Info Advantage Blog

As more people gain access to their own smart devices, the environment is changing around the globe. The vast adaptation of the mobile device has allowed individuals to stay connected at any time, and the world is shifting to accommodate the newest wave of technology. For companies, this means the ability to do business anywhere at any time, especially when paired with cloud capabilities. Bring your own device (BYOD) allows businesses to stay connected to their work without having to physically be in the office, making it a popular option for modern businesses. However, with a BYOD policy comes some risk. Here are all the things you should be aware of when considering a BYOD policy.

Data Leaks

One of the major issues that many companies have with BYOD policies is the real possibility of data leaks. With a secured, physical workstation, it’s easy to closely monitor all activity going in and out of your network. However, most handheld devices don’t have anything near the amount of security found at a typical workplace. This means that the device won’t be connected to the company firewall and security programs the second they leave the office. This can leave your data vulnerable if they plan to do work in a public place.

Lost Devices

One of the issues that comes with the convenience of mobile devices is the ability to lose them, a problem that had previously not been an issue with the physical workstations. When a device is lost, there is a chance that it could end up into the hands of someone who will use the data to gain something, such as money through extortion or valuable information. You’ll want to make sure that any device that carries sensitive information can be remotely wiped, and that they all have some fort of PIN or password for protection.

Malicious Software and Hackers

Since mobile devices don’t have as much security as your typical workstation, many lack the proper data encryption to keep all the information secure. This can often result in issues with hackers, who may lurk at public Wi-Fi spots to root out sensitive information. This also leaves the open to viruses, which are a major issue with BYOD policies. If an employee wants to bring their own device, you’ll want to make sure they understand the risk not only for your company, but for their personal lives as well.

Want to implement BYOD but you aren’t sure what security measure you will need to keep your company data away from prying eyes? Contact our Info Advantage today at (585) 254-8710 to learn more about how you can get technology to work for you.

More organizations are revamping their traditional IT infrastructure to favor new technology that allows for greater mobility. Not to be outdone, even major government departments are making this move, like the U.S. Department of Education.

This move toward mobility is designed to replace the department's current IT infrastructure, known as EDUCATE (Education Department Utility for Communications, Applications, and Technology Environment). EDUCATE was implemented in 2007 by Perot Systems after they won the bid for $400 million. At the time, this was a bold move because it effectively transferred oversight of the infrastructure from the government to a contractor.

Today, the U.S. Department of Education has a new set of priorities that they would like to see out of their infrastructure. According to Jason Gray, Chief Information Officer for the Education Department, the technology landscape has changed so much since 2007 that a revamp is in order. Gray says that these new infrastructure objectives should encourage innovation, optimize the cost to benefit ratio, and show flexibility to make integrating changes in requirements simple.

These objectives are spelled out in a new infrastructure plan named PIVOT (the Portfolio of Integrated Value-Oriented Technology). Unlike the previous model, PIVOT looks to have each aspect of the infrastructure (like oversight, hosting data, printing, network services, technical management and integration, and mobile services) written up with its own contract.

The primary goal of the Department’s new infrastructure is increased mobility. They look to achieve this by moving away from a permanently established office space, and instead, take advantage of teleworking and hoteling (where workers use mobile devices to move about an office instead of being limited to their desk). This kind of move is in line with a federal government initiative to reduce its real estate footprint. In keeping with this goal, PIVOT has the potential to free up 6,200 workers from the traditional office environment.

There are lots of benefits to be had by the U.S. Department of Education from a move like this. What about your own IT infrastructure? Has it been updated in recent years to take advantage of the advancements of mobile computing? Or, are you still doing business like it's 2005 with a workforce tied to their desks and limited to bulky workstations?

To revamp your own IT infrastructure, give Info Advantage a call at (585) 254-8710 and find out what we can do for you.

Though it’s still a somewhat new concept, payment via mobile device is gaining in popularity. The latest smartphones make it easier than ever to pay bills or send money whenever needed. Yet, this also presents an interesting conundrum. What’s the best way to make mobile payments, and how can they be processed with minimal chance of being compromised?

Augmented reality is a growing trend in the technology industry, and perhaps one of the best known uses of it today can be found in the extremely popular mobile device app, Pokemon Go. However, hackers have seized the opportunity to infect players who want to “catch ‘em all” with a backdoor called DroidJack - something that certainly won’t help gamers “be the very best.”

The Pokemon series has long been known as one of Nintendo’s most popular gaming franchises, and with the release of Pokemon Go, the series has finally made its way to everyday mobile device users. It’s currently ranked as the #1 most downloaded free app on the Apple Store, as well as the Google Play store. The game was such a hit that Nintendo’s stock increased exponentially overnight, and the app has over 26 million users worldwide - more than Tinder, Twitter, Google Maps, and other mobile apps.

However, like many extremely popular things, hackers have taken this and exploited it to do their bidding. Prior to the app’s release worldwide, many impatient fans downloaded the APK (Android application package) from third-party websites and “side-loaded” it onto their devices. This can only be done by going into Android’s settings and allowing app installation from unknown sources. Normally, this is a red flag for any security-minded mobile device user, as some malware is known to infect devices and download apps without the permission of the user; yet, some Pokemon fans just couldn’t wait, and downloaded the APK without thinking of the consequences; like downloading a backdoor.

Considering how many countries outside the United States, Australia, and New Zealand, are still waiting for access to Pokemon Go, many have chosen to just use the APK to get the app on their device, rather than wait for the official release. One particular source of the APK provides a modified version of Pokemon Go that, upon installation, installs a backdoor onto the device, which allows for remote access to the device and provides full control over the victim’s phone. The infected version of Pokemon Go is so well-done and inconspicuous that the user likely won’t know that their device has been infected. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

When downloading any app, it’s crucial that you drive this best practice into the heads of your employees: be sure to pay attention to the permissions required by the apps that you download. For example, there’s no real reason why Pokemon Go would need to make phone calls, edit and send text messages, modify your contacts, and record audio. All of this is just asking for disaster. While exploitation of the APK hasn’t been observed in the wild, it represents a dangerous development in mobile applications, one which shows hackers taking advantage of wildly popular smartphone apps, and turning them into catalysts to spread their malware and influence.

There are two lessons to be learned. Don’t download apps from unknown sources, even if they’re just games, and make sure that your employees know what your policy on mobile apps is on your in-house network. Also, be sure to examine a new app’s permissions, and only download them from the Apple store or Google Play store. Among your millennial workforce, there may be many users of Pokemon Go, so it’s your responsibility to reach out to them, and educate them on these best practices.

After all, “Gotta catch ‘em all,” doesn’t refer to malware infections.