Make Sure Your Mobile Device Management Platform Has These Features

Businessman hand using laptop and mobile phone on wooden desk

Your mobile device management strategy is going to bleed into every other part of your business, especially in the realms of security and productivity. It is of critical importance that you ensure that your mobile device management platform is working toward your company’s operational goals, but it can be challenging at times to look at this type of technology with its many complications. Let’s dive into what makes for a solid MDM platform.

Now, we know that there are a ton of great features with mobile device management platforms, but there are some that you absolutely should never leave home without, so to speak. Here are just a few of them.

The Ability to Lock and Remotely Wipe Data

While you certainly hope that you never need to wipe your data, this feature is still necessary. If employees lose devices or if someone else steals them, you need to have a plan in place to respond to them. This includes wiping the data from these devices. This ensures that your data privacy remains intact.

Whitelisting and Blacklisting Apps

If your business has employees using mobile devices for company purposes, you should make sure that they are not downloading whatever applications they want. With a company policy in place that governs the use of applications on your mobile devices, you can control the flow of data to external applications and help to minimize data leakage. Plus, if an employee has a list of acceptable applications, they will be less likely to look for their own solutions to specific problems.

Device Tracking and Inventory

Your mobile device management platform should give you the ability to track devices and to know who is using which devices and for what purpose. With the right solution, you can collect information on how the devices are used. It can also provide you with paths to connect with employees should you discover anything about the device that presents a security problem. At the end of the day, you’re not out to breathe down your employees’ necks about how they use their devices; you just want to make sure that the device is being used for the right purposes.

Enforcement of Security Features

Mobile devices, due to their nature, should be protected in as many ways as possible, but don’t stop short at the password. You should also implement features like multi-factor authentication, including biometrics, and powerful encryption tools that can keep data located on such devices locked up tight and safe from prying eyes.

If your business wants to fully leverage the potential of its mobile device management platform, AE Technology Group can help. To learn more, reach out to us at (516) 536-5006.

Blockchain Technology Solutions For Your Business

Blockchain technology concept. Chain in form of pc circuit board with cpu on blue futuristic background.

Blockchain technology might be best known for its use with cryptocurrencies such as Bitcoin and Dogecoin, but that’s just one type of blockchain. There are other varieties that could prove useful in certain sectors. Let’s take a look at what they are, how they might be used, and what some of their benefits and shortcomings are.

The largest benefit of the blockchain, which is essentially a decentralized ledger of transactions, can be seen in Bitcoin, but the shortcomings are also notable. Blockchains consume a considerable amount of energy to operate, making them difficult at best for businesses to take advantage of. Bitcoin operates using what is called the public blockchain; as such, it cannot store sensitive information or proprietary data without putting it all at considerable risk. Here are the four varieties of blockchains that organizations can utilize.

Public Blockchain

The public blockchain is the most open form of blockchain, and anyone can participate in transactions and maintain their own copy of the ledger. The only prerequisite is a connection to the Internet. The public blockchain was the first type created, and it is the most common one used by cryptocurrencies, but it has other applications that could be considered in the future, such as voting and fundraising. All of these uses are only possible due to the openness of the system.

While the openness is a great benefit to the public blockchain, there are other challenges that can get in the way of its use–namely the fact that these transactions happen at a slow rate, which also limits the scope of the network in question.

Private Blockchain

Rather than being accessible to all, a private blockchain is a closed network that is maintained by a single central entity. Unlike the issues with the public blockchain, the private blockchain has greater security and trust within its own operations. Besides this difference in centralization, the private and public blockchains are similar in functionality.

The efficiency of this centralized system makes the entire blockchain operate more smoothly, but at the same time, security is hindered somewhat. Some of the key uses for a private blockchain include supply chain management, internal voting, and asset ownership–all uses that really want that security. It is critical that any organization seeking to implement a private blockchain consider this weakness.

Hybrid Blockchain

When you combine the public and private blockchains, you get a solution that can leverage the advantages of both. A hybrid blockchain allows users to connect to the public network without sacrificing privacy. Organizations can use customizable rules to keep data secure.

There are some downsides to this solution, though. A hybrid blockchain lacks the transparency of other blockchains, and as such, there is no prerogative for organizations to go through the adoption process. Despite this, there are some notable uses for a hybrid blockchain. For example, industries like real estate and retail might find it palatable.

Federated Blockchain

Similar to the hybrid blockchain, a federated blockchain combines benefits offered by the public and private blockchains, keeping some records open while securing others. This is beneficial because multiple organizations might get value out of the network, and thus, keeping it decentralized works in their favor. The federated blockchain is both customizable and efficient, but even with the use of access controls, this blockchain is more vulnerable, less transparent, and less anonymous than the others. Ideas for how to utilize the federated blockchain include banking, research, and food tracking.

Have you considered the use of blockchain technology for your organization? The latest blockchain technology solutions can be a great boon for your business if implemented properly. Contact AE Technology Group for an IT consultation; let our technicians help you determine the best path forward. To learn more, reach out to us at (516) 536-5006.

It’s Time to Revisit Your Password Best Practices

Closeup of Password Box in Internet Browser

When a hacker tries to access one of your accounts, the first challenge they must overcome is the password. This is why industry professionals always encourage you to create them with security in mind. The latest guidelines issued by the National Institute of Standards and Technology, or NIST, are not quite conventional or traditional, but they do give valuable insights into how password best practices.

What is the NIST?

The NIST is the authority on all things password-creation, and they are no strangers to issuing various best practices. While these practices do shift over time, due to the unfortunate side-effect of threats adapting to security standards, their advice is trusted and should absolutely be considered by all. Please see below for the recent update on password best practices.

The New Guidelines

Many organizations and Federal agencies have adopted these guidelines. Here are the latest steps to take when building a secure password.

Length Over Complexity

Most security professionals have advocated for password complexity over the past several years, but the guidelines issued by NIST disagree. NIST suggests that the longer the password, the harder it is to decrypt, and they even go so far as to say that complex passwords with numbers, symbols, and upper and lower-case letters make passwords even less secure.

The reasoning for this is that the user might make passwords too complicated, leading them to forget them entirely, so when it comes time to replace the password, they will add a “1” or an exclamation point at the end. This makes them easier to predict should the original password be stolen. Users might also be tempted to use the same password for multiple accounts, which is a whole other issue that certainly does not aid in security.

No More Password Resets

Many organizations require their staff to periodically change their passwords, mostly every month or every few months. The idea here is to preemptively change passwords on the off chance that the old passwords have been compromised. Trying to use the same old password multiple times would then lock the hacker out of the account, as the password has since been changed. While this has been an accepted best practice for some time, NIST recommends that this practice be put to the wayside, as it is actually counterproductive to account security.

The reasoning behind this determination is that people will not be as careful with the password creation process if they are always making new ones. Plus, when people do change their passwords, they will use the same pattern to remember them. This means that passwords could potentially be compromised even if they have been changed, as a hacker could recognize the pattern and use it against the user.

Make Passwords Easy to Use

Some network administrators worry that the removal of certain quality-of-life features such as showing a password while the user types it or allowing for copy/paste will make the password more likely to be compromised. The truth is the opposite; ease of use does not compromise security, as people are more likely to stick to established password protocol if you make it easier for them to do so.

Don’t Give Out Password Hints

At the same time, you don’t want to make things too easy for your employees, either. One way that administrators help out employees who easily forget passwords is by providing password hints. The system itself is flawed, especially in today’s society of oversharing information across social media and the Internet in general. If Sally makes her password-based around the name of her dog, for example, the hacker might be able to find that information on her social media page, then can try variations of that name until the code is cracked. So, in the interest of network security, it’s better to just forego these hints. There are other ways to make your password system easier to deal with that don’t compromise security.

Limit Password Attempts

When you place a limit on password attempts for your business, what you are essentially doing is giving hackers a limited number of chances to get lucky. NIST suggests that most employees will fall into one of two categories in regard to password remembrance; either they will remember it, or they will keep it stored somewhere (hopefully in a password management system). Thus, if an employee is likely to do one or the other, a limit on password attempts will not necessarily impact them but will make all the difference against security threats.

Implement Multi-Factor Authentication

COMPANYNAME recommends that your business implement multi-factor authentication or two-factor authentication whenever possible. NIST recommends that users be able to demonstrate at least two of the following methods of authentication before they can access an account. They are the following:

  1. “Something you know” (like a password)
  2. “Something you have” (like a mobile device)
  3. “Something you are” (like a face or a fingerprint)

If two of the above are met, then there is sufficient evidence to suggest that the user is supposed to be accessing that account. Consider how much more difficult this makes things for a hacker. Even if they have a password, it is unlikely that they also have physical access to a mobile device, a face, or a fingerprint.

Make password security a priority for your organization now so that you don’t have to worry about data breaches later on down the road. AE Technology Group can help you set up a password manager that makes adhering to these best practices easier. To learn more, reach out to us at (516) 536-5006.

BlackRock Trojan: Aggressive Viral Menace For Android Device Users

blackrock trojan aggressive viral menace for android device users

A new attack on android applications known as the BlackRock trojan has already targeted over 300 applications on the android operating system, including banking, social media, and dating applications. Any application with payment features, which is most nowadays, has been targeted and users credit card information has been compromised. How does this all work though, and what implications will it have for the future of the android operating system?

The Mechanics of BlackRock

The essential approach that BlackRock takes to get access to your information is it sends out a false Google Update and requests accessibility privileges. After it is granted these privileges it develops its own autonomy and no longer needs further interaction from the user to operate, it does this through granting itself further permissions afterwards. 

Some abilities BlackRock has, are traditional of trojan attacks, and some are quite problematic. It can collect device information, it can perform overlay attacks, but even more concerning, it can prevent antivirus software and even prevent uninstalling, leading to a longer lifespan than most hacks and more damage being done to your device and more of your information being compromised.

The Network and History of BlackRock Malware

Information from the site ThreatFabric has concluded that BlackRock is based on banking malware known as Xerxes, which itself is a version of Lokibot malware, discovered in 2019. Lokibot is part of an underground network of rented malware which circulated in 2016 and 2017. What really caused it to be a ubiquitous problem is when the source code got leaked. 

Android tried to get out in front of the older malware by pushing their newer devices which, with their new hardware, had a natural adaptation curve for implementing the attacks on the new systems. This, unfortunately, didn’t last long. In 2018, MysteryBot dropped, which was an update on the Xerxes system to work with new Android systems. 

The ancestral history of BlackRock is inundated with Lokibot variants. Parasite was a brief problem, although after disappearing from the malware space, Xeres was the direct parent of BlackRock, with the former appearing in 2019 and now, here in 2020, we have BlackRock.

Top Apps That Have Been Threatened

Numerous applications have suffered the injection and compromise of BlackRock, but the most notable are:

  • Gmail
  • Google Play
  • Netflix
  • Wells Fargo
  • Twitter
  • Instagram
  • Facebook

Many others have been targeted as well, leading to an entire suite of applications being at risk. Millions of users could have been affected and had their financial and contact information now in the hands of hackers, which could be numerous themselves seeing as the above mentioned malware network is vast and diverse.

Implications for Android

Android, being a more open operating system, runs the risk of more of these said attacks if they don’t take a new approach to how they monitor their application base. Two futures exist for android after this latest breach.

One, they stay with the same approach they have now and hope that they can rely on a numbers game, praying that the majority of their apps stay solid with their own individual protection protocols, and hoping the majority of their users stay safe.

The other is they radically change how they monitor their operating system, implementing much more rigorous analysis of their potential apps and making the approval process contain much more scrutiny in their security requirements. 

Either way the future for android will remain risky if they simply ignore the growing underground network of malware. They desperately need to engage in research of this growing corner of the hacking world if they have any hope of maintaining a safe and secure user base.

Get more news, tips and tricks at our blog here.

Working Together, Apart: The Office Guide to Social Distancing

social distancing

As many companies move into the next stage of a phased reopening plan, it’s an exciting time to get the team back together and return to business as usual. In the wake of COVID-19 and the new normal, use our office guide to social distancing to adapt, excel, and succeed together.

AE Technology Group is here to support our business clients in a successful reopening with these key tips on creating social distancing in any office space.

Lean, Mean, and Sparkling Clean

Although our offices may be running at half capacity until we slowly transition into a full workplace, there’s never been a greater need for cleanliness. Think beyond the recycling bin and develop a rotating schedule for disinfecting common areas. Frequently disinfect surfaces such as conference room tables, kitchen spaces, and front desks.

Remember that COVID-19 can survive for 24 hours to three days on hard surfaces! Daily cleaning proactively eliminates viral germs before they have time to spread. Divide tasks between in house staff members, bearing in mind flexible schedules as teams continue to increase hours. 

Consider temporarily removing shared coffee stations, microwaves, and community cupboards. As an alternative, treat your staff to a weekly local business luncheon and offer a coffee perk card instead of the traditional water cooler. Not only is this a great way to show your team how valuable they are, but it’s a responsible strategy for minimizing the spread of COVID-19.

Last but not least, please emphasize that everyone — yes, everyone — must wash their hands. 

Personal Space and the No Contact Bubble

Social distancing in the workplace is a simple matter of making the most of any space available. This may entail rearranging desks and cubicles to allow for the appropriate distancing of 6-feet apart. Considering establishing a sign-up sheet for conference rooms and limiting capacity to under ten individuals. Providing masks is a great idea to protect vulnerable workers, as well as utilizing plexiglass and other barriers to avoid direct peer-to-peer or client contact.

Small businesses may need to think outside the cubicle box and “create space” by employing back-to-back or side-to-side stations rather than front-facing ones whenever possible. Another tactic for reducing the number of people each person has contact with is to divide your staff into teams or partners so that each individual only works with 3-5 other individuals.

Provide hand sanitizer at all workstations and minimize shared devices such as phones by encouraging the use of headsets instead. Consider staggering shifts to avoid a crowd during the opening and closing hours. With a little teamwork, your company can enjoy a seamless reopening while doing your part to protect our staff and our clients.

Viruses: Not Just for People

Once you’ve implemented a germ proof social distancing plan, it’s time to take a look at technology considerations while returning to a new normal. Many staff members will likely still be working remotely for some portion of their workweek. Support your team by ensuring your network is encrypted with a strong firewall and confidential client information is well protected. Discourage the use of personal devices such as laptops, tablets, and phones for work purposes as these are often easily compromised and prone to viruses of the digital kind. Instead, assign laptops to each key member along with a list of available IT resources for training, troubleshooting, and more.

Stay connected with seamless all-in-one communication and project management software. Microsoft Teams is the number one choice for collaboration from conference calls to client meetings. Securely access and share files through SharePoint and OneDrive for added efficiency from home or anywhere in the office.

Technology Etiquette

Lastly, remember to be polite and mindful of your co-workers. With many employees working remotely for some time now, a lot of these behaviors may have slipped.

Need a little extra help migrating to a socially distant workspace?

Our experts are here to help with practical strategies for meeting your business’ technology needs and keeping everyone healthy, happy, and ready to crush that 9 to 5 grind.