It’s Not All Fun And (Olympic) ‘Games’ – SMBs Need To Take Device Security Seriously

An AVG survey of 1,000 US- and UK-based small to medium sized businesses (SMBs) conducted by GfK in 2011 shows that the adoption of mobile technology is a visible trend with one in five SMBs (19%) employing Android smartphones and an equal proportion using BlackBerry devices.

The survey called SMB Market Landscape Report 2011, reports that on average, employees are spending one day a week (20% of their time) working away from the office.

With the Olympics fast approaching, SMBs in and around London will be affected by the increase in traffic on public transport. Many have begun to think of ways to keep workers productive and remote and mobile working has become an increasingly attractive option. With people from all across the world coming to London, the Olympic Games can also potentially become a haven for criminal opportunists looking to steal mobile devices and data.

Whilst the majority of SMBs may have an Olympic travel strategy it is important that they also have an adequate IT security plan that will keep their data secure outside of the office. Despite numerous high-profile cases of hacking into corporate databases in recent years, only about six in 10 (58%) SMBs said they were worried about loss of company or customer information, social engineering or employee identity theft. SMBs seem to assume their larger competitors are more likely to be targeted by data thieves.

The SMB Market Landscape Report highlighted losses relating to security breaches including 22.1 million man-hours of labour responding to them. This equated to £1.18m spent on replacing damaged hardware and £2.19m in lost sales or revenue opportunities. Furthermore, stolen data can be used by criminals for financial gain or malicious intent and could result in a loss of reputation for the SMB.

There are ways to keep SMBs mobile workers secure and an antivirus solution should be the first point of implementation within the SMBs IT security strategy. Security software can be installed on devices such as the mobile phone, tablet or laptop easily and quickly and in the event of a stolen device, software can be installed that allow a user to lock, locate and wiped their devices to avoid further security threats.

In addition to using antivirus security software, AVG has created ten top tips for effective mobile working to help SMB employees stay protected during the Olympics:

1. Count the items you take out of your bag out and count them back in if you are working while on public transport — don’t forget your power cable or any other important item!

2. Think about where you are sitting and whether anyone can look over at your screen — this might sound like an obvious thing to point out, but thieves steal credit card PIN numbers by looking over peoples’ shoulders all the time, so be aware of the details you have on your screen.

3. As use of personal mobile Wi-Fi hotspots grows, users should not be tempted to connect with an apparently free wireless connection in a public place unless it is advertised by the web café owner etc. If you don’t know where your connection comes from, then you don’t know what you are connecting to.

4. Shut down your Bluetooth connection (unless you need it) when working in a public place. So-called ‘Bluejacking’ and ‘Bluesnarfing’ attacks are not the biggest information security risk around, but they are a consideration to be aware of.

5. If you have to use a “public” (or kiosk) computer then make sure that you never access your online banking details, make electronic purchases, or enter ANY personally identifiable information (including your address) on the machine. Be equally careful on your own laptop if using public Wi-Fi.

6. If your smartphone has Internet access, have you enabled filters and other onboard protection barriers? Similarly, turning off GPS capabilities can also limit location-trackers attempting to connect with your phone.

7. Don’t ask a stranger to “look after” your laptop while you use the restroom or go to the bar in a web café. Similarly, keep your laptop bag close to you throughout an evening event if you have to keep all your equipment with you.

8. Password protection should be enabled on your laptop and smartphone — and 12345678 or password or admin are not sensible passwords. Opt for an alphanumeric mix with special characters in upper and lower cases such as “puppyLove567$.”

9. Make a note of your smartphone manufacturer’s emergency phone line so you can call them to have your phone immobilised in the event of a loss.

10. Most important of all, make sure that you have a fully updated anti-virus suite installed and fully operational on your PC at all times. Protection should cover not only Internet security for web browsing, but also firewall technology, email defences and shields to guard against threats carried via Instant Messenger services.

By Mike Foreman, SVP of global sales at AVG

NFC: Challenges And Opportunities For Businesses

Near-field communication (NFC) technology bridges the physical and digital worlds, in a world where convenience is key, and users expect to be able to action tasks at the touch of a button.

In the future, NFC will prove critical to interconnecting the “internet of things” – appliances, cars, houses, TVs and mobile devices. However there are various security challengers to consider, for example when your phone makes contact with another device and they start talking, how does the other device know you meant to tap it? On the other hand, given that NFC brings devices closer to one another, could it in fact be used as means to tighten security?

NFC has already made its way into our lives, with applications such as mobile payments, public transportation, medical record access and event ticketing, being tested in some cities. A more common, everyday usage is swiping an Oyster card against a machine in a tube station. So, how does it work? In the same way that Wi-Fi is a wireless network cable, NFC is a wireless protocol for smart cards; a general-purpose, short-range communications protocol. It allows two devices that are very close together, to “talk” over a short-range wireless link.

In the world of mobility, NFC gives users added functionality and ease of use, and pretty much every mobile vendor is rolling out plans for NFC-enabled devices. ABI Research predicts that by 2016, 552 million handsets will have NFC embedded, meaning that it’s unlikely we’ll even be able to buy a mobile phone without NFC in the near future. With the rise of consumerisation, many NFC pilot schemes are consumer facing, so if mobile vendors building NFC technology want it to take off, they know they will need to really focus on end user requirements. If ABI’s figures play out as expected, NFC is set to become the key enabling technology behind mobile payments, and going further, it could even replace the wallet. However if mobile devices are set to replace physical applications – such as credit cards, ID’s, cash, loyalty cards and business cards – it will be crucial to ensure those devices are secure.

Using a mobile device for mobile payments, the communication between the device and the card reader on the paired system will be completed using NFC, providing a similar experience to that of swiping or inserting a credit card. The simple act of tapping the mobile device will be the main action of giving consent; however in higher risk or expensive transactions, this can be combined with PIN verification. It will be best practice that the sensitive information needed to complete the transaction will be stored on the secure element embedded on the mobile device, and this will likely be central to those transactions that require strong identity proof. The process of a mobile payment is the same as using a chip credit card, in that the infrastructure, other than the card reader on the system it’s talking to, already exists. Mobile devices can be set up to ensure they won’t respond to random requests, but will require a specific app to be running, or some sort of verification to be used before a payment is made. With all this in mind, it’s possible to design a user experience of convenience, whilst making security more robust with a phone than with a card.

NFC is not just used as a transactional enabler, although currently this is one of its most common uses. At a recent Dutch art festival, for example, each installation had an NFC station that attendees could use to rate exhibits with one to five hearts, as well as assemble their own festival poster with the works they liked. There are also various ways in which it’s set to be used as a security enabler, such as using a phone as a car key, or with a door lock that has NFC.

For businesses, there will be further opportunities to use NFC as a means to bolster the security infrastructure and bridge the gap between physical and logical access to corporate environments. For example, when we start seeing NFC in laptops, they will be used as website security management tools. NFC will enable security to be more consolidated, so that employees can use their mobile device to both access buildings, as well as the corporate network. This will reduce the need for smart cards and other physical authentication methods, offering convenience and mitigating the risk of lost or stolen devices.

NFC is used in many different ways, for many different purposes, offering scope and diverse opportunities to do things quicker and more conveniently. It’s certainly changing the ways in which devices interact with one another, and gives users more functionality. However in the future, it will do a lot more than simply enable transactions to happen; it will be used as a means to access critical systems and might even open your front door or your car. This means that there will be less physical elements to worry about – keys, wallets, credit cards – and for businesses, it will serve as a means to bolster the security infrastructure against advanced threats.

By Jon Callas, CTO, Entrust