It’s Not All Fun And (Olympic) ‘Games’ – SMBs Need To Take Device Security Seriously

An AVG survey of 1,000 US- and UK-based small to medium sized businesses (SMBs) conducted by GfK in 2011 shows that the adoption of mobile technology is a visible trend with one in five SMBs (19%) employing Android smartphones and an equal proportion using BlackBerry devices.

The survey called SMB Market Landscape Report 2011, reports that on average, employees are spending one day a week (20% of their time) working away from the office.

With the Olympics fast approaching, SMBs in and around London will be affected by the increase in traffic on public transport. Many have begun to think of ways to keep workers productive and remote and mobile working has become an increasingly attractive option. With people from all across the world coming to London, the Olympic Games can also potentially become a haven for criminal opportunists looking to steal mobile devices and data.

Whilst the majority of SMBs may have an Olympic travel strategy it is important that they also have an adequate IT security plan that will keep their data secure outside of the office. Despite numerous high-profile cases of hacking into corporate databases in recent years, only about six in 10 (58%) SMBs said they were worried about loss of company or customer information, social engineering or employee identity theft. SMBs seem to assume their larger competitors are more likely to be targeted by data thieves.

The SMB Market Landscape Report highlighted losses relating to security breaches including 22.1 million man-hours of labour responding to them. This equated to £1.18m spent on replacing damaged hardware and £2.19m in lost sales or revenue opportunities. Furthermore, stolen data can be used by criminals for financial gain or malicious intent and could result in a loss of reputation for the SMB.

There are ways to keep SMBs mobile workers secure and an antivirus solution should be the first point of implementation within the SMBs IT security strategy. Security software can be installed on devices such as the mobile phone, tablet or laptop easily and quickly and in the event of a stolen device, software can be installed that allow a user to lock, locate and wiped their devices to avoid further security threats.

In addition to using antivirus security software, AVG has created ten top tips for effective mobile working to help SMB employees stay protected during the Olympics:

1. Count the items you take out of your bag out and count them back in if you are working while on public transport — don’t forget your power cable or any other important item!

2. Think about where you are sitting and whether anyone can look over at your screen — this might sound like an obvious thing to point out, but thieves steal credit card PIN numbers by looking over peoples’ shoulders all the time, so be aware of the details you have on your screen.

3. As use of personal mobile Wi-Fi hotspots grows, users should not be tempted to connect with an apparently free wireless connection in a public place unless it is advertised by the web café owner etc. If you don’t know where your connection comes from, then you don’t know what you are connecting to.

4. Shut down your Bluetooth connection (unless you need it) when working in a public place. So-called ‘Bluejacking’ and ‘Bluesnarfing’ attacks are not the biggest information security risk around, but they are a consideration to be aware of.

5. If you have to use a “public” (or kiosk) computer then make sure that you never access your online banking details, make electronic purchases, or enter ANY personally identifiable information (including your address) on the machine. Be equally careful on your own laptop if using public Wi-Fi.

6. If your smartphone has Internet access, have you enabled filters and other onboard protection barriers? Similarly, turning off GPS capabilities can also limit location-trackers attempting to connect with your phone.

7. Don’t ask a stranger to “look after” your laptop while you use the restroom or go to the bar in a web café. Similarly, keep your laptop bag close to you throughout an evening event if you have to keep all your equipment with you.

8. Password protection should be enabled on your laptop and smartphone — and 12345678 or password or admin are not sensible passwords. Opt for an alphanumeric mix with special characters in upper and lower cases such as “puppyLove567$.”

9. Make a note of your smartphone manufacturer’s emergency phone line so you can call them to have your phone immobilised in the event of a loss.

10. Most important of all, make sure that you have a fully updated anti-virus suite installed and fully operational on your PC at all times. Protection should cover not only Internet security for web browsing, but also firewall technology, email defences and shields to guard against threats carried via Instant Messenger services.

By Mike Foreman, SVP of global sales at AVG

Software License Optimisation For Small Firms

Software licencing is a minefield. The lack of standardisation in the industry means that businesses have to grapple with a wide variety of complexities as a result of software publishers either constantly changing their licence regulations, or integrating new licencing models due to the likes of virtualisation technology, which is revolutionising the way all sizes of organisations manage their IT estate. This complex and severe approach to licencing is also likely to be more pronounced in the current economic climate as software publishers strive to protect their revenues via their licencing agreements.

The fact remains that for businesses, software costs are unavoidable. Studies show that 30% or more of IT budgets are consumed by software licence and maintenance. With this in mind, licence optimisation should be a proactive and ongoing activity, not just a reactive and event-based one.  Going past simple software asset management, licence optimisation enables businesses to understand not just what software it has installed, but ties together information on what is actually being used, and how that usage ties back to the licence entitlements enumerated in the software license agreement.  When software assets are managed and optimised in this way, most organisations enjoy reduced licence consumption and more efficient utilisation of software assets. It provides the fastest return on a software asset management investment.

These and a few other simple guidelines will prepare an organisation for potential audits and establish a foundation for true license optimisation.

1.    Define software asset management policies

It’s critical for IT organisations to define and implement software asset and licence management policies and procedures to be followed throughout the business. ISO and ITIL (Information Technology Infrastructure Library) standards prescribe Software Asset Management (SAM) best practices to aid in this process. This means that there must be specific policies on every aspect of SAM, with an aim to reduce IT costs and limit the business and legal risk related to the ownership of software, while maximizing IT responsiveness and end user productivity.

An example of this, is the need for processes to be put place to prevent shareware and freeware installations such as Adobe Acrobat,  which can inadvertently lead to licencing liabilities, as well as to validate software installation and upgrades. In addition, educating employees on what they “may” or “may not” install will prevent rogue installations, which often jeopardise enterprises’ compliance status.

Using tools that automate licencing procedures is a good way of ensuring adherence to compliance regulation. They will help businesses understand their licencing position by matching installed versus purchased software. This will also help ascertain over-buying or under-buying and often enable re-purposing of licences – reassigning licenses from users who are not actually using the software, to those who need it but don’t have it —  resulting in cost savings.

Finally, to make sure these SAM policies are indeed effective, undertaking periodic internal audits is highly recommended. This will not only ensure that the enterprise is always “audit-ready”, but also reinforce the importance to adhering to IT policy to employees.

2.    Focus on the major software publishers

The highest value applications and the largest software publishers such as Adobe, Oracle, Microsoft, Autodesk and Symantec, pose the utmost risk of audits. These publishers represent the largest potential unbudgeted expense if businesses find themselves out of compliance, post a vendor audit.

However, at the same time, by concentrating on these large publishers, businesses will be able to optimise the use of owned licences, avoid paying for unused licences, and even place themselves in a strong negotiating position with these vendors. They will be able to re-allocate licences to other locations and departments; re-harvest licences or reclaim unused licences for use on other computers; as well as gather data of software usage prior to contract renewal to use as leverage. All these measures could potentially result in significant cost savings.

3.     Carefully monitor virtual IT environments

Virtualisation is the biggest IT trend today and is the key enabler to the Cloud, but software licencing is often forgotten or under-managed in virtualised environments. The risk of licence non-compliance is greatly increased in virtual environments for two main reasons – it’s easy to create new virtual machines running copies of operating systems and software applications; and software publishers have adopted licencing rules for virtual environments that add significant complexity to the already complicated task of managing software licences.

4.     Understand software publisher licence rules and usage rights

Usage rights of software can significantly impact an organisation’s licence position., Simply put, usage rights define what can be done with a piece of software and at what levels or numbers. Businesses should take full advantage of usage rights, including their rights to upgrade or rights of second usage where existing licences allows use of a software application on more than one machine per user, which avoids over-spending on licences and maintenance. Equally, it is crucial that licence usage restrictions are applied to stay within compliance. 

By Vincent Smyth, General Manager EMEA, Flexera Software

How To Harness The Power Of Cloud

Jonathan Edwards, managing director of Integral IT, which recently launched, a cloud computing service tailored for small to medium sized enterprises (SMEs), gives his tips on how to harness the power of the cloud.

1. Cloud computing is 100 per cent reliant on an internet connection, so you should always have a plan of what to do when your main connection fails. A cost effective method is to buy a 3G capable router and pay around £10 per month for a broadband dongle. For larger organisations, always have more than one internet connection.

2. Make sure you’re certain that all your company applications and software work in the new cloud environment. Moving most of your IT into the cloud and then spending £8,000 on a new onsite server, because one of your applications doesn’t work, is a waste of time, money and effort.

3. Most people don’t know that cloud computing can be delivered using several different pieces of technology. These products have different pros and cons but more importantly, different pricing. Don’t pay over the odds for wonderful technology that you won’t use.

4. More often than not, you will be charged per gigabyte of data that you host in the cloud. It is always best to cleanse your data before you migrate. You will probably find data that isn’t needed anymore or can be archived onto different media. Is your company server really the right place for your wedding video?

5. Cloud computing becomes a utility similar to your electricity and you pay for what you use. If you have ten users, you pay for ten users. Make sure you understand exactly what your tariff consists of. How much are you paying per gigabyte of data? You don’t want any nasty surprises at the month end.

6. If your current IT company lets you down, then you can hire another one. It’s not as easy in the cloud. Your provider holds all your data. Make sure you ask them how long it takes for them to respond to any problems and ask if they have an uptime guarantee. It should be 99 per cent.

7. Six months after buying a new server for the office and replacing all your PCs isn’t the right time to make a move into the cloud. Consider cloud when your hardware and software are ageing and a refresh is needed.

8. Google and Microsoft are big cloud providers; but where is your data being kept? Somewhere in Europe or somewhere in the world is the best answer you’ll get. Chose a cloud provider who can tell you exactly where your valuable company data is kept and even take you to the data centre if needed.

9. Cloud computing is a service. Don’t be forced into long contracts. There is absolutely no reason why you should be signing a three or five-year contract with your provider. You should be able to leave freely with a month’s notice.

10. Many cloud providers don’t provide IT support. There will be still times when you need help with IT issues like printers or the internet connection in your office. Make sure you try and chose a provider who includes this in your monthly fees.

Jonathan Edwards, managing director of Integral IT

Preventing Data Loss In Small To Medium Sized Businesses

Small to medium sized businesses (SMEs) need to be more proactive and preventative in their approach to data loss. With the ever-improving advances in technology combined with a ‘relaxed’ office environment, employees are increasingly taking personal devices such as USB memory sticks, iPads, iPods and even smart phones into the workplace. These same devices can be used to remove or copy sensitive information whether it is to work remotely or more sinisterly for malicious intent and financial gain.

There are multiple outlets for data on the modern PC through USB and other peripheral ports. These ports can be used in many ways for extracting data at high speed, including removable hard drives and devices and is one of the most vulnerable ways for sensitive data to leave an organisation.

Establish policies to keep private data secure

It is evident, that the solution needs to be a compromise; strict policies need to be implemented by IT administrators for USB port usage, but on a more granular level.

Firstly, USB storage devices are actually a convenient and efficient way to legitimately transfer and transport data. Travelling workers, tech support staff, IT consultants, students, and many other users have valid reasons for carrying data on removable storage devices and therefore this becomes a major challenge for IT administrators to control without crippling productivity.

Secondly, organisations also need to put policies in place to prevent potential security breaches and data theft as a preventive method rather than waiting until the violation has occurred. A recent report in March this year on data breaches in the UK, showed that negligence, in which employees lose vital data on laptops, phones or USB sticks, accounted for 31% of cases. The report also highlighted that the average data breach costs UK firms about £1.9m annually.

The lockdown of USB devices, other removable storage devices, and communication mediums (such as Bluetooth, WiFi, and even Serial and Parallel ports) protects networks against malicious software attacks and prevents sensitive data from getting into the wrong hands. Microsoft Window’s built-in Group Policy provides an all-or-nothing lockout on USB storage. However, this method is not sufficient enough for many organisations that need more of a fine-grained approach over which devices and ports can be used, how they can be used, and who can use them.

Through third-party software, IT administrators have the power to be more granular when setting these security policies. Having granular control over each device type (for USB devices this includes serial numbers, product IDs and vendor IDs), organisations can limit access to specific device classes, and can also restrict “read” but not “write” for users of CDs and DVDs. When selecting a third-party solution, the ability to determine who on the network has permission to use certain devices based on their group, computer class, type of device or any other established factor should be easily achieved. Organisations should look for software solutions that can lock all possible avenues of data leakage, and put permissions and policies in place to control who has access to which files, where and when.

Despite best efforts, breaches still happen. Now what?

If appropriate security measures were in place, they could find out how an individual may have taken the data and whether it was by mistake or intentional. Centralised reporting will also allow administrators to see all attempts at restricted activities, including who attempted them, what type of activity, when and where.

In order to create a balance between employees and SME businesses, strong but flexible security practices surrounding removable media devices need to be put into place. Employee satisfaction is an important factor in running any successful company, but securing company assets is equally if not more vital. Having a high quality software solution that monitors and prohibits the use of removable storage devices is the only way to ensure that data is protected and the network is always secure.

By Nick Cavalancia, Vice President, Windows Management at ScriptLogic

Increase Business Efficiency With Social Intranets

It’s often been said that a business is only as good as its employees, with the best companies often the ones that invest in their staff and have the processes in place to enable them to thrive.

Increasingly, in our information-fuelled world, this employee-centric approach requires efficiently capturing and sharing knowledge to enable better teamwork and decision-making. The technological solution that many businesses have implemented to facilitate this is an intranet and, for many, it is the primary medium for collaboration and knowledge sharing.

But the intranet as we know it is starting to show its age:

- It remains a one-way medium for ‘broadcasting’ information

- It is over-centralised, with too much control coming from the top

- There is a lack of engagement

- The user experience often pales in comparison to rich, interactive web 2.0 and social media sites

- It inhibits access to knowledge instead of facilitating it

As a result, most intranets are under-valued, under-utilised and, frankly, underwhelming.

A new way of working

Imagine instead an intranet that employees really want to engage with and contribute to; a technology that actually helps them do their jobs and enjoy their work lives.

This is the concept of the social intranet, allowing businesses to harnesses the power of social media to:

- Engage users in the mission of the enterprise

- Encourage people to contribute their ideas

- Make it easy to capture, share and discover information

- Supporting fluid, spontaneous and structured collaboration

Importantly, social intranets support all forms of communication and collaboration, whether it’s one-to-one (instant messaging and email), one-to-many (through blogs, video-sharing and podcasting), one-to-all (in forums and discussion threads) and many-to-many (in wikis, communities, forums and groups).

In short, the social intranet provides a service that is integrated with all existing content resources, communication tools and knowledge assets, providing an incredibly powerful, enterprise-wide knowledge platform with a friendly, familiar face.

So why is the social intranet in today’s business environment so important?

1. Because knowledge gives a competitive advantage – in the global, always-on, always-connected world, the way companies capture, share and discover knowledge has a direct impact on efficiency, decision accuracy and time-to-market.

2. Because it’s a medium of cohesion, inclusion and engagement - getting organisations working together, sharing their ideas and giving honest feedback can be tricky. The social intranet has the power to fuel this new engaged workforce and connect employees with others that have the right knowledge.

3. Because Generation Y is hitting the workplace - younger employees are native to Facebook, YouTube and Flickr. If your intranet just sits there, so will your people.

4. Because collective intelligence beats gurus – the collective intelligence of your workforce beats the wisdom of even your most experienced experts, but only if you can tap into it. The social intranet is a natural medium for ‘crowdsourcing’.

5. Because traditional document management isn’t friendly enough - legacy document management systems are hard to use so fewer people use them, less often. And they are not designed for the web world. The social intranet is intuitive and familiar; users can jump in without a single training session, bringing Enterprise 2.0 closer.

6. Because it’s rapid to deploy - creating and deploying traditional knowledge management and collaboration tools can soak up serious time and resources. The social intranet can be as rapid to create and deploy as any other web page – if you’ve got a CMS platform designed for the job.

The future of company collaboration

As social networks continue to gain in popularity, employees are beginning to demand similar networks to become an everyday part of their working lives. This two-way communication and engagement across all levels is something businesses be looking to integrate into the workplace now.

We live in a democratic society where everybody has an opinion they want to share. The benefits of sharing over a controlled network, such as through a social intranet, means employees feel like they’ve contributed while, at the same time, companies can still retain some ownership – monitoring what is going on and stepping in if necessary.

By empowering employees in this way, using social technologies, businesses can make them the driving force of the business itself. An intranet should no longer be a static piece of equipment reliant on leaders and users; it must become a piece of technology that, when used efficiently, can bring out the best in its employees and help them – and the business – evolve and become a success.

By Maria Wasing, VP of Marketing, EPiServer

Enterprise Efficiency: The Benefits Of The Virtual Data Centre

Staying ahead of the competition in IT terms is a constant source of concern for any business. In today’s Virtual Era, technology and business go hand in hand. With growing pressure on IT managers caused by ever-expanding quantities of data and increased threats to data security, the winners in this Virtual Era will be those who can simplify, standardize and automate their infrastructure to spend more time managing the business rather than the technology.

Traditional data centres are struggling to store the vast amounts of data that businesses are generating, and the growth of this data shows no signs of slowing down. Expanding datacentres to support additional content can be costly, inefficient and complex to manage, holding businesses back. This is particularly the case with Small and Medium Enterprises (SMBs), which can undergo unexpected growth, often rendering their IT infrastructures unable to cope with increased demands. This was the problem faced by Catalyst2, a UK hosted service provider for SMBs. Founded in 2000, the company has been expanding ever since.

Due to business demands, its datacentre grew rapidly, and as a result, consumed a great deal of energy. Managing its network of servers became complicated, which had a negative impact on the company’s efficiency and expenditure. By deploying a virtualized infrastructure based on Dell PowerEdge servers and Dell EqualLogic storage, Catalyst2 confronted these problems head on.

By consolidating physical hosts and switching to more powerful yet energy efficient servers, the company reduced its energy consumption by 50% and cut management time by 35%, which slashed operating and hardware costs while increasing productivity. In addition, as a hosted services provider, it is essential that Catalyst2 can assure its customers that their data is safe, and with a reliable storage solution offering high availability, any downtime would not affect their clients’ business.

Another example of a company that has reaped the benefits of deploying a more efficient infrastructure is Pole Star, a provider of maritime security and satellite-enabled tracking technology. The company anticipated a massive increase in sales volumes as a result of new shipping industry regulations, which stated that every ship at sea was required to report its position four times a day, so it needed a reliable and powerful data centre to support this spike in activity. In addition, as seafarers reach out to Pole Star in emergencies, it is vital that its technology is resilient, flexible and scalable.

Pole Star worked with Dell to design a flexible, virtualised infrastructure incorporating PowerEdge servers and Dell EqualLogic storage. Previously, it took up to six weeks to order and configure a server, but now Pole Star can deploy a virtual server and launch it within an hour. By implementing this new environment, the company has also reduced its carbon footprint by more than 80%. On the storage side, Pole Star has bolstered its business continuity capabilities; for example Pole Star recently lost the function of one machine but the Auto-Snapshot manager enabled the company to restore it in minutes. As a result of this deployment, Pole Star’s IT environment can now support up to 50% year-on-year growth and assure that it is “always available” to anyone at sea requiring assistance.

In the case of both of these growing businesses, a more efficient IT infrastructure allowed for savings with regard to energy and cost while increasing productivity. Its improvements in these vital areas that enable SMBs to direct all their focus towards their own business, and to welcome unpredictable growth, rather than worrying that it will disrupt their IT infrastructure. Ultimately, companies who prepare for growth by deploying innovative technology will be able to boast greater efficiency, therefore positioning themselves over the competition.

By Kevin Peesker, General Manager, UK and Ireland Dell Consumer and Small, Medium Business

Cutting Costs In IT Security Is A Bad Policy

Business IT security is a perennially favourite topic of discussion. From the small to mid-sized enterprises (SMEs) to multi-national corporations (and even in government circles), the security of IT systems is much discussed and yet there is a feeling that maybe it is not always given the consideration it deserves.

At a recent conference, CompTIA CEO Todd Thibodeaux suggested that it would be sensible to allocate 10% of a company’s IT budget to providing security, and yet the evidence suggests that in reality this is often not the case. For example, a Gartner survey recently found that the industry average spend on IT security is only about five percent. Perhaps even more startling is a report by the Ponemon Institute, Cenzic and Barracuda Networks which found that 88% of companies surveyed indicate they spend more on coffee than they do on securing Web applications!

In my experience this isn’t unusual. If we took a poll across a cross section of small businesses I suspect many would say they either don’t have a specific budgetary allocation for IT security or that it is a minimal amount. So why is there a shortfall between the professionally suggested levels and the reality of IT security within the business world?

Having spoken to and worked with countless IT managers and business owners the anecdotal evidence is that providing IT security is, to many, a task with somewhat intangible benefits. Like buying insurance, investing in IT security doesn’t give an immediate, visible, business benefit in the same way that purchasing a smartphone or company car does. In fact, very much like insurance, it’s a purchase that will only really remind you of its worth when disaster strikes — and then it will also make it very evident whether you have bought the right or wrong product for your needs.

Whilst failing to find the right level of protection could potentially leave your business open to serious problems, paying over the odds for products you don’t need makes equally bad business sense. So like most business decisions, finding the right balance is vital. The suggested 10% of budget may be a good guide, but naturally all organisations are different and the appropriate amount will vary depending on a wide range of factors, including the type of business and the potential threats to it.

When considering IT security for a business it is vital to understand the types of threats that could be a problem and the weak points in the organisation that leave it vulnerable. For companies that run an online ordering or sales system this could mean a specific threat to customer’s account or financial details by IT-savvy criminals. Most businesses hold personal details on their systems and there is a potential risk that these can be hacked remotely without proper protection being in place. At the most basic level, all businesses are open to threats via email viruses or lax security at the organisation’s premises, both on a physical level and also with regards to IT safeguards.

The physical security of premises is a vital, if sometimes overlooked consideration with regards to information security. Allowing unauthorised people to enter the premises opens up the likelihood that a malicious visitor could infiltrate systems and pilfer valuable information or even remove hardware. Despite the ability to remotely hack business systems, physical intruders are still a very real danger.

Businesses often forget the protection they already have through existing IT investments, which may not be fully utilised. Business systems often incorporate a certain degree of security built in, such as password protection which is vital to IT security. A robust policy that ensures employees and the management use unobvious and hard-to-break codes will significantly tighten security, as long as users don’t just keep the details on their desk!

Despite all the planning, in my experience many organisations lapse in their IT security from time to time, often when security software needs upgrading or renewing. Being an ‘out of sight, out of mind’ technology, cash-starved businesses may let this important stage slip and undoubtedly this can be one of the most vulnerable periods for IT security within an organisation.

Much like insurance, IT security is something that will cost a business dearly if it doesn’t consider the potential ramifications of not having the right cover in place. Whilst additional financial outlay is never welcome, IT security should be seen as a necessity much like other critical business expenses such as telephones or an office. After all, you wouldn’t do without fire alarms and fire extinguishers just because you haven’t had a fire!

By Robert May, Managing Director, ramsac