forbes).

Think of cloud security in terms of accidentally downloading a virus. When you do so on you work laptop, there is a good chance it will corrupt all your important files and information. You will then notice your computer running slowly and your private data is now compromised. However, if you were to download the same virus on your virtual laptop, the same thing should happen, right? Actually, that is wrong. As soon as you are aware that you have a virus, you can have your administrator pull your desktop back in time to before the virus was downloaded. Literally, you have the ability to revert back in time to the previous “image” of your desktop. You’re no longer vulnerable to that virus and your private data is no longer being compromised.

2When Sony Pictures Entertainment experienced a cyber-attack around the release of their movie “The Interview”, a hard and expensive lesson was learned. Not only were Sony’s eyes opened to the other security requirements for their industry, but businesses began considering the costs of managing and securing their information in-house rather than utilizing the cloud. The cyber-attack on Sony cost them around $100 million, not including the loss incurred by the hit to their reputation. They’ve had to invest an abundance of time and energy into rebuilding and diagnosing what really caused the security breach. The unending amount of fees they face such as responding to investigations from the Federal Trade Commission and Securities and Exchange Commission, and potentially state attorneys general, will definitely add up and put a financial burden on the company. It also caused an insurmountable loss of good-will for Sony. They also lost valuable information like strategic planning and trade secrets that affect a corporation’s profits. The hackers got ahold of confidential personnel records of its employees and various embarrassing emails from executives, all of which endangered Sony’s relationships with employees, talent, contractors and vendors (Logicworks).

Had Sony been utilizing cloud services, the situation would not have unfolded in the detrimental way that it did. Their valuable information would not have been lost as it would have been stored safely in the cloud. With the extensive security placed within the cloud, hackers would not have been able to access any of their confidential personnel records. This would have ultimately avoided the situation and saved Sony from the losses that occurred.

More and more organizations are moving to the cloud, and rightly so. The security only continues to improve and the risks of in-house assets continue to rise. Forbes says that 47% of marketing departments will have 60% or more of their applications on a cloud platform in two years. This year will be the year that the doubts of cloud security will be put to rest. Don’t put yourself in a Sony situation.

4 Myths About Mobility in the Workplace

small-business-lender

The use of mobile devices for business can no longer be ignored. It’s changing the way business is done and that’s proving to be a positive thing. While many organizations have taken this development in stride, others are turning a blind eye to the inevitability of business mobility. Research and statistics show that technology brings many advantages to the table, and70% of professionals will work via smart, mobile devices by 2018. Why leave your professionals in the dust? Let’s debunk some of the major myths regarding mobility in the workplace.

Myth #1: Your employees will be less productive.

Today, your employees will actually be less productive if they’re chained to one location, without the option for mobility. The fact of the matter is that work productivity is a management problem, not a technology problem. 90% of business communications stretch far beyond the local workplace – so why limit employees to that local workplace? Imagine that an employee has to leave the office for a meeting or to make a sale. It’s counterproductive for that employee to head back to the office to complete and submit a form, and it’s not good for your customer service if employees in the field can’t access necessary data or complete deals on the spot. Business mobility strategies actually save time and can ultimately increase sales by giving employees the tools they need to make quick decisions. These capabilities also improve a business’ reputation.

64% of employees conduct some sort of business after hours at home. The magic of cloud computing and mobile devices is that they allow people to complete business tasks from any location, at any time. This actually increases productivity, allowing your employees to produce the same quality of work while away on a business trip or otherwise working remotely.

Myth #2: Mobility will make your business less secure.

Of course, as with most technology, there is risk associated with business mobility. But, as with most technology, risk can be addressed.

As you implement mobility into your business, you simply need to focus on risk management and security. By paying attention to Mobile Device Management, analytics, encryption, authentication and strict policies, you can implement a mobile strategy in a risk-free way.

Many studies show that employees are already using smart devices for work, with or without company approval. Rather than ignoring this fact or expecting to put a stop to this trend, address it by creating a company-wide policy. This should include the acceptable use of devices, security measures, technical standards, etc. Check out this article for guidelines on how to do BYOD the right way. This can (and probably should) be something that employees are required to sign off on. It should also be accessible to employees at all times.

Though employee policies tend to fall to the Human Resources department, this is a process that should include the IT team and others with a knowledge of technology and mobility. By combining policies with training on the importance of data security and user diligence, the risk of business mobility becomes no greater than that of other business initiatives.

Myth #3: All mobile devices are the same.

You may be thinking, “Well of course they’re not all the same,” but too many businesses today are treating all devices equally. People use different devices for different reasons. Compare the typical use of a laptop vs. smartphone vs. tablet. Of course there is overlap, but one policy won’t necessarily cover the essentials for all of these devices. They might each require unique management strategies, so a business should address that when moving forward with a mobility strategy.

Myth #4: Business mobility is optional.

The fact is that mobility is a huge part of the business world already. Almost 1/3 of enterprise data is accessed through mobile devices today. Organizations ignoring this fact might find themselves falling behind. Today, a great business strategy practically requires a mobility strategy, as it factors into employee productivity, company collaboration, business profits, customer service, marketing and much more. And any business expecting to grow will need to give employees the ability to access business data on the go. The trend towards mobility is driven by a desire for greater productivity and flexibility. To ignore it would be counterproductive for a business.

Don’t let your business down. Mobility in the workplace is important. By debunking these popular myths, we hope to help businesses adopt a mobility strategy that is both effective and safe.

In Cloud We Trust – Cloud Security

Security Blog

We’ve all heard it before: “If you move to the cloud, all of your data will be at risk!”

Countless studies have shown that cloud security is the major factor standing in the way of cloud adoption. While in some cases companies are right to be wary, like most things, not all cloud providers are created equal. In fact, the security a company experiences with the cloud solely depends on the provider chosen. It’s wrong to lump all cloud providers together and assume a general opinion on cloud security, whether that opinion is good or bad. Just as some companies currently have better in-house security than others, some cloud providers view security as a larger priority than others. And the word security is all-encompassing, referring to physical and network security, as well as compliance.

Physical Security

A great cloud provider will have multiple physical security measures in place. Look for providers that can offer the following: full credential-limited access to data centers, key card protocols, biometric scanning systems, exterior security systems, on-premises security guards, digital surveillance and recording, secured cages, around-the-clock interior and exterior surveillance monitor access, and employees that have undergone multiple, thorough background security checks. This isn’t asking too much. These are the things that will protect your information. The best facilities will also include environmental controls such as redundant HVAC systems, circulated and filtered air, and fire suppression systems.

Network Security

A reliable cloud provider should be able to guarantee geographical diversity of data center locations as well as full redundancy. With these steps in place, companies can ensure that in the event of a disaster, their business-critical data and applications will be safe and accessible, even if one of the data centers is affected. Look for in-flight and at-rest encryption, strong firewalls, password protection and around-the-clock monitoring. Make your provider prove itself, and ensure that it can demonstrate strict and accurate Service Level Agreements.

Compliance

Today, more and more industries have regulations and standards to meet. “Compliance” is an extremely important word for businesses in all industries, as it refers to the laws that are in place for security and privacy purposes. Your cloud provider should meet, if not exceed, large compliance laws such as HIPAA, PCI DSS, and Sarbanes-Oxley. Whether or not your company needs to meet these regulations, you want a cloud provider that understands and follows the top compliance laws because this demonstrates that they are knowledgeable and trustworthy.

The reality of today is this: cloud computing is a growing, important technology that is being adopted by the majority of businesses. In order to remain relevant and modern, cloud is the way to go. By no means should you risk your company’s security to do so, but you should work to find a provider that is trustworthy and can offer excellent physical and network security for your data. You have to remember that cloud providers are businesses too – they put loads of money into ensuring that their customers information is secure. For the most part, they aren’t willing to risk their reputation and customers for lesser security. As long as you take the appropriate steps to ensure you’re working with a legitimate, secure provider, the cloud is ‘absolutely a viable and intelligent option for your organization. And when you make the move, you’ll experience better security than you ever had in-house.

IoT and the Impact of “Smart” Technology

internetofthingsScreen Shot 2015-10-13 at 1.21.21 PM

The Internet of Things (IoT) isn’t exactly new – according to The Guardian, the first Internet-connected toaster was unveiled at a conference in 1989, and does anyone remember the movie “Smart House”? People have been intrigued by the idea of connecting, well, anything and everything for years and years now! Today, however, we finally have the technology in place to do so, and the Internet of Things is really taking off.

IoT Defined

The Internet of Things revolves around increased machine-to-machine communication, and it’s said that this technology will make everything from streetlights to seaports “smart.” Its true value lies in the intersection of gathering data and analyzing it. Today, there’s a huge network of physical objects that are embedded with electronics, software, sensors and connectivity. These objects, or “things”, are able to both collect and exchange data, and the network will only continue to grow in coming years.

In really simple terms, the Internet of Things is all about connecting devices and objects over the Internet. They are able to talk to each other and to us. There are plenty of examples already: smart technology in automobiles, the smart fridge, mobile devices, wearable technology, and so much more. And IoT isn’t even limited to singular devices. Imagine a true smart home, or an entire smart city!

The Challenges

Security is always a top concern when new technology is introduced. It’s extremely valid, as devices within the IoT will certainly be gathering a lot of data about people. This is a challenge that experts in the Internet of Things are already working to overcome, and it’s still in the early stages. There have not yet been excessive hackings, but as IoT develops, it will be more attractive to hackers – this means more emphasis should be put on security in these early stages to avoid problems later. However, it’s important to keep in mind that these devices are just as susceptible as a home PC or smartphone – it’s all on an even playing field. And as the Internet of Things grows, so will security technology.

Another concern is how the Internet of Things will affect business. Some think it will affect productivity levels or lead to an invasion of worker privacy. IoT will almost definitely impact how business is done today, but it can have a really positive impact. Manufacturing already uses the Internet of Things to organize and track machines, while farmers are able to monitor their crops and cattle. As more and more businesses adopt this technology, it can have a significant impact on production and efficiency. And while employees may not like the idea of being tracked throughout the workday, this concern may lead to the implementation of IoT policies to both protect workers and take advantage of the latest technology.

IoT and Cloud Computing

The Internet of Things is built on cloud computing and networks of data-gathering sensors. Cloud-based applications are truly the key to using leveraged data gathered from the IoT. They interpret and transmit the data coming from all these sensors. The cloud provides the infrastructure needed to analyze these huge amounts of data in real time. 55% of IoT developers primarily connect devices through the cloud (Forbes). Cloud computing can also address concerns about security, as cloud security has strengthened significantly in recent years.

With huge levels of data flying around, the cloud is immensely important in the development of the Internet of Things. It has the capability to handle the speed and volume of this data, and ensures that the data remains accessible anywhere, at anytime, using any device. And paired with Big Data, cloud computing also provides valuable insights that businesses can use to customize their offerings.

9 Questions to Ask a Managed Security Provider

Once, managed security providers were small companies who offered select few larger companies the option to store their data remotely. Now, that market has grown into a widely utilized industry, where providers navigate security issues, compliance regulations, and the importance of data protection for you.

But with this burgeoning enterprise comes the difficulty of deciding between the many competent players. When choosing the company that will defend the security of your data and manage your ability to access it, it’s important to look closely at several aspects of each provider

Track Record. The ideal MSSP to handle your company’s sensitive data will be able to show a strong history of quality information management over a significant period of time.

  1. Response Time and Analysis. An MSSP must be able to easily determine security threats from false alarms. Your provider should be able to respond immediately after analyzing and interpreting large amounts of network security.
  2. Operation Centers. The best MSSP will have state-of-the-art security operations centers at multiple locations, allowing for cross-monitoring and double-checking compliance with security standards.
  3. Global Awareness. To really be prepared, security experts must be able to monitor threats to data not just domestically, but from around the world. International eyes and ears allow for proactive handling of threats and real-time alerts.
  4. High Level Management. Management personnel in the best MSSPs will often have backgrounds working in military, security, or government: an indicator of success.
  5. Range of Services. Particularly for larger businesses, MSSPs must be able to provide a variety of services, including real-time monitoring, firewall management, intrusion detection systems, virtual private networks, and more.
  6. Security Procedures. Ask for documented standards and policies that are in place, from handling of unusual operations to common threats. Look for an MSSP that offers a variety of notification options for optimal staff awareness.
  7. Third-Party Validation. Whatever these policies and procedures are, make sure that the MSSP has had them validated and certified by a third-party auditor.
  8. Range. For best brand-specific protection, find an MSSP that employs specialists who have certified experience working with a variety of security providers and in a wide range of products.
  9. Reporting. Detailed reporting is essential for a company to truly trust the MSSP. Be sure that the reports are based on information drawn from various platforms, include recommendations, are open about latest threats, and are clear about any security changes that have been made.

Your data is only as secure as the company trusted to protect it. Take your time and consider all aspects of the business and relevant details of your own company before deciding.

10 IT Security Questions Every Business Should Ask

 

In this face-paced, ever-changing, technological world, small and growing businesses must be prepared, now more than ever, to not only address the danger of cyber-security threats, but also to have the in-house expertise to implement information security programs that handle these types of issues. This means going far beyond simply having anti-virus software and creating strong passwords.

While this can sound overwhelming, every organization that intends to stay on top of and serious about security should take this into consideration. To help you get started, we outline 10 simple questions to ask yourself when establishing a strong foundation for information security programs:

1. Has responsibility and accountability been assigned for IT security and data privacy? As a business, there should always be someone in place who is designated (and qualified) as the IT Security Officer (ISO).

2. Have you identified, and do you understand, all regulations and standards that apply to you? A sampling of standards includes, but is not limited to:

  • Sarbanes Oxley (SOX)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA),
  • Payment Card Industry Data Security Standard (PCI-DSS)

3. Do you have documented information security policies and procedures? Doing so will help you define goals for the organization in regards to information security, as well as provide an outline for how your organization will meet these goals.

4. When looking to prevent security breaches and fraud, how do you monitor the systems you have in place? If you haven’t already done so, start implementing network intrusion detection systems that regularly review system logs and activities. This will allow you to investigate any suspicious activity before it becomes a big problem.

5. If a security or data breach were to take place, do you have a response plan in place? Data and security breaches often blindside people and organizations, and make it difficult to respond in an efficient matter. Having a detailed, emergency plan in place will not only allow you to act quickly and with confidence, but will also provide a blueprint for how to manage:

  • Containment
  • Investigation
  • Legal actions
  • Public relations

6. Do you have a patch management strategy, and if so, what does it look like? A thorough and comprehensive patch management process allows businesses to protect themselves from newly discovered threats – both internally and externally. It is important to note that in order for this to be effective, all software and systems should be covered.

7.  Do you perform initial and periodic security checks on new vendors?
In order to stay ensured that your data is being adequately protected by your vendors, it’s always a good idea to review the security controls they have in place. If gaps are found, you can then take action to correct them before damage is done.

8. Have you identified and protected all sensitive data? 
As a business, always identify any and all sensitive or confidential data, make note of where it is stored, and look into the adequacy of the processes protecting the data.

9. Have all high-risk technology systems been identified? Utilize a basic IT risk assessment and focus your resources on high-risk areas to help you evaluate your security control efforts.

10. Do your employees receive adequate security training? Unfortunately, some of the most common security breaches are a result of employees accidentally divulging sensitive information. Continual security awareness training and testing will not only protect your systems, but also help your employees identify and avoid attackers utilizing social engineering techniques.

How can I Lock Down my VoIP Network?

Three Invaluable Tips for Cloud Safety

One of the arguments most frequently made for switching to the cloud is the fact that it is secure. And, while this is true, nothing is perfect. You’d always rather be safe than sorry. Especially for retailers and financial institutions, security is paramount – although not every institution makes it their top priority. Companies should always be operating as though they are at risk for a data breach, because in essence, it’s always a possibility.

Something that not many people realize is that the vast majority of news-making data breaches have occurred on out-of-date network systems with similarly out-of-date security measures. Embracing the cloud means embracing the latest technology, whether that’s in organization, integration, or, yes, security.

What we’re trying to say is that yes, it’s time you upgraded to the cloud and no, you shouldn’t be afraid that the cloud will put you at risk for security breaches – they’re much safer than the legacy servers you’re probably using. But, once you do move to the cloud, it’s important to employ best practices to keep your business safe.

Here are three tips to achieving cloud safety.

Keep your Staff in the Know; Monitor BYOD
It’s becoming increasingly common for companies to have their employees bring their own devices, better known as BYOD, to work. Some employees even prefer this over having separate computers, phones, etc. While this may be efficient for your company’s needs, it’s important that everyone understands how to keep their devices safe. Hold frequent meetings to let staff members know what could happen if their devices fall into the wrong hands, what applications are secure and which aren’t, and how to protect themselves. A lot of companies have made it mandatory for employees to lock/password protect their computers whenever they are away from their desks, which is never a bad idea.

Encrypt, Encrypt, Encrypt
Chances are, the cloud platform you’re using will encrypt your data automatically. That said, platforms do not always encrypt the data that is synced to mobile devices. It might be a good idea to look into file-level encryption to play it safe if you have employees who work remotely to any degree. Having this extra level security is entirely worth it – if only for your peace of mind.

Always Stay on Top of Security
Security should be your priority. It may seem obvious, but surprisingly, only 40 percent of financial businesses think a data breach is a risk they face, even though small data breaches are incredibly common. Revisit your security often to see what new things you can do to stay safe, and have frequent trainings to ensure everyone understands the consequences of not doing so. You can never be too safe.

Like we said before – it’s time to embrace the cloud and enjoy the integration it offers. You can now have your e-mail, applications, and phone systems all hosted in the cloud. That said, safety should always be #1 in your business, and it applies to the cloud as well.