Consumerization of IT has already become a reality for many organizations

Your employees increasingly use their own mobile devices for business– a trend known as the consumerization of IT. Symantec recently conducted a short survey to learn more about end users’ experiences and perspectives on this trend. What it found is the consumerization of IT has already become a reality for many organizations.

The vast majority of respondents said their company allows employees to use the smartphones of their choice for work-related activities. And nearly identical percentages of respondents said their employer provided them with their smartphone (44 percent) as those who said they purchased their own (43 percent).

The survey also found that while end users realize the productivity and satisfaction benefits of allowing employees to use the smartphones of their choice for work, they don’t fully comprehend the extent of the security challenges this creates. In fact, 78 percent think that allowing employees to use the smartphones of their choice either has no impact on or only somewhat decreases the overall security of their company’s networks and information.

So what can small businesses really learn from this survey? Small businesses need to educate employees on the potential security risks these devices create and how to best keep them and the data on and accessible through them protected. Below are tips for small businesses to share with employees to help keep your information safe:

• Encrypt the data on mobile devices – The business-related and even personal information stored on mobile devices is often sensitive. Encrypting this data is a must. If a device is lost and the SIM card stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
• Make sure all software is up-to-date – Mobile devices must be treated just like PCs in that all software on the devices needs to be kept up-to-date, especially the security software. This will protect the device from new variants of malware and viruses that threaten a company’s critical information.
• Develop and enforce strong security policies for using mobile devices – In addition to encryption and security updates, it is important to enforce password management and application download policies for managers and employees. Maintaining strong passwords will help protect the data stored in the phone if a device is lost or hacked.
• Avoid opening unexpected text messages from unknown senders – Just like emails, attackers can use text messages to spread malware, phishing scams and other threats among mobile device users. The same caution should be applied to opening unsolicited text messages that users have become accustomed to with email.
• Click with caution – Just like on stationary PCs, social networking on mobile devices and laptops needs to be conducted with care and caution. Users shouldn’t open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn’t take much for a user to be tricked into compromising a device and the information on it.
• Users should be aware of their surroundings when accessing sensitive information – Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulder.
• Know what to do if a device is lost or stolen – In the case of a loss or theft, employees and management should all know what to do next. Processes to deactivate the device and protect its information from intrusion should all be in place. Products are also available for the automation of such processes, allowing small businesses to breathe easier after such incidents.

McAfee launches new cloud security solution

McAfee has announced the McAfee Cloud Security Platform, a new approach to help organizations safely and efficiently take advantage of Cloud computing. The new platform achieves this by securing all content and data traffic – including email, web and identity traffic – moving between an organization and the Cloud.

“Once you move data or applications to the Cloud, you essentially lose most – if not all – of your security visibility, which most organizations find unacceptable,” said Marc Olesen, senior vice president and general manager, Content and Cloud Security at McAfee. “By securing the data and traffic before it travels to or through the Cloud, we help businesses extend their security practices and policies into the Cloud.”

The McAfee Cloud Security Platform delivers security through highly integrated, modular solutions that protect both inbound and outbound traffic moving between the enterprise and the public cloud.  Today, the platform offers the following modules:

• Web Security – McAfee Web Security provides bi-directional protection for both incoming and outgoing web traffic through proactive reputation- and intent-based protection.
• Mobile Security – Web traffic generated by smart phones and tablets can be directed through the McAfee Web Gateway using standard device management. This ensures that mobile devices are secured with advanced anti-malware protection and corporate web filtering policies.
• Cloud Access Control – The Intel Expressway Cloud Access 360, helps enable an Enterprise or Cloud Provider to provide comprehensive access control for cloud applications using Enterprise identities.
• Email Security – McAfee Email Security delivers total email protection, integrating comprehensive inbound threat protection with outbound data loss prevention.
• Web Services Security – The Intel Expressway Service Gateway offloads application level API security, data transformation, REST to SOAP mediation, and identity token exchange, to a high speed gateway at the network edge or in the cloud.

Another key aspect of ensuring Cloud security is making sure organizations identify data that should or should not be moved to the Cloud.  UsingMcAfee’s Data Loss Prevention solution, organizations can first understand where its data resides, classify that data in terms of importance or sensitivity, build policies to protect that data, and then enforce those policies while data travels within or outside the organization to the Cloud.

McAfee Data Loss Prevention discovers data no matter where it resides or what format it is in on the network, giving the enterprise rich data mining tools to deliver effective protection and the creation of more effective policies that work quickly. Centralized management and reporting is also provided through integration with the McAfee ePolicy Orchestrator platform.

The security modules can be deployed as an on-premises appliance, Software-as-a-Service solution or a hybrid combination of both. This provides organizations the flexibility and coverage to protect their headquarters, regional offices and even remote workers using mobile devices.

Regardless of the deployment form factor, the solutions can be centrally managed through the ePolicy Orchestrator platform or the McAfee SaaS Control Console.  Additionally, the platform and modules are powered by McAfee Global Threat Intelligence, which leverages the Cloud with millions of sensors and hundreds of threat researchers worldwide to deliver real-time – and even predictive – threat intelligence against all known and emerging threats.

Using the platform’s built-in Application Programming Interface (API), McAfee aims to deploy additional security modules in the coming months to provide even greater and deeper Cloud protection. This may include a variety of solutions, such as tools that can provide greater granular control over popular social media sites.

Kaspersky to remote ‘wipe’ your phone and give phone the thief’s number, if phone is lost

Kaspersky Lab, the Russia-based anti-virus provider, has announced a ‘privacy guard’ cum anti-virus software for smartphones. The software will not only protect phones from viruses, but also enable users to create white lists and black lists of contacts. No call records or contact details will be visible if persons are added to the ‘black list’, allowing users to ‘hide’ such contacts. They can, of course, retrieve such contacts by entering their secret codes or upon time out.

The software, ‘Mobile Security’ will also allow users to block unwanted calls and SMSes by creating similar ‘black lists.’

It also helps users locate missing devices by activiting the GPS system remotely and can also help wipe all data, including messages and contacts, by sending an SMS to the phone, if lost.

If the thief puts in a new SIM, you also get an SMS with the details of the new SIM, including the phone number.