Neutralising the USB threat to your business

As Heathrow Airport found out last year, lost or stolen USB drives can expose your organisation to substantial risks such as damage of reputation, loss of customers, or fines.

You can neutralise them by using Encrypted USB drives. Check out our infographic to understand some other quick actions you can take to secure your business from the potential damage that just one unencrypted USB drive can do.

 

 

How can encrypted USB help your business?

Kingston Technology’s encrypted USB drives provide the security needed to protect your confidential business data at all times; protect your organisation’s sensitive and business critical data by standardising on an encrypted Kingston DataTraveler or IronKey Flash drives.

With several models and capacities to choose from to suit all types and sizes of organisation, there’s always one that’s ideal for your company’s needs. Whether mobile data security is a priority, or you have to demonstrate compliance with data-at-rest directives, laws, standards or global regulations such as GDPR, Kingston’s encrypted USB drives are built for all scenarios. Check out this short video of the DTVP30 range to find out more.

 

How we can help

Complete IT Systems and Kingston Technology have the solutions, experience, accreditations and skills to provide your business with the security solutions you need. For more information call us on 01274 396 213 or contact us and we can call you back.

Could your company survive a six-figure fine for USB data breach?

Heathrow Airport received a £120,000 fine late last year for allowing a data breach by way of an un-encrypted USB stick being misplaced and falling into the hands of a national newspaper. The stick, which contained 76 folders and over 1,000 files, was not encrypted or password protected. “The stick held a training video containing […]

Continue reading

Why are mobile devices like a needle in a haystack for IT?

When your business depends on response speed and access to data and email, ‘on the go’ availability is a must. However, more access brings more mobile data security threats. That is why it is rational to assess risks and have a well-thought-out protection strategy before adopting mobile device usage across your business.

As part of our series of blogs highlighting the pitfalls of cyber security for business, this week we’re looking at why mobile devices with access to business data can prove to be a needle in a haystack for IT to keep track of.

Mobile devices – a needle in a haystack for IT

An employee’s mobile device is an interesting target to a broad array of cybercriminals. Some are looking for corporate intellectual property (and according to Kaspersky’s “IT Security Risks Survey 2018,” employees in 1 in 5 enterprises access corporate intellectual property using their personal mobile devices and tablets). Others think that your contact list is good loot — it can be used for spear-phishing attacks on your colleagues.

While those are rather exotic threats, don’t forget about more widely distributed malware that doesn’t target a specific business. Last year, our systems registered 42 million attempted attacks on mobile devices. They included a variety of Trojans that tried to hijack social media and bank accounts, ransomware, and more. They may not sound as scary as targeted attacks, but they can cause plenty of harm, especially if the accounts in question are corporate ones, and the situation is especially common in small and medium businesses.

Mobile specifics

The main problem with mobile devices is that they do not stay inside a company’s security perimeter, which makes pinpointing the threats akin to searching for the proverbial needle in a haystack for IT. They can be exposed to unsecured public Wi-Fi or just be lost or stolen. When employees use the same device for both work and personal activities, more problems pop up. An employee might accidentally download a compromised application preloaded with a spying module or ransomware, for example. They might try to root or jailbreak their device and expose it to even more threats.

Some of the problems with mobile data security — unfortunately, not all of them — can be solved with mobile device management and enterprise mobility management solutions. To resist sophisticated malware, companies need an additional level of protection.

How to prevent business mobile security breaches

Kaspersky’s ‘Security for Mobile’ solution was recently updated to include machine-learning-assisted technologies with cloud-based threat intelligence mechanisms to bring threat prevention, detection, and remediation to mobile platforms and thus keep your business information safe.

For example, Kaspersky Security for Mobile can detect if an employee’s smartphone or tablet is jailbroken or rooted (bad enough if the employee did it, but worse if done without their knowledge). Our solution also provides application control, Web traffic control, antiphishing, and antispam subsystems to corporate devices.

Kaspersky Security for Mobile integrates with Microsoft Exchange ActiveSync, iOS MDM, and Samsung KNOX platforms; and Kaspersky Security for Android (a part of this solution) is also compatible with VMware AirWatch and MobileIron. That compatibility allows your IT staff to configure and control security management for most widely used mobile devices.

Want to find out more?

As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.

To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.

Could your company survive a six-figure fine for data breach?

Heathrow Airport received a £120,000 fine this week for allowing a data breach by way of an un-encrypted USB stick being misplaced and falling into the hands of a national newspaper.

The stick, which contained 76 folders and over 1,000 files was not encrypted or password protected.

“The stick held a training video containing names, dates of birth, vehicle registrations, nationality, passport numbers and expiry, roles, and mobile numbers of 10 individuals involved in a particular greeting party, and also details of between 12 and 50 (exact number unconfirmed) Heathrow aviation security personnel, ” the Information Commissioners Office (ICO) said in its penalty notice.

What did Heathrow get so wrong?

While it’s easy to say that it’s easy to lose a USB stick and that there’s little a company’s directors can do to mitigate such a data breach scenario, in issuing the fine, the ICO also pointed out that less than 2% of Heathrow’s 6,500 staff had even received data protection training.

Other concerns noted during the investigation included the widespread use of removable media in contravention of Heathrow’s own policies and guidance and ineffective controls preventing personal data from being downloaded onto unauthorised or unencrypted media.

This is despite the fact that most businesses now rely more and more on IT to support their activities, and this makes them increasingly vulnerable to threats from hackers, viruses and even from malicious or careless actions their own staff as in the Heathrow case.

How can you ensure your company does not fall victim to data breach?

Having the correct solutions, policies and training in place can make the difference between success and failure for your company – strong IT security has never been so crucial.

Information also needs to be protected if you share it with other organisations. For many businesses, the internet has replaced traditional paper-based methods of exchanging information. It can be sent and received faster, more frequently and in greater volume – but the internet in itself brings its own security issues which businesses must consider.

Having an effective IT security polity in place can help you control and secure information from malicious changes, deletions, data breach, or from unauthorised disclosure.

How we can help

Complete IT Systems has the experience, accreditations and skills to provide your business with the security solutions you need. For more information on how Complete IT Systems can help your business, call us on 0845 873 9631 or contact us and we can call you back.

References

Facebook Extends US Political Ad Ban For Another Month

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/10/heathrow-airport-limited-fined-120-000-for-serious-failings-in-its-data-protection-practices/