Information Security Archives

A man on a computer that is on public wifi. The wifi is a trap

Is It Safe to Use Open Public Wi-Fi Hotspots?

Tags : Information Security internet Mobile Security public internet public wifi

With data breaches increasing by the day, it is imperative to keep business and personal information safe and secure. Those who don’t take the necessary precautions risk losing their proprietary and personal data to criminals. Loss of proprietary and personal data can have far-reaching consequences, both for individuals as well as businesses. Apart from financial losses, businesses also risk taking a hit to their reputation.

There are several aspects to data security, and one of the growing areas of concern is mobile security. With the mobile device use prevalent and the practice of bring-your-own-device (BYOD) to the workplace becoming more prominent, it is vital to understand the risks associated with mobility.

Is it safe to use the internet from open public Wi-Fi hotspots?

If you are using an open public Wi-Fi hotspot, you need to be careful. We will take you through what you need to do if you have to use an open public Wi-Fi hotspot – why IT security experts consider public Wi-Fi risky, how to stay safe when using public Wi-Fi, and how a virtual private network (VPN) operates.

Why is public Wi-Fi considered risky?

You don’t think twice when using the internet from your home or office because you know the connection is secure. But that is not the case when you use public Wi-Fi. Therefore, before you start surfing the internet from an open public Wi-Fi hotspot, it is important to know why public Wi-Fi is considered risky.

When you access the internet from public places like airports, hotels, restaurants, shops, etc., you are using public Wi-Fi. We are so used to using these hotspots that we don’t even think twice before connecting to them. While it is fine to connect to public Wi-Fi for checking your social media accounts, you need to think twice before checking your emails or accessing your bank accounts.

There are numerous risks involved if you are using public Wi-Fi. While it might be necessary to brief your team in the office or provide prompt service to your customer, it is vital to understand that these networks offer almost negligible security. That is the reason you need to be careful.

Here are some of the risks of public Wi-Fi, as covered by Norton:

Man-in-the-middle attack –One of the most common threats on public Wi-Fi networks, a man-in-the-middle attack is similar to eavesdropping. When you connect your device to the internet, data from your computer goes to the website or service you access, and it is here that a third person can exploit the vulnerabilities in-between. That means, your private connection is no longer private, and a third person can access your data.

Unencrypted network – When you opt for encryption, the information you send from your computer to the wireless router gets encrypted. It means, the information you send gets coded, and only those having the key to deciphering the code can read the information. In most cases, as a default setting, the encryption is turned off when the router leaves the factory. To enable the encryption, you need to turn it on during the time of the network setup. But if a non-IT person sets up the network, there is no guarantee that he or she turns on the encryption. So, you don’t have a way to find out whether the public Wi-Fi you are using has encryption turned off or on. And, this is again dangerous as the information you share on unencrypted networks is not safe.

Malware distribution – By exploiting the software vulnerabilities, attackers can slip malware on to your computer. A security vulnerability is a security loophole that exists in an operating system or software program. It is easy for hackers to exploit this weakness. They can write a code to target a particular vulnerability and inject the malware on to your device. Your data is at risk if your device gets infected with malware.

Snooping and sniffing – Snooping and sniffing is again a very common risk on public Wi-Fi. Hackers use special software kits and devices that allow them to eavesdrop on Wi-Fi signals. With this technique, hackers can access all your online activities. From the websites you visit and the information you leave on the webpages to getting hold of your login credentials and hijacking your accounts, the attackers get every bit of information they want.

Malicious hotspots – Malicious hotspots are rogue access points that can trick you to connect to them because their name is almost similar to a reputable brand. For example, if you are staying at a Holiday Inn and want to connect to their Wi-Fi network, but you accidentally connect to HoliDay Inn, which is a malicious hotspot. When you connect to this rogue hotspot, attackers can view all your sensitive information.

Staying safe when surfing public Wi-Fi

There are occasions, however, when you have to use open public Wi-Fi.

So, what should you do?

Here is what you can do to stay safe when surfing public Wi-Fi.

Always try to use a trusted Wi-Fi network – It is vital to understand that it is difficult for any public Wi-Fi network to provide foolproof security. That is why it is important to try to connect to a trusted entity like Starbucks. Public Wi-Fi networks like Starbucks are less suspect than an unknown entity. As Wired observes, they’re already profiting from your presence there. Avoid connecting to an unfamiliar network, and when traveling to a new place, always try to connect to known and trusted networks.

Follow Google’s advice – use only HTTPS sites – Google Chrome tells you whether the site you are visiting uses an unencrypted HTTP connection or an encrypted HTTPS connection. For HTTP sites, you can see “Not Secure” on the search bar. Be aware that Chrome is the only web browser that provides this warning.

Try not to use HTTP sites from an open public Wi-Fi network because these are not secure. On secure sites , it is difficult for attackers to access your data that travels between your computer and the website’s server.

Don’t share too much information – If you have to use an open public Wi-Fi network, make sure that you don’t share all your details. Try not to forget the first rule (using a trusted network), but in case you have to use an unknown network, don’t share all your details, such as email address and phone number. Also, avoid signing up for multiple public Wi-Fi networks. It is better to connect to a network that you are already registered with.

Make sure you limit file sharing – While using an open-public Wi-Fi network, ensure that you turn off the seamless file sharing option on your device. For example, if you are using a PC, go to the Network and Sharing Center, then to the Change Advanced Sharing settings, and then turn off the File and Sharing option. If you are using a Mac, go to System Preferences, then go to Sharing, and then unselect everything. After this, go to Finder, then click on AirDrop, and then select Allow me to be discovered by: No One. And, in case you are using iOS, go to the Control Center and find AirDrop, and then turn it off. If you do this, you can keep your files safe because attackers will not be able to get hold of your files, nor can they send you unwanted stuff.

Read the terms and conditions of the network you are signing for – Not an easy thing to do, but if possible, you should check for red flags. When you go through their terms and conditions, you can get to know the type of data they collect during the session and what they intend to do with it. You can do a web search for terms you don’t understand. However, make sure that you don’t promptly install any software the open Wi-Fi network suggests.

Always use a VPN – The best way to protect your data on an open public Wi-Fi network is to install a VPN on your device. When you use a VPN, it encrypts data that you receive or send through a secure server, which means people on the network cannot spy on your data.

How does a VPN work?

Using a VPN is the best way to protect your data on an open public Wi-Fi network.

A VPN disguises your actual IP address and location. It uses encryption and establishes a private, secure channel for your internet use. If you use a VPN, all of your information moves securely from your location to the VPN, your original IP address is masked, and your data exits to the public internet through the VPN server. The use of a VPN makes it extremely difficult for the attacker to trace the data back to you.

The use of a VPN is particularly of help to businesses that need to give their employees remote access to the company server. You can get access to the software and company resources even when you are not in the office.

So, to answer the question, you can safely use Wi-Fi hotspots if you exercise caution and common sense — as well as add the extra layer of protection that a VPN affords. Be aware that this is a less-than-ideal situation, but if it can’t be avoided, we’ve hopefully provided the information you need to identify sketchy hotspots and protect yourself as best as possible. As we always say, knowledge is power!

No matter what platform your company uses to meet its unique needs, DocuServe specializes in offering industry-leading solutions for keeping your digital content safe. Our secure document and rich media sharing app can reduce the risk of data exposure. With DocuServe, you can easily control content distributed to employees, vendors, and potential customers. Contact us to learn more.

How to Delete Data from a Stolen Laptop

Tags : encrypted security Mobile access remote wipe

With laptop thefts on the rise, businesses need to know how to keep their data safe and secure. Data breaches are a reality these days, and businesses of all sizes stand to suffer in equal measure.

There is nothing much that you can do if one of your employees loses his or her laptop. Apart from cautioning them to be more careful in the future, you also need to do something that ensures your company’s information does not fall into the wrong hands. It is vital to know how to delete data from a stolen laptop if you want to keep your company information safe.

How secure is your company laptop?

If you are in business, then using laptops and other mobile devices is inevitable. Also, with the bring-your-own-device (BYOD) trend increasing by the day among companies, laptop and other mobile device security should be of paramount importance to businesses of all sizes.

Companies have to share information with their partners, suppliers, and customers, both within and outside of their offices. It is, therefore, important that businesses understand the importance of document management so that they can keep their proprietary content safe and secure from prying eyes.

Another measure that you should be using is encrypted security solutions. Encryption is one of the best ways that can ensure the security of your laptop. If your laptop uses data encryption, there are chances that your data will remain safe even if it is stolen. Also, laptop encryption tools these days are mature and readily available.

One of the most important aspects in data protection is to provide adequate training to employees on how to safely use their mobiles and laptops. Our blog post – “What You Need to Know Before Your Company Adopts BYOD” – covers the main security issues that should be addressed in establishing company policy regarding the business use of employees’ own devices.

If the worst occurs, and an employee’s laptop is stolen, performing a remote wipe before the thief can access data can help prevent a security breach.

What is a remote wipe?

Essentially, a remote wipe is a software solution or system capability to remotely delete and wipe out data on a system or device. Features like remote wipe are part of comprehensive data security management systems, which solve data breach problems that can occur due to not following BYOD policies or other security gaps in distributed company computing networks.

Data wipe is the method whereby stored data on a device gets deleted and destroyed using mobile access in the framework of mobile device management. But to protect your laptop and other mobile devices, you need to ensure that you set up remote wipe before the device is stolen so as to protect your personal and company information. Once a device is lost, it is not possible to wipe devices or deploy endpoint management easily.

Personal information data deletion is triggered once a remote erase command is executed from a remote system endpoint. The remote delete command can erase all the data on a device, or it can specifically target company-specific data.

Data and device wipe are useful techniques because when unauthorized access occurs in a device or system, it allows device administrators to initiate a factory reset easily and restores factory settings remotely.

When it comes to remote wiping, you have the option to either lock the device or erase the data. When dealing with lost devices, many businesses prefer to remote lock the device where the screen gets locked, preventing access to the device. Here the information remains on the device, but access to unauthorized users is denied. The other option is to remote wipe the stolen device. Between the two, it is always more prudent to remote wipe a stolen device rather than just locking it down.

If your laptop is stolen, you can use ‘Retire’ or ‘Wipe’ action to delete your company data and send the device back to factory reset mode. Microsoft provides a complete set of instructions on performing these actions – and others.

Wipe

When you send a Wipe command, it restores a device to its factory settings. You have the option to keep the user data on the device if you select the Retain enrollment state and user account checkbox. If this checkbox is not selected, the Wipe command can erase all the apps and data on the device.

But you need to remember the Retain enrollment state, and user account option is not available on all the Windows laptops. It is available for Windows 10 version 1709 or later. When the device connects to Intune after the Wipe command, MDM policies will be reapplied. The Wipe feature can only function if the device is on and connected.

Retire

When you give a Retire command, it removes managed app data (where applicable), settings, and email profiles which were assigned by using Intune. The device gets removed from the Intune management, and this happens when the device next time checks in and receives the remote Retire command. A Retire command does not remove the personal data of the user. The Retire feature can only function if the device is on and connected.

Three facts you need to know about a remote wipe

You need power and a network connection to remote wipe – As Wipe is a command that is given to a device, the device needs to be turned on and connected to a network so that it can receive the command. You need to know that if the device is switched off, you cannot remote wipe the device.

Remote wipe has many options – There are many options available for a remote wipe. You can remote wipe the device and send it back to the factory reset mode. Also, there is an enterprise wipe option where only the company data and application get deleted from the device, and personal data is not touched. Another option is KeepAlive, where complete device reset happens automatically if the device goes missing for too long.

It is not possible for you to opt-out of it – If your laptop or mobile device is company-owned, or even in case of BYOD, your company will have some level of erasure capability to wipe your device.

Fortunately, overcoming the challenges of BYOD does not need to overwhelm your organization. DocuServe has the industry experience and solutions to protect company data in the BYOD work environment, keeping employees productive without risking data loss. Our eServe encryption solution provides content security in the cloud, mobile access, security at rest and in motion, encrypted data security, remote wipe and much more.

Contact us to learn how DocuServe can be the ideal solution for your company’s move to the brave new BYOD world.

Document Management with GDPR

With the start of the European Union’s (EU) General Data Protection Regulation (GDPR) on May 25 of this year, data privacy has a new meaning – and a new global respect. GDPR sent many American companies scrambling to achieve compliance as it implements sweeping changes on businesses that deal with customer data – which may even include yours. In other words, GDPR compliance isn’t just for EU-based companies.

GDPR Basics

The GDPR was established to protect the personal data of EU residents and affects any business that has customers located in the EU. There is no restriction based on location, company size or scope of business, meaning any entity with an internet presence will be affected. Fines for non-compliance will be high. Data protection watchdogs can impose a fine of up to £20,000,000, or four percent of your total annual worldwide turnover. Any service offered to an EU resident – regardless of whether the service is free and which country hosts its servers – has to play by the rules. For all the information on the GDPR, visit its website, GDPREU.org.

A Major Difference

At issue is the major differences in the approach to collecting personal data in the United States and the EU. In the U.S., personal information is often collected as a matter of course, with only an ‘opt-out’ offered to consumers. By contrast, GDPR requires that in order to collect information from EU data subjects, an affirmative ‘opt in’ consent must be obtained that clearly specifies how the data will be used. Privacy policies must match.

Once information is obtained, the EU data subject has the right to request that his or her data be deleted; that is, to invoke the right ‘to be forgotten.’ Incorrect information must be corrected upon request. These rights may seem simple enough, but when data is held in multiple locations, developing a process to handle such requests could be difficult. As an organization, you need to know how GDPR will affect your paper documents. This is where a document management system (DMS) can come in to help make your business GDPR-compliant.

A document management system manages, stores, and tracks electronic documents and electronic images. With the use of document management scanning, paper-based information can be captured and managed in a much more secure and efficient way. You can use a DMS to organize and control documents across your organization, which helps make your business GDPR-compliant.

With data breaches on the rise, businesses can’t do without content security. As a business, you need to protect your company information and customer details. Be it your company information, customer information, financial details, research, training, intellectual capital, corporate secrets, or securing your mobile data for BYOD purposes, you need to make sure that your data remains secure, both at rest and in motion.

Also, it’s difficult for companies to know how many paper documents actually exist. Duplication on photocopier, removal of documents from your office and insecure disposal of documents can all lead to the existence of several copies of the same document, which is again a problem according to GDPR standards.

When thinking about GDPR compliance, here are some questions offered by YourDMS:

What kinds of documents you possess, and do they include personal information?
Are you able to find documents easily?
How long does it take to locate them?
Are all of your documents stored in one place?
Are you sure you have all the documents?
Are you aware of the number of copies that exist for each document?
Can your documents get into wrong hands?

You should keep in mind three things with document management and GDPR. Here are three things with regards to document management and GDPR, courtesy of Create Ts and Cs:

Encryption – A ransomware virus can easily access your organization’s data, which could include your staff records as well as customer bank details. But, with the DMS in place, all of your files are encrypted on entry, and held as images. A DMS ensures that your data and documents are kept safe even at the time of an attack. If you want to be GDPR-compliant, you need to use a DMS because it encrypts your data.

Role-based access control – According to the GDPR standard, you need to make sure that information and data are locked down. It should not only be kept safe from the outside world, but also within the organization. Your employees should not have access to all the information; it should only be need-based. You don’t need your sales manager to know your customer’s bank details. You can put in place rules with a DMS which can restrict access control.

Retention control – As an organization, you also need to keep in mind that you store data for an appropriate period. You cannot and should not hold on to the information beyond the stipulated time. When you start using a DMS, it makes sure that it stores personal data correctly, and flags documents that need deletion.

How DocuServe document management can help with GDPR

As mentioned earlier, an efficient DMS can help you comply with the GDPR. That is where DocuServe’s document management comes into the picture. DocuServe is a secure cloud-based content distribution and protection system that can keep your digital content safe. DocuServe provides you with complete control over your content, right up to the document level. Because DocuServe is a cloud-based technology, your documents, video, and other shared files don’t exist on the user’s device – which makes it easy for you to withdraw and manage access – also helping your organization’s GDPR compliance.

DocuServe ensures content security because the content is encrypted between the application and the operating system and within the document, which ensures greater security. This is another GDPR requirement which states that an organization should ensure that personal data is kept secure at all the times. With DocuServe, you can delete, eliminate, and remove your data as and when required – another important GDPR requirement.

Other ways in which DocuServe ensures GDPR compliance include:

Security (including mobile) at rest and in motion.
The right to be forgotten by deleting or removing personal data on request.
Privacy by design (everyone in the organization works in the same way and to the same procedures).
Data retention (securely delete information in part or incompletely).

DocuServe has the ideal DMS solution to help your business achieve GDPR compliance. Contact us today.

LMS tools, learning management service, learning management system, employee training, train tools, corporate training tools

How a Learning Management Service Can Benefit Your Business

Businesses all over the world are adopting ways to deliver effective learning programs to their employees to help increase user engagement, productivity and retention. Looking after the learning and training needs of your employees is central to the success of every organization. Companies these days want to create a robust platform for corporate training that can deliver effective corporate training programs to a wider audience. And that is where a learning management system (LMS) fits the bill.

A learning management system can offer many benefits to organizations of all sizes. But first, let’s define what an LMS is all about.

What is an LMS?

An LMS is an enterprise-wide application that enhances the flow of information to managers. As described by Asha Pandey, CMD and Chief Learning Strategist at EI Design, it can manage, track, regulate, monitor and deliver learning programs to a wide audience. In addition to delivering fully automated online training, an LMS can support hybrid training models like blended learning and the flipped classroom approach. Also, an LMS solution can deliver training content, assignments and tests to employees, track their progress, manage recordkeeping and offer support on a continuous basis.

Benefits of adopting an LMS

The online revolution has altered our lives in many ways. The way we communicate, shop, and even learn and train have changed for the better. eLearning is an effective way of delivering course material in a classroom or training room environment. eLearning software solutions allow organizations to deliver corporate training programs and courses online, or other platforms.

How an LMS improves learning

It keeps track of learning – Employee development and meeting all the compliance norms are the two key factors that concern every organization. With an LMS in place, you don’t have to worry about these factors, as it tracks who has taken the training and how well they performed.
It reminds you about retraining – Learning and training should be a continuous process if you want your employees to remain up-to-date on all developments. An LMS can keep you informed on the last training taken by your employees, and the upcoming retraining schedule.
It provides real-time reporting – An LMS can track the progress of your employees accurately and provide comprehensive reports in real time.
It offers on-demand learning – With an LMS in place, your employees have around-the-clock access to training materials. They also have the option of revisiting the courses if they want to review the material.
It allows anytime, anywhere learning – mLearning – or mobile learning – is a growing trend, with organizations now delivering training courses on such mobile devices as smartphones and tablets.

How an LMS benefits your organization

Helps improve your employees’ performance – With an LMS in place, you can access eLearning courses on demand. It keeps your employees current on all recent developments and compliance norms, which helps improve their overall performance.
It speeds the process of compliance training – Bringing new hires up to speed faster is another advantage. Even for established employees, an LMS helps get everyone on board simultaneously when organizational changes occur, or new compliance regulations are established.
It reduces cost – As organizing and conducting face-to-face training is costly, an LMS helps reduce your overall training cost.
It helps multiple site deployment – You can conduct training at different locations without concerns about training consistency and uniformity. The same message is delivered across all locations, and everyone has access to the same material.
Everyone gets a chance to attend the training – Employees have the flexibility to schedule their training to their convenience – either completing the session at once, or as they have time, depending upon their workflow.
It can align with your organization’s learning needs – An LMS is a powerful corporate training tool that takes into consideration your organization’s learning needs. You can train your employees for new initiatives easily, consistently and effectively, and measure the impact of learning.

What to look for in an LMS

When you buy LMS software for your organization, you need to make sure that it offers features that keep your employees engaged. If the LMS you purchase lacks compelling functionalities, it will be difficult to generate user engagement.

Software Advice conducted a survey of full-time employees to learn which popular LMS features they would like to use the most. A summary of the findings were reported by Brian Westfall, Senior Content Analyst for Software Advice.

Micro-learning engages more than half of employees – Because 58% of those surveyed said they would like to engage more with the training content if it was broken up into shorter lessons, micro-learning is a growing trend.
Gamification – In the survey, 35% of the employees said that real-life rewards based on the progress of learning would be the top gamification incentive for using their organization’s LMS. This is another trend that is quickly spreading. LMS systems have incorporated many video game-like functions, such as leaderboards, badges and point systems.
Social learning modules, such as discussion boards and content sharing – In the survey, 24% of respondents said that the discussion board – followed by content sharing (23%) – would be the social learning module that engages them the most with their company’s online learning tools. Another popular trend in online learning is the surge in social learning due to the rise of the social media in the last decade.
Mobile access – In the survey, employees were asked whether they would be more comfortable using corporate training software on their mobile devices. Almost half of them (48%) said they are more likely to use an LMS on their mobile devices, but surprisingly 39% of them said that mobile access would not make any difference to them.

If a learning management system is what you are looking for, DocuServe has solutions that will help you produce, manage and distribute your eLearning content without the need to hire an expensive in-house content development team. Our comprehensive LMS tool can take your learning and training standard to the next level. Contact us for all your eLearning needs, and increase the engagement of your team members.

Cryptocurrency For Dummies: What is Cryptocurrency & How Does it Work?

There is tremendous interest in the cryptocurrency space right now, and equal parts confusion, uncertainty, and doubt. Bitcoin, cryptocurrencies, blockchain, ICOs. What do these even mean? This guide will be a brief overview of what cryptocurrency is and how it works.

Cryptocurrency is a general name referring to all the encrypted decentralized digital currencies like Bitcoin. The underlying infrastructure that makes these cryptocurrencies what they are is called blockchain. At its simplest, a Blockchain is a shared database (ledger) that everyone can write to and access to verify transactions. It is extremely secure because the transactions are encrypted with 256-bit cryptographic keys. So instead of the record of every transaction that has occured on a server, all the information is kept in the decentralized ledger (the blockchain).

These ledgers are constantly checked against one another automatically to stay up to date with the master. The master is the longest most agreed-upon chain at any given time.

“Anyone (or any program) can check the ledger any time because the ledger is public. But, everything on the ledger is encrypted, so unless you have the key for the ledger slots you’re trying to look at, all you see is nonsense. This is how the system is able to be secure, but also public. Everything is encrypted using an algorithm that is, as of now, unhackable.” – Adam Kerpelman, founder and CEO of Juris – Human-Powered Dispute Resolution for Blockchain Smart Contracts,

When a new coin comes out it usually releases a “white paper” which is like a sales pitch. Initial Coin Offers (ICO’s) are new coins used for crowdfunding. Cryptocurrency is legal and taxable in the US, but it isn’t legal tender and is treated as an investment property. With that said, due to its infancy and history so far, cryptocurrencies should be invested in and used with their historical volatility in mind.

Is Cryptocurrency Safe?

Says Scott Amyx, of Amyx Ventures, “Cryptocurrencies are inherently very safe but the vulnerability of cryptocurrencies lies not with the underlying technology but rather with people and institutions — hackers trick the user into divulging access to the exchange, typically your email address and a password (via phishing) or to the private key in your wallet. Specific to exchanges, the most common way is to hack into your email account and then request a password reset to the exchange.”

To mitigate this risk, Amyx recommends enabling multi-factor authentication.

Where Do You Keep Cryptocurrency?

A third party exchange such as Upbit and OKEx
A first party wallet with a public key which allows others to give you cryptocurrency and a private key (to open the wallet for withdrawal)
In the case of an exchange, investors can buy and store digital currency using their service.
For a wallet, you are responsible for keeping the private key safe so that no one can hack into your wallet.

Are Passwords Enough? The Argument for Multi-Factor Authentication

Tags : Information Security Password Breech

Recent Hacks on Global Companies Suggest a Need for New Security Measures

It may seem like a pain. You are only trying to login to pay a bill, order a new toaster, or make an appointment, and they ask for more than a password. Rolling your eyes you have a code texted to you, or emailed, or even called. What a waste of time…right? When given the choice between having to spend an extra two minutes to login or having to cancel your credit card due to identity theft, which would you choose? Are passwords enough?

These days, it does not seem so.

I know what you’re thinking. At least I’m not one of those guys that make their password: password123, my information is not that vulnerable. Think again. Even the most nonsensical combination of upper and lowercase letters, numbers and symbols are capable of becoming compromised.

In many cases of compromised information, it is not even a case of a good guess when it comes to your password, but rather in phishing scams or other techniques that can deceive even the savviest of internet users. A recent Facebook Messenger scam made light of this, by compromising an account and sharing a video link to a person’s contacts, as that person. So, be careful before clicking that video that your best friend sent you. It may not be a cute cat video, but rather a way to obtain your personal information.

The need for more than just a password is a crucial enough issue for the individual, but failing to do so can be catastrophic for businesses that keep and protect sensitive information.

So what can you do?

There are a few solutions available to help secure your company’s sensitive information.

Password Managers

Password managers make it easier to keep dozens of unique passwords. That way, you do not need to repeat the same password over and over again. This is a common solution for workplaces that do not want to slow down their workers by making them wait on the codes or other keys for two-factor authentication. Instead of keeping an individual list of passwords, the password manager keeps it in memory, accessible only to those invited into the system by an administrator.

Simplifying Authentication

While having to get through two gateways can be a time-consuming burden on employees, simplifying two-factor authentication may be beneficial. In more recent instances, instead of waiting for a code or phone call, a mobile security app requires a single tap to allow access. In order for two-factor authentication to be both secure and functional, it needs to be fast, easy to manage and built to defend against threats.

Encryption

You may not always be able to protect against external threats, but you may be able to still protect what’s inside. By encrypting your important data, your sensitive information will be harder to obtain in the event of a breach.

Limit the Passwords that Employees Have Access to

Instead of giving everyone unlimited access to everything from the company Twitter to the main database, give access only to what is essential to get the job done. You’d much rather change 3-5 passwords than upward of 500 when an employee parts ways with the company.

Utilize Wiping Technology

If your company is one that allows employees to use their own devices, things can get complicated once an employee leaves. With the right technology, you can wipe all company data off of an external device, without disrupting the employee’s personal information. That way, they can quickly resume use of their device, and your company data remains safe from potential exposure.

Content security can make or break the integrity of your organization. It is important to keep a company’s proprietary information safe, not just for the company itself, but for the clients it serves and the workers it employs. DocuServe provides a document management solution for businesses, which increase your confidence in your company’s security protocol. When wondering “Are passwords enough?”, DocuServe can keep your information safe.

Secure Digital Content: How It’s Done

Tags : Encrypted Digital Media Information Security

A few weeks ago, I surveyed a technical writing group on LinkedIn about the importance of security for technical publications and received feedback from more than a dozen industry professionals on this issue. Unilaterally, the responses were in the affirmative.

Document security is a requirement for doing business in government and healthcare, along with many others. The range of answers was broad, and by several accounts, inconsistent. Some companies broadly distribute their user documentation on corporate websites and deem it another form of marketing material.

Joe Hauglie, a Human Performance Consultant for a large equipment manufacturer, said “There are all types of security, from password-protected PDFs and documents are stored on a secure server, behind a firewall. Companies should have guidelines in place that indicate what should be private or otherwise. I think that all content should be evaluated before it is categorically released. “

While our survey shows that many larger companies have internal processes in place, small and mid-sized businesses are a bit behind in identifying what should be secure and how to secure it. In our experience, this is a bigger issue than protecting pdfs with a simple password, as the passwords can be shared along with the document to anyone without detection.

Some of our clients have asked us for parameters involving security by IP address, controlled web portal, timed access, and view only access. Requirements come in all shapes and sizes with secure digital content. We’d love to hear more stories about how your company solved the document security challenge including the costs in dollars and internal resources. What’s your experience with digital delivery of secure content?

The Pitfalls of Unsecured Digital Documents

Tags : Corporate Training Digital Printing Encrypted Digital Media Information Security

Over the last few years, I have seen dozens of conversations in professional training forums about digital content delivery strategies, including what formats are most effective, what is required to deliver them, and how these digital formats can be securely encrypted.

Questions like:

Is there any value in a do-it-yourself solution to remix existing third-party material and custom content for delivery to any tablet or mobile device?

What are the benefits of timed content delivery?

I’m researching delivery options for a new learning curriculum. Can anyone share any lessons learned on different delivery models?

Is there content that can be taught most effectively only through a certain medium, such as elearning using mixed digital content vs. traditional classroom training, for instance?

While training professionals should understand these issues and create learning experiences in appropriate mediums, delivery considerations often distract them from what they most need to focus on: creating the content. While many enterprise companies have brought this function in house, small and mid-sized businesses are often without a reliable solution and are winging it. These companies often create simple, easily broken password-protected PDFs and call it a day, leaving their intellectual property up for grabs by their competitors.

When asked about these practices, my colleagues share stories that would give the company legal department pause. If your company’s content and people are what gives you the market edge, why would you leave your playbook in the other team’s locker room? The main response is about time and money. When there are so many options to consider- from ebooks formats and timed- access, to print and sharing considerations, many training professionals don’t have time to wade through the options and develop an organizational strategy.

If the resource isn’t in house, and your company values content security, it makes sense to find a partner who can help you develop an approach to content delivery and security, doesn’t it? What’s your strategy?

Topics: Secure Content

DocuServe

Category: Information Security