Home offices are now part of everyday life in numerous companies. They will probably remain so since many employees and employers would like to continue working from home in one form or another even after Corona. High time to take care of security after the first lockdown was often only about making work from home possible in the first place.

Computers in the home office are more at risk than in the well-protected company network – cybercriminals quickly recognized this and intensified their attack efforts in the first days of the pandemic. However, companies are not powerless in the face of this but can implement a few basic measures to better secure systems outside of their own IT infrastructure.

No Private Devices

Because many employees had to move to the home office at short notice in the early days of Corona and many companies lacked mobile devices, some employees worked at home on their private PCs – and some still do. However, companies cannot enforce security policies on these devices and must rely on the employee’s protective measures. Therefore, such “pragmatic” solutions are a risk and should be replaced as urgent.

Regular Patching

Today’s main gateway for cybercriminals is software vulnerabilities – almost all malware tries to exploit security holes in operating systems or applications to infect a system. Therefore, the quick installation of all available security updates and patches is the essential requirement for secure work in the home office and allows many attacks to come to nothing.

Up-To-Date Endpoint Protection

Modern endpoint protection, which combines various detection mechanisms to ward off advanced malware, belongs on all homework computers. Of course, companies must also update this security software regularly to offer the best possible protection.

Two-Factor Authentication

The classic login to systems, applications and online services with a username and password is no longer up to date because cybercriminals are now pretty good at guessing even long passwords – or they are used in malware and phishing attacks capture. More complex passwords hardly increase the level of protection and only tempt employees to use the same password for several accesses. Two-factor authentication is more secure, requiring another factor besides the password, such as a smart card, a security token or a PIN sent to a mobile phone. The password alone is then worthless to an attacker.

VPN Connection To The Company Network

Employees need access to data or applications in the company network for many tasks. They establish this via a VPN – an encrypted communication tunnel between the work device and the company infrastructure. In this way, companies prevent outsiders from tapping or manipulating data on the transmission path. In addition, they find it easier to adjust security policies and install updates than on systems that are not connected to the company network.

Control of USB Devices

To reduce the risk of malware infection and prevent company data from ending up on private storage, companies can at least block the USB ports of homework computers for external storage media such as USB sticks and hard drives.

Encrypted WLAN

Many employees use a wireless network at home. So that company data is protected, you should activate secure WLAN encryption with WPA2 or WPA3 – the older encryption standards WEP and WPA no longer offer sufficient protection. The WLAN encryption ensures that attackers cannot intercept the transmitted data, which is particularly important when employees are not using a VPN, or only certain connections are routed through the VPN tunnel.

Secure Router Password

The router itself must also be protected against unauthorized access so that cybercriminals cannot hijack it and read all data transmissions. Therefore, a secure password for access to the router configuration is mandatory, mainly because the simple default passwords of many router models are widely known. The more complex default passwords that some manufacturers assign to each device individually, while more secure, aren’t ideal either, as they’re usually printed on the device. Guests, artisans or other visitors could write them down in an unobserved moment.

Careful Selection of Cloud Services

Companies have often introduced new cloud services and online services for data exchange and communication with the home office. Here they should now evaluate whether they meet their security and data protection requirements, for example, whether they use secure encryption, where they store data or how they can be integrated into the company’s existing security infrastructure.

Clear Guidelines For Employees

With clear and binding guidelines for handling data, applications and devices in the home office, companies prevent employees from endangering IT security or violating data protection out of ignorance. You should also coordinate communication channels and contact persons to regulate processes, and employees do not fall for fraudulent attempts such as scam calls from supposed support employees. Special awareness training courses can also help further raise awareness of cyber threats.

The post Steps To A Secure Home Office appeared first on TechReviewsCorner.

Whether desktop PCs, laptops, mobile phones, tablets, network devices or storage systems: advanced information and communication devices are omnipresent and the basis of our private and business everyday life. Therefore, it is not surprising that new, even more, robust hardware solutions are finding their way onto the market in ever shorter innovation phases – and companies, in particular, are more likely to guarantee flexibility, agility, efficiency, and convenience in everyday business.

In some companies, exclusive business equipment is sent to the disposal company after only three to five years. However, it would still be possible to put it into operation without any problems.

From an economic and ecological point of view, this approach is anything but sustainable. Since the production, use, distribution and waste disposal of those business devices is always associated with a great depletion of natural resources and significant environmental impact.

Against this background, it is worthwhile for companies to extend the period of IT and communication devices as much as possible.

A practical approach in this context is the so-called “IT refurbishing”.

From Old To New!

“IT was refurbishing” is the quality-assured and professional recycling of used business equipment by trained salespeople and companies. The primary purpose is to resell those refurbished IT and communication devices and bring them to the second cycle of use.

All IT and communication devices that go through a “refurbished process” are labeled “Refurbished IT”.

These business devices come from expired leasing contracts or rental models in most everyday situations. Especially since they are usually equipped with high-quality IT components and designed for durability and reliability, “IT refurbishing” would be particularly appropriate for them.

High Standards In The Refurbishing Process!

With the aim that used business devices can be marketed as “refurbished IT”, they have to go through the multi-stage and aligned preparation and quality assurance process.

This Includes, For Example, The Following Steps:

Professional Data Erasure

One of the premises of “IT refurbishing” is to remove all business data from your used equipment and reset it to its factory settings. This step is very relevant because, on the one hand, all business data is business-critical and therefore particularly worthy of protection. On the other hand, information protection must also be observed urgently during “IT refurbishing”.

Visual Inspection and Classification:

In this step, IT experts look for signs of use or damage. If the models are externally flawless, they are classified as “1. Choice”. In the case of minor external signs of use, they are appropriately classified as “2. Choice”. Those with more vital signs of wear are only used as spare parts donors because they no longer meet the quality criteria.

Technical Check And Preparation:

Another critical step in the “refurbishing process” is technical analysis and preparation. The respective device is thoroughly tested for everything imaginable during the step, and all defects are eliminated. In addition, individual hardware components can be exchanged for new and more powerful versions – this is the case with hard drives or SSDs, for example.

Cleaning And Optical Preparation:

In this process step, the business devices are cleaned both externally and internally to look new at the end.

Installation And Final Inspection:

To ensure that the “refurbished IT” is technically up to date, the current operating system and all suitable drivers are downloaded and set up at some dealers. Equipped with additional software, the overhauled device is inferior to new gadgets in performance or functionality, despite the second product life cycle.

Refurbished IT: Benefits At a Glance!

The advantages of refurbished IT speak for themselves:

From The Point of View of The Companies:

With “IT refurbishing”, companies can, for example.

• extend the service life of IT and communication devices
• improve sustainability in the company
• make an essential contribution to resource protection, recycling management and climate protection
• reduce the amount of electronic waste

From The Point of View of The End Consumer:

With “Refurbished IT”, consumers get, among other things,

• an effective and high-performance IT and communication device at a considerably lower price
• depending on the refurbished provider, a guarantee of up to 10 years
• the opportunity to use the resources already used to make better use of the outdated model and thus contribute to climate and resource protection
• to reduce the amount of electronic waste

The post IT Refurbishing – Used Is Not Always Used! appeared first on TechReviewsCorner.

There is a curious coincidence. IT security purse is huge. There are very advanced tools, development methodologies, and knowledge in computer security issues. The tools are in themselves very safe. The big problem is the human factor.

We mention it on many occasions: a worker who does not have sufficient training, and who, above all, does not have the proper motivation, can become the main threat to an organization, whatever its size. It can be a small family business or a large multinational company. A leak is enough to trigger a catastrophe.

How do you fight this threat? The reality is that most of today’s best-known cyberattacks are based on tricking the user. This gives us an idea of ​​how advanced security technology is, but it also gives us an idea of ​​where we should put the focus for improvement: on the user.

We do not mean by this that the fault lies with the user, but rather that for a long time the security of the different IT systems has been so trusted that the responsibility has been transferred to the user.

The great challenge for companies is to understand that it is not the responsibility of the user to lead security in the interfaces they use. It is the responsibility of companies and the IT department to make all the organization’s security requirements, processes, policies, and methodologies understandable to the user.

Therefore, security must always be considered from the initial concept of any tool, application, process, or methodology, and it must be done with the user in the center of all eyes. It is the user who works with the interface that we provide, and it is the user who, if they have enough information (and training), will be the main firewall of our company.

To learn more about all these interesting topics, we recommend you watch the video below. In it, an IT security expert, will explain to us how the concept of IT security in the company should be an adapted, oriented, and procedural master plan. Never a standard plan. A highly recommended video to understand the scope of security in companies.

Also Read: The IT security Trends For 2021

The post IT Security – Safety From The Concept appeared first on TechReviewsCorner.

Crisis reveals security gaps

It is no longer a secret that the Covid-19 pandemic has significantly accelerated the digital transformation in the majority of companies. In many companies, however, the topic of IT security was often neglected in favor of moving quickly to the home office. Rather, they focused on keeping their operations going, which circumvented or simply ignored security controls during the transition to new models. Like a front door left open, this makes it particularly easy for cybercriminals to access the networks. In view of the prevailing problems, controls are still not a high priority and, in the worst case, will only be tackled when a security incident occurs. This attitude has to change in the coming year

Also Read ANDROID SECURITY: WITH THESE SECURITY SETTINGS PROTECT YOUR SMARTPHONE

Shift-left approach for a higher level of security right from the start

DevOps has almost completely replaced the ITIL (Information Technology Infrastructure Library) disciplines of the Change Advisory Board (CAB), which were responsible for the risk analysis of new codes before they were incorporated into the production process. In the coming year, companies must promote the identity governance of DevOps teams and integrate a risk assessment into the CI / CD pipeline

IoT security is becoming more and more important

Although the manufacturing industry, in particular, is increasingly relying on IoT environments, the security aspect often falls by the wayside in such a highly networked environment. IoT original equipment manufacturers and security providers will have to increasingly address this existing gap in the near future. Even if providers of modern IoT security solutions work closely with original equipment manufacturers to consider the security aspect throughout the entire IoT development and production process, legacy IoT remains vulnerable to weaknesses. Under these circumstances, the services of managed IoT security providers – including the protection of legacy devices until they are replaced – are becoming more and more popular. “

Mainframe security is more important than ever

“There are still companies today who rely on mainframes to run transactions and business-critical applications. But in view of the increasing number of cybercriminal or security-related incidents and the constantly changing legal requirements, the security of the old mainframe computers is at stake. Most organizations have adequate security measures in place for other systems, but they find it difficult to apply them to their mainframe environment. The expansion of security to the mainframe infrastructure – including access control via multifactor authentication, data protection, and endpoint protection – will be high on their agenda for many companies in the coming year. “

Also Read: Cybersecurity Errors Of SMEs In 2021

The post The IT security Trends For 2021 appeared first on TechReviewsCorner.