Adults who grew up in the northern areas of the United States and experienced harsh winters may fondly remember the unfettered joy of “snow days,” those unscheduled days off from school due to inclement weather conditions. However, snow days may soon go the way of mimeograph paper and typewriting classes. In fact, some school administrators have instituted the concept of remote work. This means students learn remotely from home when dangerous weather conditions close schools.
These progressive school districts equip students with the necessary devices, like iPads and laptops, to access the day’s lesson plans online from home. Public funding allows these “loaner” devices to be given to the students who need them over the course of the school year. It eliminates the need for sharing electronic devices in school-based computer labs.
Future Workplace Trends
One possible outgrowth of this trend is that a generation of students will be accustomed to flexibility, unsupervised productivity, and self-sufficiency in the workplace. It has the potential to permanently alter the employment culture for businesses in the years to come.
Web-based applications allow employees to access and enter data from virtually anywhere in the world. While brick-and-mortar offices will never be completely eliminated, requiring workers to remain physically present in their workplaces every day can be curtailed. Supervisors will still be able to monitor employee productivity from their remote work locations, enabling them to target any “cyberloafers” and respond appropriately.
Flexible Employment Benefits
The business community has been flirting with the concept of remote work for decades, with flex-time schedules offered as part of some benefit packages. But the concept has never fully taken flight. Below are benefits for companies that implement flexible employment options for their workers.
- Recruitment value. Remote work on either a full-time, part-time, or as-needed basis can be a part of an appealing benefit package offered to talented prospective employees. Under the right circumstances, it can be the deciding factor for a job candidate weighing several employment offers from competitors.
- Decreasing operational costs. Heating and cooling an office building is a considerable expense. Some calculations indicate that American companies could see profit increases up to $665 billion annually, or anywhere from $10,400 – $13,200 per worker each year by implementing telecommuting for only half of the time.
- Increasing employee morale. Smart business owners realize that content employees who have flexible work options are more likely to remain with their companies, reducing worker turnover and training costs.
Remote Work Options
Companies can pave the way for this employment sea change now. Some options include:
- Putting it on the cloud. Embracing cloud-based unified communications (UC) in the workplace enables remote work and telecommuting for employees.
- Formulating a disaster plan. Some disruptions to workflows can be anticipated, but others are unexpected and can wreak havoc on businesses. Businesses with proactive and well-understood plans for remote work is key to keeping operations up and running smoothly.
- Having the right technologies in place. Remote networking tools, like virtual private networks (VPNs), assure accessibility and security.
Change for companies with a 9-to-5 culture isn’t going to happen overnight. However, considering the future workforce is growing up with remote learning in place at school, a transformation is on the horizon. The movers and shakers of tomorrow are sure to influence the employment landscape that was established centuries ago.
In just a few short years, industry experts predict that the Internet of Things (IoT) will have a tremendous growth explosion. By the year 2020, research suggests 30 billion devices will be connected in a $3 trillion marketplace. Assuring that this avalanche of data is protected by layers of security is paramount to the industry’s success.
Soon there will be homes where the front doors unlock with a smartphone, its temperature is controlled remotely, and even the oven is turned on by punching a code. “Smart homes” are already on the technological horizon, but the security features must keep pace for viability.
Consumers own many devices that are not just unencrypted, but with marginal to non-existent security features enabled. Some end users leave the factory-set passwords in place, making illegally accessing a device’s data mere child’s play for the average hacker.
Making IoT Devices Secure
Certain qualities are required in order to make the security on IoT devices effective. The security must:
- Possess cloud capabilities
- Be platform agnostic
- Have the ability to facilitate IoT technological ecosystems
- Be lightweight
The ability to manage security via a cloud platform is a vital component to any implemented system. Cloud management enables manufacturers to patch changes to security configurations once a weak spot is detected – even after consumers purchase the device. The hardware itself can be tethered to private key exchanges to simplify authentication, provisioning, and configuration.
The benefits of utilizing agnostic security platforms are clear. Processing capabilities in IoT devices can enable them to be managed and controlled via the cloud. Transmitting large-scale changes in provisioning, authenticating, and configuring can also be handled at cloud level from a centralized location.
Compact IoT devices with security features embedded at the chip is a practical solution for securing data at the core of the device while still utilizing available space. IoT devices can have private keys already embedded to enhance security. This additional layer of security allows compromised components to be identified as “untrusted” and isolated from the other devices on the network. Default passwords would no longer be necessary once key exchanges are implemented within the hardware to authenticate each device. This also allows them to remain lightweight.
Issues to Overcome with IoT Devices
However, the lightweight, compact size of IoT devices limits the space available for security. Another drawback is the multiple levels of vulnerability when connecting devices or at the data host site of the chip. In addition, the limitations of the processing capabilities on devices manufactured by different companies creates security challenges. At present, consumers must use devices made by the same company in order to link them. Cloud-based connections reduce the necessity of standardizing the processing capabilities of IoT devices.
Most IoT devices aren’t currently enabled for cloud management, which is a potential security pitfall. When devices are all tethered to the cloud, it is a simple fix to patch security vulnerabilities – even when they are in the hands of end users. Devices can communicate more readily with one another when cloud capabilities have been implemented.
The bottom line is that the success of the IoT industry is dependent upon the security that is provided by the technology. To ensure that data protection remains a primary focus in an expanding market, networks and devices must be safeguarded. Enabling cloud management capabilities and security features embedded at the chip level can achieve these results.
Data loss incidents, when an organization suffers the loss of valuable data, can cause considerable harm to the business. The loss may be as a result of a natural disaster, fire, or theft, and the impact can be irreparable. Yet statistics show that relatively few organizations adopt robust data protection policies. This is short-sighted because sensitive and important data is held in the cloud, and its loss, even if temporary, can hurt the organization.
Risk of Data Loss
The most likely reason for the loss of data is through a natural disaster, and interestingly, significant portions of the country are at risk in one way or other. Heavy flooding, hurricanes, and earthquakes have a wide geographical spread and one incident can affect a large area, so it’s important to consider not only the business location, but also the location of data servers. In addition to natural events, data may also be lost through fire and theft.
An easy way to understand the business risk is to ask one simple question: What if we lose our data?
According to a 2014 Global IT Study that surveyed 3,300 respondents, 64 percent of organizations experienced data loss in the last 12 months. The research highlighted that the cost to enterprises of lost data and downtime was $1.7 trillion.
Researchers found that although a high percentage of organizations had disaster recovery plans in place, relatively few had implemented effective data protection practices and less than half employed remote, cloud-based data protection.
Impact of Lost Data
There are two aspects of data loss that affect organizations. Firstly, there’s the loss of the data itself that may include essential operational information, critical customer data, and proprietary information, all of which affects the company’s ability to function. Secondly, there is downtime that inevitably arises from the incident as the organization works to recreate or recover the data. In the worst-case scenario, an organization might have to suspend operations for a period of time, resulting in lost revenue.
Apart from the short-term losses, businesses may incur ongoing difficulties that lead to the loss of customers, lower sales, and long-term reduction in revenue. In many instances this can mean closure or bankruptcy.
Based on the Global IT research, companies need to take the risk of data loss seriously and implement a workable disaster recovery (DR) plan.
Disaster Recovery Plan
Although a comprehensive DR plan needs to consider all aspects of disaster recovery, there can be no recovery if the data is not available. Consequently, at the core of the DR plan must be a process for ongoing data backup and remote storage. Should data be lost, this would mean that it can be recovered, operating systems restored, and business resumed with little delay.
Contingency planning must allow for the possibility of partial or complete loss of data. Additionally, apart from allowing for natural calamities, plans should factor in the risk of man-made catastrophes, such as fire, explosion, equipment failure, and data theft.
Every business faces the possibility of losing data in one way or another. It’s imperative to be ready for a disaster to strike, so that when it does, businesses are able to respond promptly and effectively to restore data and get back online.
Infrastructure-as-a-Service (IaaS) plans benefit a business by offering access to a cloud-based infrastructure that is tailored to their specific needs. However, many businesses are concerned with keeping their data safe with IaaS.
When subscribing to an IaaS plan, here’s how businesses can protect their sensitive data.
Awareness of What a Business Controls
Business users who subscribe to an IaaS plan should be aware of exactly what their plan entails. This includes the configuration of the infrastructure and how users will be able to access different data. By being aware of what they need to control, businesses will be knowledgeable and informed about the security of their plan.
It’s important to know who owns the data within the infrastructure. Understanding ownership details enables a business to navigate logistical situations and protect the organization against legal factors.
The Service Level Agreement
By understanding the Service Level Agreement (SLA), businesses help protect their data and intellectual property. An SLA is a fluid document and should be treated as such.
Complying With Regulations
In order to keep their IaaS secure, businesses need to be aware of industry regulations. Businesses should ensure that their IaaS provider is willing and able to work with them to fine-tune the management of processes and configuration capabilities.
Cloud hosting plans are completely virtual and not necessarily hosted within an organization, which means end user authentication can present a high security risk. Employees should keep login credentials private and be properly trained in authentication best practices. This doesn’t mean that end users should be inconvenienced or restricted; technology leaders should lead by example when establishing best practices, and businesses should find the balance between security and convenience for their users.
Monitor the Network
Even with the best security in the world, a business may run into issues with their IaaS if network monitoring is lacking. It is important to know and understand the network in order to catch unauthorized activity before it turns into a security breach. Monitoring the wireless infrastructure — especially as many users are now employing mobile devices to connect — will also prevent unauthorized users from accessing the cloud.
Employees aren’t always aware of how security holes can be created. Something as simple as accessing the infrastructure through a public Wi-Fi hotspot can create major security risks. Businesses can easily reduce these risks by training employees to understand how best to keep their connection secure.
Businesses must be aware of how their IaaS provider handles data backups, especially if using a new provider. Understanding the vendor’s redundancy procedures and being able to take action allows a business to protect their assets.
Data in Transit
Data moving between users, the data center, and the location of the IaaS systems can come under attack in different ways. In order to enhance security as much as possible, businesses must understand how this data moves.
Internal Unauthorized Activities
Users with authorization might still perform unauthorized activities. As well as ensuring that employees understand best practices, businesses should also ensure that the IaaS vendor has professional staff members and can control potential internal issues.
IaaS vendors assists with security strategies, but it never hurts for a business to have their own plans in place. By understanding their plan, monitoring their network, and ensuring that all staff members follow best practices, businesses have the ability to data safe.
Although there are better methods for securing communications, like printed newspapers, the password simply won’t concede defeat and pass into oblivion.
Despite the fact that we have become a society of connected users, the password is still the security method of choice as our last line of defense.
Resistance to other methods of personal identity security are fueled by our culture, one in which protecting our anonymity is paramount. We would rather be anonymous than secure, which is the driving reason we cling to a fixed character password – even if that password is as insecure as “password123.”
One method of identity protection available is called a digital cryptographic key. The digital key encrypts communications. However, due to our culture of anonymity, no one wants to use it. In fact, many people don’t employ encrypted e-mails, even in a corporate setting, because they fear an encrypted email will act as a beacon for hackers – a sign broadcasting, “This is an important communication, someone should try to infiltrate it.”
There have been countless opportunities in the past to implement transport protocols that would have encrypted all web traffic. Those methods, however, involved key-based encryptions – the encryption required certifications, which would establish identity. Developers, who understood that the majority of potential users would be too uncomfortable relinquishing online anonymity, did not pursue development.
Viable Options in a Mobile Environment
There are viable authentication systems available now, but these rely on identification. In the past, users could assert their identity through device ownership. However, increased mobility, multiple devices, and the evolution of workspaces into virtual constructs, has basically eliminated the practice of authentication through device ownership.
What it means
Although our culture makes it increasingly hard to discuss, securing communications through a system that identifies the user explicitly is a workable solution to security breaches. However, until our culture is ready to concede online anonymity, exploitations of data and information will continue as is – with security experts struggling to develop solutions as quickly as hackers create new threats.
As recently as a few years ago, entrepreneurs requiring computing solutions would have had little choice other than to make major IT investments. However, the advent of the cloud has changed the playing field, both for business owners and their customers.
Recent studies have quantified the impact cloud computing has had on global businesses; according to Gartner, a leading market research firm, cloud computing services generated over $150 billion in revenues in 2014.
The cloud offers a convenient and cost-effective alternative to traditional IT delivery methods, allowing entrepreneurs to access and customize software programs, data storage and backup services, and a wide range of other specialized functions and applications over the Internet.
Major benefits of the cloud include:
- Significant cost reductions – Cloud solutions reduce the need to purchase in-house hardware and software. The cloud also eliminates the need for physical storage and backup of files and documents.
- Scalability and flexibility – Cloud technologies can be upsized or downsized according to the changing needs of a business.
- IT savings – Cloud-based applications reduce resource or eliminate demands on in-house IT departments.
Cloud Computing Deployment Methods
Businesses seeking to take advantage of cloud computing have four main deployment methods available:
- Public cloud – This deployment model is easily accessible, hosted on the World Wide Web.
- Private cloud – Companies can create private clouds behind firewalls for added security.
- Community cloud – This model is a partnership of companies or organizations sharing the same private cloud space.
- Hybrid cloud – An emerging deployment approach that combines aspects of the private, public, and community cloud models, creating a customized, flexible solution.
Business Functions Supported by Cloud Computing
Cloud computing has a wide range of applications in the business world, but there are four primary ways in which the technology is used:
- File storage and data backup – Cloud computing has emerged as the most flexible and convenient way to store files and back up important data. The remote storage of digital documents frees up much-needed space on local devices. Cloud technologies also offer secure data backup capabilities, ensuring business continuity in the event of a disruption.
- Collaboration – Cloud computing has transformed the workplace, making it much easier for people working from different or remote locations to communicate, collaborate and share information. Roughly two-thirds of small and medium-sized enterprises report the need for employees to be able to work anytime, from anywhere. For businesses such as these, cloud solutions offer a major boost to productivity and operational efficiency.
- Resource accessibility – Software, data, and documents stored in the cloud are quickly and easily accessible. Server management is monitored by cloud providers, further liberating businesses from administrative costs.
- Effective management of business growth – In the past, growth forced businesses to make further investments in IT resources. Now, the near-instant scalability of the cloud provides flexible, cost effective computing resources.
How to Choose a Cloud Provider
Businesses should carefully assess cloud providers based on terms, pricing, and service level agreements, as well as security and reputation. Many providers offer low-cost trial periods, which businesses can take advantage of to test compatibility.
It’s important to make a thorough needs assessment in partnership with providers. Topics to address should include:
- The best deployment model
- Security needs
- Software, infrastructure, and platform requirements
- The availability of new applications
- Merging existing IT infrastructure with the cloud environment
The cloud offers a scalable, flexible, affordable route to improved IT performance that is ideal for businesses with limited IT resources.
When talking about extinction, one tends to think of dinosaurs, the dodo, or maybe an endangered species such as the rhinoceros. So, when talking about technology that goes extinct, one might presume the ice box, the buggy whip, or maybe the rotary dial phone. One hardly thinks about VoIP (voice-over Internet protocol) phones as being relegated to the evolutionary trash can. Yet, that’s exactly what some online magazines and blogs are saying.
Crystal Balls Say Obsolescence?
Not too long ago, phone companies announced land lines and the current telephone system as being obsolete. In fact, many major phone companies are looking to switch to VoIP.
To predict that IP phones now will be rendered obsolete might seem a bit off-kilter. After all, there are still fax machines in offices, and people still have desk phones. It’s unlikely, it seems, that the IP phone will go the way of the dodo.
SIP (session initiation protocol) and changing open standards have radically changed the IP phone industry.
No longer do businesses need to rely on proprietary technology. Because of this, the IP telephone is evolving to suit the needs of those who use it. Whether it’s a call center or the need for a rugged phone system in factories and warehouses, the IP phone has changed to suit the needs of the customer.
No New Window
One IP phone that is certain to stand the test of time is the type of IP phone that allows users to make and receive phone calls without having to open up a window on their computer. This IP phone allows the user to have all the conveniences of a desktop phone with all the benefits of using VoIP.
Simplicity Breeds Productivity
When looking for simplicity in a phone, think open source and fewer features. Fewer features allow the user to focus on doing the job, not on trying to learn a complex system. Like the above IP phones, many of these phones are not proprietary and will work with other open source software and equipment.
Keeping the IP phone simple makes it easier to use; thus, employees are more productive.
A Bright Future
No matter what the future holds for phone systems, it’s likely that IP phones will be there, thriving alongside new innovations and legacy systems.
As long as there is VoIP, there will be a need for something as flexible and familiar as IP phones. In addition, as the needs of clients continue to change, IP phones will continue to change along with those needs.
Toll fraud is a serious security threat for businesses that use VoIP (voice-over Internet protocol), which is especially susceptible to toll fraud. Besides being a type of fraud–which no business wants–toll fraud can cause serious financial damage for businesses.
Yet, some business owners are not aware of what toll fraud is nor of the steps they should take to ensure that it doesn’t happen to their business.
What is Toll Fraud?
Toll fraud is the stealing of minutes from and the tacking on of outrageous charges to both conventional phone systems and VoIP.
In the past, with legacy switches, toll fraud was very lucrative, but it was harder to accomplish, because phone companies relied on switches, and there was no connection to the Internet. Now, hackers target business VoIP systems, which often have more lax security than company computers, and are able to cash in on the toll fraud schemes.
Why Toll Fraud?
Besides stealing minutes, hackers get a cut whenever they commit toll fraud. Toll fraud is big business in some smaller countries that have primitive phone systems with little or no usage. These phone companies charge outrageous rates because very few people use them. Hackers will break into a business’s phone system and use their VoIP to these select countries, racking up huge toll bills. The phone system makes its money from those toll charges, and the hackers get a cut.
Unfortunately, once a company falls victim to toll fraud, the business has little recourse but to pay for it. Most of the charges are paid to the terminating carrier in the country to where the phone calls were made.
Why is VoIP Vulnerable?
Because VoIP is easy to hack, hackers are quick to break into company telephony systems and commit toll fraud.
Even though the amount of money isn’t as big as it once was, the amount of money hackers can make, both for themselves and the countries that initiate the toll fraud schemes, is still sizable. Given that in 2014, the average cost of a VoIP attack was around $36,000, businesses need to be concerned about toll fraud, because most small businesses are unable to absorb that kind of hit.
Because businesses are likely to consider that now that they have VoIP, they simply get free calling and toll fraud shouldn’t concern them, businesses are more likely to become victims of toll fraud. Because toll fraud operates differently, it becomes all that more imperative for businesses to protect their VoIP systems.
When it comes to deploying security in a virtual environment, some industry professionals draw a blank–or, worse, they think that it’s necessary to replace existing physical security protocols with virtual substitutes. This is not true.
In fact, the best approach to use when viewing virtual security is a logical one. Consider this: A jewelry store owner who expands the physical location or who opens a new facility would not try to use his/her current security force to protect the new location, nor would the owner secure the new location by trying to stretch the current security force between two facilities and simply hope that the depleted resources will cover the need. Both sites need to be secure.
Considering the current, overwhelming surge in virtual as-a-service solutions, knowing how and when to apply virtual security measures like firewalls has become a crucial consideration for businesses. This is especially due to the fact that according to industry specialists, over one-fifth of all VPN (virtual private network) security will be deployed in a virtual format by the end of the year.
Companies already understand the flexibility and cost-saving advantages of moving information and even key infrastructure to the cloud (hence, the rapid growth). That said, virtual security protocols should not be an either/or dilemma; they should be employed in a layered defense. The physical systems already in place should be supported with virtual firewalls—not replaced with them—depending on the level of the workload requirements.
The reasons for this layered defense are abundant. Not only does it secure the virtual aspects of the data system, but the same ease of alteration and on-demand access that is available in a virtual environment is accessible with virtual firewalls. Companies can adjust deployment according to specific needs, which allows them to better control financial commitments.
The issue of deployment confusion has been discussed at length by industry experts. Keeping pace with the rapidly expanding network services available in a virtual environment means finding ways to secure that activity from threats.
Therefore, deployment should depend on the same workload and accessibility requirements that have determined the current physical security measures.
Notably, there are two basic types of virtual firewalls:
- Introspective: This type resides within the hypervisor side of each virtual NIC (network interface card). Although it offers a well-managed way to keep virtual machines protected, it is limited in availability at this time.
- Edge: This is the most common form of virtual firewalls. These reside between two or more virtual portgroups or switches. The beneficial aspect of this type of virtual security is that companies can deploy them at the “edge” of their data center or between trust zones in a cloud environment, depending on their workload and throughput activity.
Rules of the Game
In general, there are three fundamental rules when it comes to adding virtual security services to a network:
- Deploy virtual firewalls to enhance the depth of network safety in conjunction with the physical securities already in place.
- Know the specifications of a virtual firewall. (The specs for physical firewalls are outlined; virtual ones should be outlined, too.)
- Don’t limit virtual security to one type (or breed) of firewall. (Requirements play an essential role in the types and amount of firewall protection needed for a network.)
With the changing environment of virtual services, companies can discover the best means of keeping their networks secure by incorporating virtual security protocols. The investment is well worth it when the risks are considered, and the faster, more adaptive role that these protocols play can make a huge difference in security compliance.
Managing business operations in today’s virtual environment is an ongoing challenge. As more and more customers rely on the global access created through internet options, Voice over Internet Protocol (VoIP) has become a standard technology for many companies due to its incredible features and cost-effective benefits. But the emergence of new technologies also often means an increase in new ways of criminal hacking. Though hackers cannot be prevented 100 percent of the time, companies can certainly neutralize the threat to a great extent.
As so much sensitive information is transposed through Dual-tone Multi-frequency (DTMF) tones, a security breach over a VoIP system can spell disaster in more ways than one.
In fact, almost any business that performs operations through Time-division Multiplexing (TDM) and Internet Protocol (IP)-based voice frameworks through VoIP are susceptible to phone hackers (sometimes referred to as toll fraud). Not only are payments and financial information at risk, but confidential data collected from healthcare providers, engineering companies, and corporate structuring plans (like downsizing or mergers) are also in danger from phone hackers.
Simple. There is just no substitute for the cost-effective benefits of VoIP. And the eruption of VoIP usage has shown up on hacker radar because previously IP-based communication was centralized on local networks, which were typically protected from the public internet. However, that’s ancient history as more and more of VoIP traffic is routed through un-encrypted, public internet services by telephony providers.
It is hardly surprising, therefore, that there are many tools available now which make it simple, easy, and untraceable for hackers to infiltrate confidential phone conversations. Practically anyone with a little bit of tech savvy and basic research can start collecting and storing voice information from external IP networks overnight.
The Best Offense Is a Great Defense
Because of these increased risks, companies must rethink their supplier’s encryption protocols and safety measures. What may have been adequate when the VoIP was incorporated is most likely now out of date.
Here are the top five things to consider when questioning a VoIP supplier about the systems they have in place to combat phone-based cyber-crimes:
- Ask providers about their Session Initiation Protocol (SIP) trunking services. The system should feature automatic deactivation of any components that aren’t secure, as well as encryption capability for all calls.
- Companies that routinely record calls (a necessary quality control procedure for many businesses) must ensure that their telephony system conforms to ISO protection requirements outlined for storing sensitive information.
- For any payments conducted over the phone, companies must adhere to the Payment Card Industry Data Security Standards (PCI DSS). Also, it is vital that the VoIP provider allocates encrypted connections for payment data.
- Find out about Transport Layer Security (TLS) protocols. Protecting client/server applications from tampering or spying between transports is crucial for secure communications.
- Depending on the risk of remote access susceptibility, consider a Distributed Denial of Service (DDOS). This creates a direct access circuit that is only available for designated voice traffic.
The incredible cost benefits of VoIP through external IP networks are great. But knowing the heightened risk of phone hacking through open (or public) network VoIP can help companies prevent devastating breaches in data security by neutralizing the threat of confidential information from being intercepted.