Corporate IT and Employees Using Their Own Mobile Devices - The Risk Is Real

The other day, I was discussing the challenges of all the 1000s of mobile devices out there and how all of these devices were being used by employees to access their company's computer system. That's a scary proposition, and it's serious. Okay so, let's talk.

Not long ago, MIT Technology Review Blog had an interesting post about how IBM was dealing with all these devices, and they obviously cannot afford to be infiltrated, and regardless of the reality that IBM sees this at as an issue, which it is most definitely, it's not just the Fortune 100, 500, 1000, but all the suppliers, little companies, service vendors - lose lips sink ships right? So, what's the solution - dual IT systems, rapid virus scan checks, or perhaps some new strategy?

Is there another way to run a bare bones unconnected set of servers for basic personal tech device common uses, still with quick scan features prior to access (quick as in 10-20 seconds max) after any changes to the apps on the device - then more important data on a need-to-know basis for execs, while in secure locations, with special devices given out from the company with full security? I asked my acquaintance; "How does your company do this?" Obviously, my acquaintance is not a liberty to say, and even if he did, I probably wouldn't put it into an article here.

Still, is there a service or website which can scan a device or software of similar nature for companies? Is such a thing available on the Oracle or SAP platforms and enterprise software? This is serious business.

Is there a way to divert hackers into traps, and see what files they attempt to access, while trying to track them, then those trying to get in via the personal tech malware apps are caught or all their tricks are learned in the process, not that we don't know as so many have switched sides now, but the information flow is a war-time scenario all to its own - aka they design a new technique or weapon to get in, we build better defense, which they exploit, which we reinforce and so on, never ending game - but who is winning depends on what day it is.

Suffice it to say that most consumers are not very careful with their own computers, and these same folks have mobile devices with weak passwords, and often use open access WiFi systems, or unsecured lines to access company IT systems, so, well, "Ah, Houston, we have a problem." Until, this is fixed at all companies, no one is safe - not our companies, government, people, military, or infrastructure - our very way of life depends on solving these problems and meeting these challenges head on. Please consider all this and think on it.

Lance Winslow has launched a new provocative series of eBooks on Internet Security. Lance Winslow is a retired Founder of a Nationwide Franchise Chain, and now runs the Online Think Tank; http://www.worldthinktank.net/

View the original article here

Social Engineering and Hackers - Mobile Apps and Cyber Attacks

As any computer security consultant will tell you that one of the biggest challenges are insiders being duped by social engineering tactics, and once the hackers get in, well, then it's very difficult to prevent them from doing real damage or infiltrating data, or collecting boatloads of proprietary information. The other day, I was discussing all this with an acquaintance, after I explained why I could not open a file which was sent to me.

At first, he thought I was a bit paranoid, although I just consider it to be disciplined, as it only takes one mistake and that's easy to do. Eventually he saw my point, and I stated; yes, well, I guess we can't be too careful, the hackers are just as smart as we are, and "social engineering" is pretty easy to do, especially living in such a great country and free society.

He also asked why we didn't have web forms on our website. Well, we removed the web-forms after the massive bot attacks by hackers, mostly Russian and Eastern Europe, then the spam bots, it became almost impossible to deal with, 100s per day at one point, and we added "captcha" and still had folks entering by hand I am guessing, amazing the trouble they went to, including attempts at denial of service trying to overload us.

So, what's the answer, do we cut off or curtail communication to the point where we limit ourselves, do we take more risks, less risks, give up, or just stop communication? Well, perhaps, it is similar to the security settings on your web browser, you have many choices, many of which totally limit your ability to adequately surf online. Meanwhile, perhaps the biggest recent problem is all these apps available now for mobile communication, and all the tracking software to deliver appropriate advertising and marketing.

Too many of these apps, allow tracking too far deep into the users activities, meanwhile if the user is interfacing with secure websites, using temporary secure access certificates the app allows it to ride along and infiltrate, causing massive chaos considering how many apps there are and how many users are using so many various mobile devices out there these days. Combine that with careless users with ridiculously easy passwords and social engineering, and what you have is a recipe for disaster to the hackers delight.

Maybe it's time you became better educated on computer safety online, and with your own software programs so that you understand your vulnerabilities out there. Please consider all this and think on it.

Lance Winslow has launched a new provocative series of eBooks on Future Internet Concepts. Lance Winslow is a retired Founder of a Nationwide Franchise Chain, and now runs the Online Think Tank; http://www.worldthinktank.net/

View the original article here