8 Tips for Security of Your Company’s Wireless Network



Do you take it for granted that your wireless network is secure? Don’t make that assumption.

Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues.

If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable.

ID-100195771 cooldesignAdmittedly what follows isn’t a comprehensive, sure-fire set of strategies; however, there are ways to enhance your chances for a secure wireless network.

Here are eight recommended security steps:

1. Change your default password.

It’s easy for hackers to learn your default password. Router vendors’ passwords are widely available to them. When you launch your wireless system, change the router’s default password. If your system is operating buy you haven’t changed the password, do it now.

2. Use WPA2 encryption, not the old WEP encryption.

It’s important to encrypt your system to prevent nosy parties from observing your activities. But WPA2 provides better security than WEP.

3. Use a sophisticated passphrase.

Don’t use a passphrase that can be easily hacked. Your passphrase should have at least two dozen characters — upper and lower case letters, numbers and symbols.

4. Don’t use ordinary SSID names.

SSID, or service set identification, is a name that identifies your wireless network. SSID is a weak form security.

Some IT people mistakenly think all they need to do is  turn off SSID broadcasting. If you have an IT person, don’t let the person make this mistake. Hackers know how to render the action as useless.

So change the default SSID along with the passphrase to make it more difficult for hackers.

5. Disable your WPS, or WIFI protected setup.

WPS is a an eight-digit PIN number that’s on the device’s back label. WPS is supposed to be a convenient way to add computers to the network.

But it’s vulnerable and hackers can snare your passphrase to do their dirty deeds.

6. Don’t use MAC address filters.

MAC, or media access control, is an identifier for WIFI devices and ethernet ports. It’s designed to filter out wrong MAC addresses.

But its effectiveness is questionable. It’s often inconvenient because it’s easy to misconfigure, especially if you have a lot of devices.

7. Don’t allow administrative access.

Otherwise, you’ll make it easier for an outside hacker to mess with your WIFI router.

Instead, use a computer in your network to make any necessary changes to your wireless system.

8. For customers and vendors, consider a guest network.

If you feel you want to make wireless available to visiting customers or vendors, don’t give them your passphrase.

Instead, under a second SSID, set up a separate wireless network. You’ll be able to disable or periodically change it’s passphrase without impacting your company’s devices.

From the Coach’s Corner, related tips:

Do BYOD Headaches Outweigh Benefits? Yes — BYOD — bring your own device — is the trend in which employees bring their own handheld technology to use at work. They use their hardware on sensitive company-owned databases, e-mail, file services and wireless networks. 

Tips For Internet Security to Prepare you for New Cyber Attacks — According to a Web security study in 2013, Internet attacks have been impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities. 

Information Security: How to Make the Right Choices — More than ever, businesses, government agencies and consumers are learning costly lessons about due diligence in privacy and data security. A nationally known expert tells how to make the right choices in information security. 

Web Security Checklist and Warning about Mobile Banking — Here is an online security checklist and a stern warning about using mobile online services at your bank or credit union. 

Keys to Protect Yourself from Skyrocketing Trend – Tax Identity Theft — Tax identity theft is increasingly victimizing Americans, according to the Internal Revenue Service.

“It’s like the Wild West, the Internet. There are no rules.”

-Steven Wright


__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





Image courtesy of cooldesign at www.freedigitalphotos.net

BYOD, Mobile-Banking Warnings about Security Prove Prophetic



With businesses allowing BYOD and the escalating malware abuse, cybercriminals are so successful in invading smartphones, it’s leading to a security services industry totaling $1.88 billion.

File:ABI Research logo.svgThat’s the finding in an ABI Research 2013 report.

BYOD is the acronym for bring your own  device. In trying save money, many businesses mistakenly allow workers to use their own cell phones in their duties at work. (See Do BYOD Headaches Outweigh Benefits? Yes.)

Furthermore, a government task force has warned mobile users about a another malware threat.

IC3 LogoThe Internet Crime Complaint Center (IC3) warns the  malware is especially dangerous for Androids. The malware that tricks Android users are called Loozfon and FinFisher, and IC3 issued security tips for users.

Nervous bankers

In addition, there’s another warning about mobile banking — even the American Bankers Association in this published report: Why corporate mobile banking is scary.”

The banking-industry article explains the difference between corporate and retail mobile banking. Corporate mobile banking is used by high net worth executives. Retail mobile banking refers to use by the masses. 

‎Not to be gauche, but in 2009 you saw the warning about retail mobile banking here first.

So now, bankers are concerned about the dangers of corporate mobile banking.

Stern warning

Mobile banking is so risky an IT security guru said don’t do it. That was the online security warning on Sept. 7 from the authoritative Dr. Stan Stahl of Citadel Information Group in Los Angeles.

Dr. Stahl’s analysis in my column included this stern warning: “All in all, cell phone on-line banking is a big NO!!!” (Web Security Checklist and Warning about Mobile Banking.)

It was a very popular column in terms of readership. But it also incurred reactionary-venom from a mobile-banking marketer and his friends. Ordinarily, reader responses are given space to comment on my columns. However, his crude sarcasm regarding Dr. Stahl’s expert analysis and my alleged chutzpah in publishing the column was offensive.

After mulling it over a day or so I decided not to give him space on this site. He had crossed the line of civility.

After more than a year had transpired I had, of course, forgotten about the incident.

Disturbing mobile-banking headline

Then, this disturbing headline in Digital Trends on Nov.5, 2010: “Major mobile banking app security holes uncovered.”

Here’s an excerpt:

 You might not want to check your bank account from your phone after all. Mobile apps from USAA, Chase, Wells Fargo, Bank of America, and TD Ameritrade have major security holes, reports research firm viaForensics and WSJ. The bugs center mainly around iPhone and Android versions of the apps, and could potentially allow a hacker to learn your username, password, and some financial information. In other words, this is bad.

Yes, you’re reading correctly about this information technology red flag. Published reports indicate there have been mobile-banking security lapses on iPhone and Android apps at USAA, Chase, Wells Fargo, Bank of America and TD Ameritrade.

Whoa! It’s time to check with Dr. Stahl, a nationally recognized expert, for his typically astute response. (Visit his Web site, www.citadel-information.com, and you’ll understand why I implicitly trust his opinions.)

“This… is about learning from experience, particularly that when it comes to cyber security we all need to be a lot more ‘intellectually humble’ when we talk about how secure something is,” he responded. “Right now, the cyber criminals are winning,” he wrote. “They are winning in part because too many people have a false sense of their own security.”

Prior experience

Dr. Stahl’s security credentials are impressive as a consultant and so is his prior experience, which includes many years in the aerospace industry “securing critical national security software.”

“I can remember the day we found a critical vulnerability in Cruise missile software that might have kept us from successfully responding to a nuclear attack,” he recalled. “I know the managerial, political and especially intellectual challenges we went through to be in a position to catch that mistake.”

He knows the challenges and expense that go into producing high-quality software.

“We’re taught that pride goeth before the fall,” he added. “That is certainly true in the battle against cyber crime. That’s why perhaps the most important thing I learned in trying to prevent, find and fix critical logic errors in complex software is intellectual humility.”

Hmm – intellectual humility. That’s a term I’d also use to describe Dr. Stahl.  He’s been my go-to source for authoritative information since 2004. He’s a true gentleman, a philosopher and he’s assertive in responding to security questions.

“Intellectual humility is the ability to suspend our own belief in something we normally believe in, like the attorney hiring another attorney to find weaknesses in his argument or the doctor seeking a second opinion to look for holes in his diagnosis,” Dr. Stahl wrote in explaining his approach. “Most of us develop a normal amount of intellectual humility in those areas of our greatest expertise,” he believes. “We understand and appreciate just how hard it is to do the things that we are accustomed to doing and we learn through experience how to pay detailed attention to the things we need to do to do our job.

“The challenge is that, human nature being what it seems to be, our intellectual humility doesn’t easily carry over to domains where we lack firsthand knowledge and experience,” he opines. “We tend to over-simplify in those places we know little about. This isn’t usually a problem: any intellectual humility I might lack regarding how dangerous lions are is mitigated by the fact that I am under no threat from a lion. Unfortunately, when it comes to cyber security, because we’re all on the Internet it’s as if the lion is right next door. And he’s hungry.”

Response to mobile-banking marketer

As for the sarcastic, mobile-banking marketer from 2009, Dr. Stahl commented:

“We can’t expect a marketing representative in the mobile banking industry to have tested communications software controlling our nuclear missiles any more than we can expect the CEO of a bank to have written cyber security software requirements for an advanced military intelligence system,” he pointed out. “Nor can we expect the people who run our business IT networks to have the same sensitivity to security that we had 25 years ago when we designed a secure network for the Strategic Air Command.

“You can see where the danger is in this since these are the same people who influence (and often make) buying decisions about software that we use to manage money and sensitive information; software that has to be adequately secure to protect the money and information it touches,” he continued. “And, lacking the experience, these otherwise well-meaning men and women don’t understand the necessity of being intellectually humble in the presence of complex software.”

Dr. Stahl’s bottom-line

“That’s why people who have to make decisions about cyber security management must maintain their own healthy skepticism, resisting any temptation they may have to believe cyber security claims, whether from marketing people, their banks or their own internal IT staff. Ronald Reagan is famous for saying: ‘Trust. But verify.’ Do him one better: drop the trust.”

Well said, Dr. Stahl. Thank you.

(Disclosure: Dr. Stahl and I are both members of a roundtable of veteran consultants that meet in Los Angeles; Consultants West, www.consultantswest.com, has experts from many sectors.)

From the Coach’s Corner, also regarding Internet security and Dr. Stahl’s analysis, here is the all-time most-read Biz Coach column: Using Starbucks’ WIFI? Security Pro Issues Warning and Security Checklist.

“Once they get their hooks into you, you’re a dead pigeon.”
-Bud Abbott


__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





How CIOs Can Get More Respect in the C-Suite



Despite the importance of their work, chief information officers have difficulty earning respect from senior executives.

Ironically, information technology plays a vital role in an organization’s risk management and profits.

Two studies indicate there’s a widespread perception that IT pros need to get businesslike.

But CIOs are not alone.

Like many advertising and marketing professionals, CIOs face a glass ceiling because they’re not seen as management peers at the conference-room decision-making table.

Why?

Have you ever noticed that IT people do not take the lead in strategic initiatives?

They do not convey that they understand the big pictures facing their employers.

They appear to be too task-oriented.

They often project the image that they only follow what’s at the end of their nose and that they get immersed in minute details.

How can a CIO acquire all the necessary skills to fix the problem?

So, what a CIO needs is a vision of how their IT department can best-serve their employer, which involves creating revenue.

Businesses generate more revenue if their information technology and marketing professionals work together to strategize more effectively.

For instance, success in e-commerce is increasingly challenging for companies that want to dominate in brand preference, customer loyalty and word-of-mouth advertising. (See the 4 Keys So Marketing and IT Can Create Business Revenue.)

Earning C-suite respect also calls for taking the initiative – being ahead of the pack in emerging technology and applications that benefit or complement a company’s strategic plans, assessing options, communicating strategies, developing strong relationships in and out of the company, and possessing self-marketing skills.

This really starts by being able to listen and asking relevant open-ended questions. Have you ever noticed the most-powerful people in a room often do the most listening?

A personal investment of time is required. Develop a strong familiarity with every business unit in the organization. That includes operations, marketing, sales, finance and human resources.

This is accomplished by asking colleagues for information about issues, challenges and goals. One good method is to ask a different peer to go to lunch every week.

CIOs also need to read what CEOs read, learn how they think, and emulate their abilities to compartmentalize and synthesize events and information to develop objectives.

IT pros need to become known for effective teaching skills. A good educator becomes the go-to person in any organization.

This requires the ability to sell ideas and information – to be able to explain what data and what developments mean to the firm. This can lead to strong relationships, which are imperative for universal respect.

If all of this was so easy, everyone would be doing it. Chip away at learning these skills and you will be on your way to earning more respect in the C-Suite.

From the Coach’s Corner, here’s a myriad of links to articles with tips CIOs might wish to consider:

— Career Tips

— Management

— Leadership

— Human Resources

“It’s not a faith in technology. It’s faith in people.”
-Steve Jobs


__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional.Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





Photo credit: www.mconnors.com


Tech Trends: CFO’s the Boss, IT Departments Are Disappearing



Two developments are clearly underway in information technology. Increasingly, the chief financial officer is in charge and IT departments are shrinking in size.

First, regarding the shrinking size of IT departments, a Corporate Executive Board study indicates they’re diminishing in size, according to writer Joe McKendrick  at SmartPlanet.com.

MH900422730 young business womanIt’s not a cutback in jobs, just a shift in how IT professionals are put to work. He writes companies are either are tapping IT service providers or clouds.

The study indicates IT department will be 75 percent smaller by 2015, and 80 percent of IT budgets will be spent on IT vendors’ services.

What’s driving this phenomenon?

Probably best-practices in consolidation as CFOs assume more authority.

A study by Gartner and Financial Executives Research Foundation (FERF) was based on the perspectives of senior finance managers.

It’s entitled, “2010 Gartner FEI Technology Study: The CFO as Technology Influencer.”

Findings include:

— Forty-two percent of IT departments report to CFOs

— Thirty-three percent are supervised by the chief executive officer

— Sixteen percent report to the chief operating officer

— Two percent are overseen by the chief administrative officer

— Seven percent to other executives

Most importantly, the CFO has a major say in 75 percent of IT departments and a minor input in 20 percent. In 5 percent, the CFO has no influence.

Why? Two studies indicate a need for IT pros to get businesslike.

“In most organizations, the CFO and CIO work together daily to finance IT and provide information that supports financial processes, but there is also an opportunity for them to form a powerful alliance that generates more value for the enterprise,” said Bill Sinnett, FERF’s director of research, in a statement.

“The CFO and CIO are well-positioned to work together at generating superior performance from the enterprise,” he added.

The  study makes it clear IT department personnel, especially the CIO, should understand an organization’s big picture and how they can best contribute to the  firm’s welfare via the CFO.

My Biz Coach conclusion from the two developments:  IT success hinges on acculturation with the finance mindset as well as a higher degree of integration with the rest of the organization. It’s different but it’s the wave of the future.

From the Coach’s Corner, related resource links:

Nervous About Your New Boss? Here’s How to Deal with ItWhether you just got a new job or whether your company just assigned a new boss for you, here’s how to develop poise and to manage your boss.

8 Tips on How to Ask Your Boss for a Pay Raise — Your food, gas and other living costs have increased. But you need tips on how to ask your boss for a pay raise. You’re mindful about the economy and that unemployment rates are high. With the exception of Wall Street, payroll budgets are constricted everywhere, and you haven’t had a raise recently. Here’s what to do.

The 22 Dos and Don’ts for Successful NegotiationsNo matter what you need to negotiate, there are easy strategies to get anything you want. But you must first remember it’s important to reach a fair compromise – with win-win negotiating skills.

9 Dos and Don’ts for Best Decision-making — The dos and don’ts for best decision-making are applicable in three ways: Whether you have difficulty making the best decisions, engage in self doubt after making one, or are gun shy because some of your decisions have failed you. To err is human.

“I wasn’t a financial pro, and I paid the price.”

-Ruth Handler


__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.






Information Security: How to Make the Right Choices



More than ever, businesses, government agencies and consumers are learning costly lessons about due diligence in privacy and data security.

In recent years, more than 100 million Americans have been victimized, according to the Privacy Rights Clearinghouse, a consumer rights organization.

The epidemic is caused by hacking, theft, and unscrupulous employees.

ID-100291074 Stuart MilesIndeed, five years of research by Carnegie-Mellon University’s CERT Coordination Center, and the U.S. Secret Service shows employees and former employees are responsible for much of the information technology sabotage.

Some 80 percent of incidents were caused by workers already known by managers to be discontented.

The individual costs have ranged from $500 to millions of dollars.

In other words, we’re in a state of crisis and it’s time for an update on solutions from a trusted source I’ve quoted in years past, Dr. Stan Stahl, Ph.D., a nationally known security expert.

He has three major concerns in security trends:

The first of which is organized crime, which he calls cyberscum. “Credit cards with pin numbers go for $100 on the black market,” said Dr. Stahl. “With such cyberscum, you have people who spend their days looking for vulnerabilities in software and they build botnets. The Secret Service uncovered one of the botnets that invaded and controlled 150,000 computers.

“Secondly, it used to be that the perimeter was well-defined because it was basically the corporate network,” he explained. “But now Blackberries, smart phones, and remote workers and all of that, the perimeter is no longer well-defined.”

His third concern? “It used to be you just needed anti-virus software, firewalls and passwords, but hackers are attacking anti-virus security so you really need to step back to take a big-picture look of protection to develop a secure program in your technology and culture,” he added.

Although convenient, confidential offsite storage is not guaranteed. Dr. Stahl recommends verifying the security of Web sites. “That’s one of the places the bad guys are looking.”

Small Business Security Checklist

His checklist advice for micro businesses:

  1. Know what information you have that needs to be protected.
  2. Understand the risks that your information is under.
  3. Structure your networking to provide what’s called defense-in-depth. That’s a tiered architecture with network segmentation.
  4. Watch the network.
  5. Train your people.
  6. Perform personnel background and physical security checks.
  7. Manage the security of your third party vendors.

For success in reaching objectives in information-security control in financial institutions, other large companies and public agencies, Dr. Stahl believes a security program is necessary for seven critical success factors:

  1. Executive management responsibility: Senior management has responsibility for the firm’s information security program, and this program is managed in accordance with the enterprise’s information security policies.
  2. Information security policies: The enterprise has documented its management approach to security in a way that complies with its responsibilities and duties to protect information.
  3. User awareness training and education: Information users receive regular training and education in the enterprise’s information security policies and their personal responsibilities for protecting information.
  4. Computer and network security: IT staff and IT vendors are securely managing the technology infrastructure in a defined and documented manner that adheres to effective industry information security practices.
  5. Physical and personnel security: The enterprise has appropriate physical access controls, guards, and surveillance systems to protect the work environment, server rooms, phone closets, and other areas containing sensitive information assets. Background investigations and other personnel management controls are in place.
  6. Third-party information security assurance: The enterprise shares sensitive information with third parties only when it is assured that the third-party appropriately protects that information.
  7. Periodic independent assessment: The enterprise has an independent assessment or review of its information security program, covering both technology and management, at least annually.

His list of credentials is voluminous, and he has a client portfolio ranging from small to large clients in the public and private sectors. He’s also president of the Los Angeles chapter of the Information Systems Security Association (ISSA). Nationwide, ISSA has 15,000 members.

His firm’s Web site and security blog: www.citadel-information.com. You can keep yourself updated by subscribing to Dr. Stahl’s Weekend Patch and Vulnerability Report.

For consumers, he recommends reconciling credit card and bank statements every month. For online security, he also likes the following software: SpySweeper, ZoneAlarm and Sandboxie for special protection for provocative sites like gambling. “Some are becoming more proactive, but they’re just now beginning to emerge and I haven’t had a chance to test them,” he said.

To check your credit report for fraud, here are the bureau telephone numbers:

Equifax – (888) 766-008

Experian – (888) 397-3742

TransUnion – (800) 680-7289

From the Coach’s Corner, here are more of Dr. Stahl’s insights:

Don’t Wait for Cyber Security Legislation that Affects Your Business — Not likely to pass, a data-breach bill has been re-introduced in the U.S. Senate that would regulate how businesses behave – informing customers when their personal information has been stolen. Passage or not, businesses should act on their own. It’s the right thing to do.

5 Safety Measures to Thwart Mounting Social-Network Attacks — Sally, the accounting manager of a medium-sized business, regularly checked her Facebook account while at work. One day she received an e-mail. The e-mail said that a long-lost friend, Bob, had added her as a friend in Facebook. “How great.” thought Sally. “An email from Bob. Let me just follow this link and we can be friends again.” You’ll never guess what happened afterward.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later. Originally, Citibank said 200,000 accounts were affected.

“You can’t hold firewalls and intrusion detection systems accountable. You can only hold people accountable.”

– Daryl White

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo courtesy of Stuart Miles at www.freedigitalphotos.net

Seattle business consultant Terry Corbell provides high-performance management services and strategies.