Tag Archives: businesses

Creepy? Maybe, but Employee Monitoring is Saving Companies Money

The practice of employee monitoring in the workplace has been evolving and is increasingly present in companies. As of this writing, 15% of companies on the prestigious Fortune 500 list have equipped their offices with tiny sensors created by the company Enlighted, which are used to find out how much time a worker spends at his or her desk, and also the time of first activity on their computers (used to determine when they begin the workday).

However, these aren’t the only companies to use this type of technology. Others have used biometric sensors manufactured by Humanyze to know exactly what their employees do in their working hours. The objective is to increase productivity and thereby achieve a more efficient use of resources. Hidden in the lights, walls, desks or even card readers, these sensors are installed with the intention of knowing as much as possible about what’s happening in the company.

One of benefits of this technology is knowing if the office space you use is inferior to its capacity. This would help companies decide whether or not it would be worth it to relocate to a smaller space. Other benefits include knowing when workers are most productive so as to readjust their schedules accordingly, knowing what time the office starts to fill up (and programming the power to turn on at that moment — some companies have already managed to save 25% on energy costs), or even having knowledge about which applications are being run on employee computers. On this last point, it could be possible to know if employees are accessing confidential data and whether, therefore, there is a potential risk to the company’s security.

Some companies have already managed to save 25% on energy costs with this technology.

Security and Confidentiality

When installing one of these employee monitoring systems, it is essential to have the best protection possible. For starters, any vulnerability in the new system could be exploited by cybercriminals to gain access to a great deal of information about the operation of your company, not to mention the possibility of manipulating said data.

Another major concern about having hidden sensors scattered throughout the office is the privacy of employees. Although in some countries it is allowed by law to install any type of sensor regardless of employee privacy, ideally employees will have given their consent. In fact, some companies and institutions, such as the British National Health Service, are already doing this with the consent of their workforce. Their employees are monitored voluntarily to measure, among other things, their movement or their location.

The post Creepy? Maybe, but Employee Monitoring is Saving Companies Money appeared first on Panda Security Mediacenter.

The Apps That Most Frequently Appear on Companies’ Blacklists

Apps installed on smartphones and tablets are considered to be one of the biggest risks for companies today. And for good reason. In addition to diminishing the performance of the devices themselves, they can become the gateway to mobile and corporate tablets for cybercriminals.

Because of this, IT departments should be wary of employees downloading certain apps on their devices that may pose a risk, whether because of their popularity or their vulnerabilities.

A recent study looks at the applications that have been most banned by companies around the world, and the result is not surprising: although its popularity began more than five years ago, Angry Birds is the most vetoed mobile app to today.

After surveying technology leaders from nearly 8,000 companies around the world, the report’s authors concluded that globally the game has been declared the number one public enemy of corporate security. No wonder, bearing in mind that the sequel to the game, ‘Angry Birds 2’, was infected a couple of years ago by malware that affected iOS devices.

The ban of Angry Birds on corporate devices shows that, today, mobile phones and business tablets are used interchangeably for professional and personal matters. On the other hand, BYOD (‘Bring Your Own Device’) has become a trend that, either because of the vulnerability of certain applications or of employees’ own personal devices, can jeopardize the security of any company.

To carry out the study, its authors took into account both Android devices and those with iOS or Windows Phone as operating systems. In this sort of blacklist, other applications that veer more toward the personal than the professional follow on the heels of Angry Birds, Dropbox and Facebook: platforms like WhatsApp, Twitter or Netflix are also among the ten most banned applications in the business world.

Another notable conclusion of the study is that among the prohibited applications there are also some that would seem right at home in a corporate environment. However, even these are considered by many companies to be a danger to their security. Such is the case of Skype, Outlook or Dropbox itself, which, after a leak that compromised millions of passwords, seems to have fallen out of favor of late.

The post The Apps That Most Frequently Appear on Companies’ Blacklists appeared first on Panda Security Mediacenter.

The Dangers of Using an Old Android are Real for Everyone (Even the President)

The presidency of Donald Trump kicked off with some controversy in the area of ​​cybersecurity. The NSA modified the BlackBerry of his predecessor, Barack Obama (who ended up having to part with it for security reasons), the new leader of the United States seems to be less concerned about the vulnerabilities of mobile devices and continues to use an old Android.

According to various reports, the real estate tycoon has a Samsung Galaxy S3 from 2012. The lack of caution on the part of the newly-inaugurated head of state holds a valuable lesson for any top manager of a company. Although Trump’s smartphone may not be the gateway to all the secrets of an entire nation, using a phone without proper security can be fatal to your company.

The main problem derived from the use of an old Android is the lack of updates. Although Google usually reacts quickly whenever a vulnerability is found in its operating system, security patches only come quickly to a few devices, including the company’s own Nexus.

Meanwhile, other smartphones, and especially older models, have to wait months until the patch arrives (if at all).

For this reason, to use an outdated phone in the corporate environment is to be exposed to all types of cyber threats. Everything from a phishing campaign to the installation of malware that takes advantage of an uncorrected vulnerability of the device.

That’s why it is essential to have the right protection and also to make sure that both the phone and its applications have the latest versions of the software installed.

That a cybercriminal can access the outdated telephone of someone in charge, be it the owner of a company or the leader of a country, can have more serious consequences than simply having access to the device itself. Through an unprotected smartphone, attackers could sneak into the networks to which the mobile is connected and steal valuable corporate information.

There are also known vulnerabilities that track what the phone’s owner is typing, take control of the camera, or listen through the device’s microphone. In short, it is too great a risk for the privacy of company data.

Private email should stay at home

Another lesson we can glean from recent US policy is that under no circumstances should a personal email account be used for professional matters. Hillary Clinton already made that mistake, and now Trump’s high-ranking officials seem to be following in her footsteps.

Using personal mail to send corporate information is risky indeed. Unlike corporate mail servers, whose protection is in in the hands of the company’s security department, the services that are usually used to send emails in the domestic sphere are beyond the control of the company.

This does not mean that they are unsafe, but ensuring the absolute privacy of corporate communications is impossible if those responsible for cybersecurity cannot control which accounts are used and how they are configured.

The post The Dangers of Using an Old Android are Real for Everyone (Even the President) appeared first on Panda Security Mediacenter.

Access Cards Will Disappear from 20% of Offices within Three Years

 

You arrive at the office, you approach the security gates, you swipe your card and start the day. It’s one of the motions that a large percentage of the workforce goes through daily, because today, and it seems that for a while yet, the access card is still the reigning security device for entering corporate offices.

By 2016, less than 5% of organizations had incorporated the use of smartphones to access their facilities or restricted parts of them. By 2020, according to a report by the consultancy Gartner, this percentage will have tripled: 20% of companies will have replaced access cards with smartphones.

Although the vast majority of mobile phones on the market already have Bluetooth and NFC technologies, there are still few companies that have taken the next step and put these technologies to use. Which, to be fair, may be seen as a wasted opportunity, since the necessary devices are ever-present in the pockets of authorized employees.

The progressive replacement of access cards by smartphones will go hand in hand, according to Gartner, with the adoption of biometric systems such as fingerprint or iris scanners, or facial recognition, because it is much easier and safer to implement them if accompanied with a mobile phone.

“Rather than having to add biometric capture devices in or alongside readers, the phone itself can easily be used as a capture device,” said David Anthony Mahdi, director of research at Gartner. “This approach also mitigates the risks from an attacker who gains possession of a person’s phone.” If an intruder were to steal an employee’s device, biometric authentication would still have to be overridden.

Given its advantages (convenience, cost reduction, etc.), the only thing that stands between the smartphone and access to the vast majority of offices is a company’s willingness to implement the change – many of the access control systems and card readers installed today in companies require a major update to be compatible with smartphones that use wifi, Bluetooth, or NFC to establish identification parameters.

It’s just a matter of time. In a few years, if Gartner’s predictions are correct, many employees will have a new way to start their day at the office. They will arrive, they will approach the security gates, they will take their mobile out of their pocket and take a selfie, they will enter and begin the workday. They no longer have to worry about getting the card before leaving home. Their phone is always with them.

The post Access Cards Will Disappear from 20% of Offices within Three Years appeared first on Panda Security Mediacenter.

How to Distribute Your Technology Budget

The new European General Data Protection Regulations came into effect on 25 May, although countries and institutions have a period of two years to prepare for their final implementation. Given this situation, and to comply with the requirements of the standard, one would hope for companies to increase their investment in computer security. However, the scenario turns out to be quite different, according to a recent report from Gartner, a technology consultancy.

The firm’s experts warn that security spending generally makes up for between 1 and 13% of the corporate budget for technology. The important thing, analysts say, is not the size of the budget designated to secure and protect systems, but how the budgets are used.

“Clients want to know if what they are spending on information security is equivalent to others in their industry, geography and size of business in order to evaluate whether they are practicing due diligence in security and related programs,” explained Rob McMillan, research director at Gartner.

However, these comparisons between companies or sector-averaged data are not much use, according to the analyst. “You could be spending at the same level as your peer group, but you could be spending on the wrong things and be extremely vulnerable,” he warned.

According to the Gartner study, most companies continue to misuse and misinterpret IT spending figures with projections spanning over at least the next four fiscal years.

The consultancy indicates some guidelines for companies in their allocations of future budgets. The goal is to optimize the returns on their investment, which must meet the costs of hardware, software, services (such as consulting and auditing) and personnel.

To identify actual security costs, you must consider the equipment that security solutions integrates, updates, cybersecurity solutions, and other programs and applications, outsourced services, tools to ensure privacy, and training for employees.

According to the consultancy, it is not necessary to allocate large sums of money to implement measures to ensure the security of corporate systems and data. It would be enough if the expenditure involves between 4 and 7% of the technology budget, depending on how sensitive the information the company handles and the type of systems it already uses.

The post How to Distribute Your Technology Budget appeared first on Panda Security Mediacenter.

Only 3% of the Apps on Your Company iPhones are Secure

Since the 1st of January, the iPhones in your mobile device fleet are even more secure. Or, at least, they should be based on Apple’s most recent requirements for developers. With the beginning of the new year, all apps that haven’t incorporated the App Transport Security (ATS) function will be unable to offer updates through the official store.

With the ATS system, Apple is attempting to force developers to offer apps that manage data more securely. This new characteristic requires, among other things, all web connections from the app to use an HTTPS protocol.

That way, the information will travel exclusively on an encrypted network, avoiding the most common risks. Paired up with the right protection, this measure taken by Apple could turn iPhones into one of the best options for company mobile devices.

Starting January 1, the iPhone that make up your company’s mobile fleet are even safer devices. Or, at least, they should be based on Apple’s latest demand for application developers. With the start of the new year, all those who have not incorporated their App Transport Security (ATS) tools will not be able to offer updates

But it’s not as simple as it may seem on the surface. For now, developers are not quite dancing Apple’s tune. In fact, a recent study has revealed that only 3% of the 200 most downloaded apps for iOS have already implemented ATS.

This figure is disconcerting. Some other conclusions of the study are also worrisome: about 83% of these 200 popular applications have completely disabled ATS and 55% still allow the use of unencrypted HTTP connections.

Moreover, among the popular apps that have not yet embraced the Apple system are some corporate tools that are common in company mobile phones, such as Microsoft Office products, Facebook and even WhatsApp.

The truth is that Apple is not cracking down too hard on developers in the application of these new rules. In fact, before January 1, developers were able to request justified exceptions that exempt them from adhering to ATS.

Since the beginning of the year, users have been able to continue to use these applications that are frankly not as safe as they should be. The only penalty imposed is to be banned from updating your app until you comply with ATS.

Accordingly, your employees should look for alternative applications that have adopted Apple’s latest security feature. Otherwise, they will not only be using unencrypted connections to deal with corporate data, but will also have their mobile devices plagued with un-updateable programs unable to incorporate changes against future vulnerabilities.

The post Only 3% of the Apps on Your Company iPhones are Secure appeared first on Panda Security Mediacenter.

Chatbots Take Businesses By Storm

They’re not human, but they sure seem like they are when we chat with them. Chatbots will become virtual butlers of many companies thanks to their ability to process natural language. Companies like Facebook are promoting their use. For the last few months, Facebook has allowed third parties to create bots for its Messenger app. Slack, Telegram, and Line have also opened their API (the window that allows other applications to communicate with each other) to make room for bots.

Companies can also use these intermediaries to increase the productivity of their workers. For example, Howdy allows you to organize meetings and manage the team without leaving the famous Slack corporate communication platform.

They can also be a new customer service channel, either by integrating them in one of these platforms or including them in their own corporate website. In the United States, Uber already allows you to request a car through Facebook Messenger

But let’s take a step back for a moment. Although the bot trend is going to become a multi-million dollar business, the truth is that they can also be a new way for cybercriminals to commit their misdeeds. In fact, they can become a weapon in the service of phishing, one that is more dangerous than traditional emails.

After all, we are already well aware that when we receive an email we have to verify the source. But if a chatbot starts talking to one of our employees or one of our clients, usurping your company’s name, it will be a lot easier for users to fall into their traps.

A New Tool for Phishing

If the person on the other end of a conversation with a chatbot has no way of knowing whether or not they’re speaking to a human, it’s easier to get a victim to click a link after several minutes of casual conversation. By doing so, the user can be redirected to a fraudulent website that uses social engineering techniques to requests confidential data.

In fact, cyberattackers may not even have to come up with that fraudulent website. If they just want to get some private information from a user, they may simply ask for it.

Another option is that the link, instead of serving as a con in itself, directs employees to a webpage that automatically downloads malware — a particularly serious situation if the victim is using the company’s computer. It is advisable to be well protected with an advanced cybersecurity solution.

The security of the channel itself is another factor to take into account when using a chatbot. Facebook announced a few months ago the implementation of end-to-end encryption in Facebook Messenger to prevent third parties from having access to a conversation.

However, other platforms to integrate these virtual butlers may not use that method. Care must be taken with the kind of information we provide to these intermediaries. The fact that they sound human can cause us to end up giving them too much information.

Undoubtedly, chatbots will improve the way we work and the way we communicate with our customers. But its popularization also brings with it new threats in the area of cybersecurity.

The post Chatbots Take Businesses By Storm appeared first on Panda Security Mediacenter.

Doxware, the Scary New Evolution of Digital Hijacking

Ransomware is one of the most frequent forms of cyberattack that a company can face. Through an infected email or by some other means, criminals can lock a computer, encrypt files, or sequester an entire corporate network. The main goal: ransom money, usually in the form of cryptocurrency, in exchange for freeing up the virtually hijacked computer or mobile device.

The FBI calculates that cybercriminals using ransomware have made off with up to $1 billion over the last year. However, many companies have learned how to combat this kind of attack. In addition to having the right protection, it’s possible to avoid paying the ransom by completely erasing the system and recovering it with a backup.

This particular kind of malware has evolved, and cybercriminals have honed their attacks against companies and individuals, making them more profitable. The future of ransomware is already here, and it’s called doxware.

This type of threat starts off in the same way as ransomware: cybercriminals take a company computer hostage and seek a ransom for its safe return. However, the risk is far greater. The cybercriminal threatens to make public the archives, confidential information, and conversations saved on the sequestered device. So, out of fear of having enormous quantities of corporate data put out there for all the world to see, victims will most likely pay the ransom.

It may be the case that this attack is practically a brand new, but some companies have already been infected. And it’s just the beginning. In fact, the malware is expected to continue evolving and cybercriminals will continue to perfect it until it becomes a global threat.

Just as Sony Pictures suffered in late 2014 a chain of cyberattacks followed by the leakage of some of the company’s confidential data, any other company in the world could suffer the same fate. If you’re not adequately protected against all kinds of threats, your devices could be hijacked and their secrets unveiled. Doxware is here, and it doesn’t bode well. Better be prepared.

The post Doxware, the Scary New Evolution of Digital Hijacking appeared first on Panda Security Mediacenter.

Why Your Business Needs a Security Strategy for Social Networks

In 2017, it’s not easy to find a company that doesn’t have any sort of presence on social networks. A Twitter account, a Facebook page, and a lot of Instagram photos come standard in any business’s digital communications pack.

Added to this are all of the employees who access their own accounts during work hours. Despite all this activity, there are still plenty of corporations that don’t regulate it, putting their own security at risk.

According to a recent study by the Pew Research Center, around 50% of the companies analyzed have no briefing for social media use within the company.

Businesses that don’t take this security issue seriously are exposing themselves to a diversity of threats. First, they may witness their own employees leaving negative posts about the company from their work stations. Worse still, they could publish confidential corporate data.

Aside from avoiding potential scenarios in which lead to a corporate crisis, the main goal of a social network strategy should be too clearly define what your employees are permitted to do on them during work hours. One of the premises that should be clearly established is to not follow links whose origin is unknown or untrusted.

In that way, and with the right protection, it is possible to avoid some of the risks hiding in the deepest corners of social networks. Phishing attacks, spam, or any type of malware could jeopardize corporate secrets. A clear policy for Twitter & Company is critical.

Best social network practices could also increase productivity. This is demonstrably true, according to the same Pew Research study, as we see that 40% of employees at a company with no such policy use social platforms to relax a bit.

On the other hand, when a clear policy is in fact in place we see the number drop to 30%. Not only, then, are we avoiding risks, but also promoting a more professional work environment. Does your business have rules for the use of social networks in the workplace?

The post Why Your Business Needs a Security Strategy for Social Networks appeared first on Panda Security Mediacenter.

Five New Year’s Resolutions to Strengthen Your Company’s Security

Now that we’ve taken stock of the year we’re leaving behind, it’s time to establish some resolutions for the year that lies ahead. As in any other field, there’s always something to do when it comes to cybersecurity. The latest report from Accenture, “The State of Cybersecurity and Digital Trust 2016” revealed that 69% of businesses have suffered an attempted or realized data theft over the course of last year. Malware and DDoS attacks figure among the biggest concerns of executives surveyed by the consultancy.

Business managers now have 12 months ahead of them in which to improve security strategies and avoid these much-feared risks. We’d like to propose a few guidelines to improve the protection of corporate systems in 2017.

1. Get On Board the HTTPS Train

The majority of websites visited with Firefox and Chrome in 2016 were already using the HTTPS communication protocol. HTTPS guarantees a secure connection by identifying devices and encrypting data. Every day, the number of websites and applications that use this method increases. But there are still a few stragglers. For this reason, Apple is requiring app developers to incorporate this protocol and Google will publicly mark websites that don’t use it. If you haven’t yet, now’s the time to make the move over to HTTPS for your website, and make sure that the applications and websites visited at your company are using it as well.

2. Be Proactive and Know the Risks

The threat of cyberattacks is no longer limited to big corporations. Nowadays any small or mid-sized company is fair game. Criminals are using new and increasingly sophisticated tools and strategies. Better safe than sorry, as the cliché goes. One of the first orders of business is to get a threat detection and prevention program, regularly conduct a system analysis in search of anomalies, and keep your IT team constantly up to date on the latest developments in the field.

3. Invest in Cybersecurity

The Accenture report points out that corporate budgets for cybersecurity are not enough, according to surveys conducted with employers. Investments in this area have to do with more than just security contractors. Worker training programs in IT security or the purchasing of specialized software also require funding.

4. Keep an Eye on Authentication

2016 was not Yahoo’s year. The company had to admit to the breach of 500 million users’ accounts. This attack, the most notorious one in recent months, has set off many alarms. Crucially, it raises the concern about password security in and out of corporate networks. It’s important to create complex passwords, use systems that require more than one login, and adopt multi-step authentication methods. The road to achieving this goes by way of building awareness in your workforce.

5. Come Up With a Contingency Plan

In case a threat makes it past your prevention measures, it’s always good to have a contingency plan in place. This should be a very thorough and well-designed plan that takes into account every possibility. Everything from DDoS attacks and ransomware to the disappearance of a company laptop. This document would establish response protocols to grapple with data breaches and other incidents, distribute damage control responsibilities to the team, and designate measures to be taken, among other things.

These are just a few possible suggestions. The list could go on and on, depending on each individual company’s weak points. A thorough revision of the security flaws that came to light in 2016 will be highly useful for making next year better, and, of course, protecting your IT infrastructure and never letting your guard down.

 

The post Five New Year’s Resolutions to Strengthen Your Company’s Security appeared first on Panda Security Mediacenter.