Expecting Microsoft to be the top performer in personal devices and/or expecting Apple to rein in the business networks of the world is, in my opinion, unreasonable. Yes, before Apple fans get their feathers all ruffled, there are exceptions to Apple working in business—especially for individual users connected to the corporate network. Additionally, new managed services can help solve the problems some people notice associated with centrally maintaining several Apple devices on the same network.

Apple is, in my estimation, working hard to get the iPad accepted and implemented in offices. To that end, Apple has adopted some security and business integration measures. For security in particular, refer to this informational PDF.

In summary, security features include:

• Support for WPA2 for Wi-Fi security (both PSK and Enterprise)
• Support for VPNs
• Password support including options for complexity, length, forced changes, lockout, etc.
• Integration with Exchange
• Ability for the IT department to enforce policies
• Remote data wipe
• PKI support including code signing requirements

Many of our clients are integrating the iPad into their organizations.

Will you or have you already used the iPad and/or another slate device on your corporate network?

Please post your comments on this blog.

Please post your comments on this blog.

IT security is frustrating and gets in the way of productivity. IT security can be expensive—but less now thanks to all of the competition in the marketplace for IT security products and services. Heck—lots of IT security is built into the Microsoft Server operating systems—and even Windows 7 for that matter. One just has to “turn it on.”

To me, the key concept relating IT security and productivity is to get away from the “either, or” way of thinking. In other words, you CAN have BOTH security and productivity! If you feel you have to give up productivity to be secure, I feel confident there is a solution that will let you have lots of both.

Granted, almost always, there will be some compromise. You may have to choose between being:

• 90% secure and 100% productive, or
• 100% secure and 90% productive

The choice is up to whoever will be held responsible for a data breach—probably the owner, CEO, board etc for the organization. I generally lean to the first option in many cases.

Key point: This decision is NOT and I repeat NOT up to IT. I feel it is IT’s responsibility to alert executives to any such trade-offs so that the executives can make an informed decision since they have to live with the consequences of their choices.

I wonder just how much money in the purchase price of a new car has to do with the door locks and the key used to start the car? How much added frustration do we experience in our lifetimes due to having to lock, unlock, and start our cars with a key throughout our lives? Yet, our vehicles are productive and secure without having major conflicts between those two attributes.

On a tangent: If users could “see” someone stealing their data or borrowing their computer the way they could see someone borrowing their car, users would be more attentive to IT security.

Please post your comments on the blog.

The top executives often get special treatment on the network. Maybe they asked for it, or maybe the IT professional gave it to them “just because.” Some of the biggest offenses I witness repeatedly when auditing companies include:

1. Domain administrative access. In other words, some executives are essentially unrestricted on networks “because they are the boss.” That unfettered access means the executive can easily destroy the entire network. For example, if a virus enters through an e-mail sent to the executive, and your anti-virus system does not catch the virus, the virus will now have unrestricted access to your network. Restrict the executives to the least access privileges they need to do their jobs.
2. Poor password management – such as the same password they use for everything and it is written on a yellow sticky note stuck to their monitor. Consider using password management.
3. Executives sometimes demand exceptions. They want to be able to install software on their own, access any web site they want to, use their office computers for personal activities, and fall for some of the oldest phishing tricks in the book. The executives can be examples by following the safety rules too. Just make sure the rules still allow your employees to be productive!
4. Fixing their own computers, or letting their “brother in law” work on the network. Rely on your own qualified IT professionals please!
5. Bad habits while traveling including connecting to the nearest WiFi network, losing important data, and bringing infections back to the office. Ensure everyone uses secure remote connections and practices.
6. Plug in anything and everything USB into the office computer causing an infection or data loss. Check with your IT department before using any USB device.
7. Sending private information via e-mail or storing it on removable media. Email is like a postcard, not a letter – anyone along the way can potentially read what you send – even the attachments. If someone steals your USB memory stick, they own the data unless you are using robust encryption.

With a little care, the executives can set the excellent example of how to protect your company!

First, there was the problem that Twitter’s server had a password set to “password.”   Executives would find news of their own server passwords being so weak as inexcusable!  Then, there was another breach that was caused by several user blunders including using the same password at both gmail and hotmail.

Do any of your users, or you, use the same password at more than one site?  Change them. Get a password manager such as RoboForm or MyPasswordManager. A password manager remembers all your passwords for you – all you need to remember is your password to the password manager. Not perfect security, but a whole lot more secure than using the same password at more than one site! Protect yourself.

There is a wonderful product on the market that will make backups of your computer quickly and easily. The problem is, a criminal can use this product to steal your information. This is supposed to be a short sales video, and I want you to consider how you would feel about the video if a criminal used this to steal your computer’s information: http://www.youtube.com/watch?v=S-aHtWOYGvg

And, in their support, I see this as a very useful tool for home users who never back up their computers – and risk losing years of precious photos of their family. I bought one for myself to show to executives and recommend for people who do not make backups because they feel backups are too much trouble. This is a great tool in your hands for use on your own computer.

There are other ways cyber criminals can steal your data, but you can slow them down if you never leave your computer unattended and logged in if you store any private information such as credit card numbers, banking information, social security numbers, etc.  In Windows, you can use the key combination “windows-L” to lock your screen. You need a secure password.  That makes it more difficult, though not impossible, to steal your data.

Summary: Great tool in your hands; horrible tool for hackers to use against you.

Would your users plug in a USB memory stick “just to see what is on it?” The act of plugging in the memory stick could set off a chain reaction that leads to a breach of your most confidential data.

What will your users do if someone calls saying they are helping your IT professional and the IT professional needs to know their password? That might be a hacker calling to get a password from your user.

Would a twenty-something employee at your office install some peer-to-peer software for use on their break? That could expose your most sensitive files to hackers. This is how the plans to the president of the United States helicopter’s defense systems were leaked to enemies.

Would a user copy important data to a removable media device or a laptop and then lose the item? This could result in a data breach and also lead to your needing to send out notification letters to everyone you have ever done business with. The damage to your branding could be very serious.

If you ever found out your computer was infected, you would do something about it right away. This is why it is in the best interest for cyber criminals to disable your anti-virus software, automatic updates, and other protection measures quietly and effectively. That way, you keep using your computer “business as usual” and have no idea your computer is “owned” by a criminal.

I am thrilled to see articles about IT security issues so much in the news. Maybe everyone will take this threat even more seriously and, together, we can hinder the spread of the infections.

This is a horrible mistake since your IT team needs your help and support in making the network secure.

If your organization ever has a breach, you may be found negligent if you are not practicing due care and due diligence in maintaining IT security. The IT security at most small to midsize businesses is, if I may speak frankly, a joke!

Many IT professionals are already facing insurmountable odds trying to keep employees productive and pleased with too few resources and too little knowledge about more modern tools that could make their jobs much easier. Understand that, when it comes to IT, “modern” can refer to a technology that was created recently. Much of the technology created 3 years ago is so “outdated” that you are losing valuable ROI by not upgrading. Note that Windows XP is an exception to this rule – stay away from Vista at your offices unless your IT professionals are ready for and requesting the move.