Let's Review Some Basic Tablet Security Tips

Here's a quick checklist of security tips for your tablet:

Don’t jailbreak ** your tablet – this might expose the device to greater security risks.   What's Jailbreaking?  See Below **

Be wary of any apps you download – Always check the author.  Don’t download any paid-for apps which are suddenly are available for free, and be wary of any changes in any permission changes it may seek for accessing data. 

Always use a strong password in case your tablet is stolen, and download the Find my iPhone app (also works for iPads) – or download some similar security software for Android – which will locate the device in the event it's lost or stolen.  Remember, 1 in 10 portable computers are stolen!

Be wary of public Wi-Fi !  You may be "snooped on" so avoid logging into web accounts unless you use SSL encryption. Never try to do anything on public Wi-Fi that you’re not comfortable with a bunch of strangers seeing.

Don't trust the "native" security features of your tablet no matter how secure you think they are.  Download a third party mobile security software which will block malicious apps, scan for malware, prevent data loss and locate, lock or wipe a missing device. Recent security reports show that many native O/S across all platforms stop less than 50% of known malware.

** The act of 'jailbreaking' is changing the technical settings of a device so that users can download applications that are not approved by the tablet or smartphone maker.  It is illegal to tamper with the settings of a tablet but, ironically, it's not illegal to jailbreak a smartphone.  Go Figure!

Thanks to Tony Larks, Vice President, Global Consumer Marketing, Trend Micro for sharing these tips.

Read More

Paying the Price for BYOD and Social Media

We always return to work after a holiday with a little trepidation because over the years we have grown accustomed to expecting anguished calls for help as soon as we walk in the door from clients who have just discovered some major problem that jumped up to bite them when no one was looking.  This Thanksgiving was no exception.   Two network clients discovered a brand new malware variant that appeared to be erasing their network data right before their eyes.  Calls like that get the blood flowing even before the morning coffee has a chance to kick in.

This new malware also appeared to propagate itself across networks and infect multiple drives and users which was something new and different from typical infections that tend to stay localized.

To make matters worse, the anti-virus/malware industry was way behind in developing a solution to neutralize and/or remove this culprit.  It took 4 days before it was released to the public by any of the major A/V players.

The malware propagated itself across workstations and network drives through a tiny autorun module that would cross infect other devices and drives whenever a network user accessed a local or network drive.  In this manner it spread rapidly across the networks.

What made the battle even worse was the wide spread use of flash drives and portables at one client so even when we shut down the entire network and cleaned every infected PC, some user would bring an infected device from home and the process of infection would start anew.  Because there was no effective solution to keep the unit clean once the technicians finished re-infection was a constant battle.

Luckily for our clients, our Lead Engineer discovered the malware in this instance was not really erasing their data, it was hiding it using the ATTRIB command on files and folders which just gave the appearance of deletion.  As a little extra bonus, the malware also created new replacement files with sex related names that further spooked one client which was a private elementary school.  At the start, as fast as we'd clean one computer another user would log in and totally re-infect those drives and folders on the network that we had just cleaned.

I'm very fortunate to have a really talented tech team that was able to diagnose and clean the networks of both clients quickly and efficiently without much assistance from the Anti-virus industry for the first 4 days of the outbreak.  Now the other companies are caught up and the malware won't be able to re-infect but it was really hairy for awhile there!

If you're wondering about the original source of the infections,  Facebook was the source for one client and the flash drive of a staff member was the source for the other.  How many computers did we have to inspect?  About 120 PCs, 8 servers and 30 flash drives.  The number of infected computers?  About 85 PC's, 3 servers and 2 flash drives across both clients.  How much time was involved?  About 65 unanticipated work-hours.

Forgive us if we tend to cringe when people ask us how we plan to spend our holidays!

Happy Holidays Everyone!  Oh, and leave that @#$% flash drive at home!

*  BYOD stands for Bring Your Own Device and represents a growing trend of employees introducing personal devices into company networks and there is a growing concern about the vulnerability of company information assets to risks brought to work by employees on poorly protected devices like smart phones, tablets, notebooks and flash drives.  This combined with unregulated access to at-risk social media sites like Facebook and others greatly increase the risk of loss to organizations like those discussed in this post.

Read More