Staying Safe with the Internet of Things

Smart devices enabled by the Internet of Things (IoT) save cost and effort. Users can control them remotely, or they can automatically adjust themselves to the time of day or environment. At the same time, they present risks. Many have poor security. They’re easy to install and forget. It’s hard to notice when malware has infected a device, making it spy on your network or perform actions that could get your site blacklisted.

If you’re aware, you can keep risks to a minimum. Here are some methods that will help:

Keep Track of All Your Devices

You should have a complete inventory of the devices in your network, including models and serial numbers. You need to know why they’re there. If a device isn’t serving a useful purpose any longer, take it out of the network.

Change Default Passwords

Many IoT devices come with default passwords that are public information. Change them before exposing the devices to the Internet. If a device’s password can’t be changed, you need to think hard about whether it’s safe to use.

Limit Network Access

Use firewalls and network configuration to limit the exposure of devices. Don’t give them access to any part of the network they don’t need, especially servers with sensitive information.

Patch Where Possible

While many IoT devices can’t be patched, the better ones can. Keep their software up to date so vulnerabilities won’t stay open.

Monitor Your Network

If there are bursts of traffic you can’t account for, a device on the network may be infected. Find the source and take appropriate action.

Tiny as these devices are, they’re small computers. You need to treat them with the same care as any other computers on the network. Keep them secure, and they won’t cause problems.

Cloud Technologies and Handling Ransomware

Cloud computing is one of the best technologies to have in the workplace. Not only can you store your data quickly and efficiently, but it’s also easier for you to access any data. With that said, when it comes to your business security, especially the malicious tool known as ransomware, why are cloud services so important?

Cloud = Virtual Storage

One reason why, is because cloud computing allows you to store your data virtually over the Internet. This makes it untouchable in the event of a disaster. Let’s say a ransomware attack happened on your device, and it affected the data on your hard drive. Despite this, none of your virtual data would be affected, especially since this isn’t what most hackers are banking on. However, since ransomware locks your computer, you wouldn’t be able to access any of your virtual files, right? As a matter of fact, you can. Cloud computing not only keeps your files safe in the event of a disaster, but your data is also accessible from any device with an Internet connection. Whether it’s another computer in the workplace or even your mobile phone, the sky’s the limit to where you can access your personal data.

For more information about cloud computing, COMMON offers educational opportunities throughout the year. Stay in touch to see when the next cloud-related sessions become available.

New Identity-Access Management Developments: IT in the Banking Industry

Just like in many other businesses, identity-access management is becoming the make-or-break factor for creating dependable IT security in the banking industry. That’s why new technological advancements in access-management strategies for banks are such a hot topic right now.

Ever since The New York Times reported in 2014 that JPMorgan Chase banks suffered a security breach that leaked the details of at least 76 million personal accounts and 7 million small-business accounts, banks have been scrambling to protect their networks better with more strict authentication measures.

BankTo improve identity-access management security, more banks are looking at evolving ways of integrating multi-factor authentication among their network’s users. For example, HSBC bank announced in March of 2016 that they’ll begin using new alternatives to standard password authentication that include both fingerprint scanning and voice-recognition technology to protect online accounts, according to ProofID Ltd.

Meanwhile, the U.S. DOD has started a “soft certificates” test program to evaluate the security of new wirelessly-derived credentials on mobile devices that access some of their private networks. Mobile devices store such soft credentials and use them to encrypt data and authenticate VPNs, for example.

Banks are more than interested in following suit, as evidenced by Payfone’s developments in mobile-payment authentications to create online transactions that they claim aren’t possible to hack or duplicate. Their number of transactions has tripled in just one year as they expand to network with more banks.

FingerprintExpect more fingerprint-activated payment systems to take off as well as more smartphones than just the iPhone and new Samsung models adopt fingerprint-scanning features in the future.

5 Tips to Help Achieve IT Security

When it comes to your information, keeping it out of the hands of cyber thieves is a high priority. As technology regularly evolves, so should your IT security measures. You must have multiple layers of security protecting your systems. Below are five basic tips to aid you in keeping your information as safe as possible.

  1. Minimum privileges basically means deciding who has authority to what information. Limit access based on job duties and you limit the chances of your system being breached. For example, your receptionist usually won’t require access to payroll or your transportation manager doesn’t need to snoop in HR files. This is easily adjusted as job requirements change.
  2. Firewalls are your friend. Firewalls are meant to keep unauthorized users from accessing your systems. They are not infallible, but when used along with complex passwords and anti-spyware/anti-virus programs they can provide that extra level of security.
  3. Have a back-up plan. In Computers 101, you learn to back up your information. This is essential, but do you also have a back-up procedure to fall back on if your system is attacked? You need the ability to keep functioning during a system repair or replacement.
  4. Prioritize your systems, decide which are most vulnerable to attack and which are most valuable. You’ll want the heaviest measures deployed on the highest level, most vital systems and data. Accomplishing this without leaving the lower levels unprotected is important.
  5. Constantly evolve your defenses and grow with the changing threats. Just as hackers will continue to find ways to chip away at your security measures, your IT department will need to develop new ways of repelling them.

Taking these general tips farther, you can grow your knowledge of IBM i security by watching recordings of past COMMON webcasts:

Automatic Encryption with FIELDPROC – No Application Changes!

IBM i and Our False Sense of Security

What’s New in 7.1 and 7.2 Security

Be secure out there!