What is Encryption and Do You Need It?

Office IT, Security,
11
Dec 2014

What_is_encryption

With more regulatory commissions requiring encryption and privacy being a hot topic, it’s important to understand what encryption is and whether you need it.

Encryption is nothing new; in fact, it was used thousands of years ago during the ancient times in Egypt, encryption was used to hide messages in the tombs of kings. It has been used time and time again by different civilizations, and was even applied through the Word Wars to keep messages hidden away from the enemy.

However, in most recent history from the 90s, encryption has been adapted to be used as a security measure on computers and over the internet.

Nowadays it has become ever so important for financial institutions, healthcare practices, legal, law and governmental offices to apply encryption into their systems. This allows them to secure their information, whilst remaining complaint with data protection standards.

What is Encryption?

 

How_Encryption_Works

A basic encryption implementation explained by Oracle.

As you may now understand from our examples listed above, encryption obscures information, away from prying eyes. More specifically, it does this by making data unreadable to outsiders. In technical terms, a mathematical formula is used to scramble the data, which appears as gobbledygook to anyone else reading it. Only the person who holds the key can, in a sense reverse the mathematical formula to unlock and read the data.

Why encrypt your data?

Data encryption ensures that you can deter hackers and lessen the effect of being a prime target of criminal activities, looking to intercept your data. Often the most valued data is your personal information. Just think of how many emails contain passwords to accounts, medical reports archived, interests displayed, and an insight into all of your personal activities.

With all this, a hacker can spear-phish you and later target you again, with the likelihood of succeeding. This will be done by simply using your details against you, without you even realizing it.

Therefore, it is extremely important to encrypt your information if you work anywhere that handles sensitive information, confidential emails, and if you travel with a notebook or similar device that uses the Internet.

Encrypting your hard drive

 

bitlocker-encryption

Hard drive encryption can help to protect your computer from unauthorized access, since a user needs a key in order to read it.

There are many programs that can help to encrypt your disk such as TrueCrypt, Bitlocker and RealCrypt.

To learn more about Hard disk encryption, please read our how-to article here.

Encrypting your email

 

An example of what an encrypted email looks like using PGP.

An example of what an encrypted email looks like using PGP.

Email is used by just about every person who uses a computer, smart-phone, device and works at a business, or all of the above!

Did you know that your email can be intercepted and read by anyone who has access to the right tools?

A good tool to use is called PGP (Pretty Good Program), which can encrypt your email. In order for this to work, both sender and receiver need PGP installed. The sender will generate a random key, and once the encrypted message is sent and received, the recipient can unlock it with a key generated by their PGP plugin.

Encrypting your internet connection

 

How VPN works as explained by Private Internet Access.

How VPN works as explained by Private Internet Access.

As the name suggests, VPNs (virtual private networks) are a safe way to connect to a private network or to access the internet.

One good analogy is comparing a VPN connection to a walled tunnel, where outsiders would “hit a wall” along the tunnel, unable to infiltrate and access what goes through the tunnel. Whereas a usual Internet connection can be likened to your data travelling on a street and potentially be seen or accessed by outsiders. This is where the term “VPN tunnel connection” comes from. Within this tunnel, all of your data is encrypted. User can access a VPN by having a VPN client installed and accessing a login prompt that will securely authenticate them.

Some VPN clients worth considering are ProXPn, TorVpn, TorGuard, Private Internet Access and WiTopia.

There’s so much to consider with encryption. Just about everything can be a risk without it, so be sure to adopt this secure technology into your business practice to maximize your security.

If you need support and advice with your encryption needs to stay compliant, contact your local IT professionals.

Read More

What is Two Factor Authentication and Should You Use It?

Office IT, Security, ,
07
Dec 2014

Two_Locks_Two_Factor_Authentication

We use the Internet for almost everything from email to banking. Lets review how two factor authentication works and how it can protect you.

How does one ensure that their accounts are being kept safe at any point without risk of theft?

The truth is, the world is full of hackers trying to steal your personal information and money.  They’ll go as far as to phish your information without you knowing it. However, one good way to lock down access to your accounts is by using two-factor authentication, also known as 2FA. It’s highly likely that you’ve already used 2FA without even realizing it.

High profile companies such as Google and Twitter, along with many more, have adopted this security measure. Does this make any sense to you? If not, don’t worry as we’ll elaborate more on this.

What is it?

Let’s begin by understanding what single factor authentication is. When you log into an account with just a password, this is considered to be a single factor.

However, two factor authentication is used to verify the identity of the person who they say they are logging in as with the help of an additional factor.
This additional factor can be a piece of information such as:

  • An extra password, pin or pattern
  • Something physical such as a phone, ATM card or fob
  • Biometrics, such as voice, fingerprint or iris scanning

The additional factor forms part of the two factor verification during authentication, even if there’s no evidence of the person accessing the system being the rightful owner of the account.

Once the two factors have been successful verified, this would grant access to a computer system or website.

Example of Two Factor Authentication

An example of how Zoho Uses 2 Factor Authentication

An example of how Zoho uses 2 Factor Authentication

A common example is when you use an ATM machine. For this to work, you’ll obviously need an ATM card, which is one factor, and a pin as a second factor.  This makes it somewhat secure, where one will not work without the other. Say if your ATM card (without long-strip) was lost or stolen, it wouldn’t be any good to whoever gained possession of it without knowing the pin. The opposite is also true, in the case of someone else knowing the pin without having the card. They would be unable to access your account.

Should you use two factor authentication?

In principle, yes. It adds an extra layer to dissuade hackers from gaining entry into your accounts.  Although it isn’t necessary to use it on all of your internet accounts, enabling it on your main email account if it’s supported by your email provider and any financial accounts such as banks or credit cards is a good line of defense.

There are, of course, some downsides to two factor authentication:

  • 2FA logins can take a little longer to work out to login, as the additional step can seem like an inconvenience when using something like a mobile or a fob key to generate a code.
  • If any device, such as a fob or a phone is lost, you’re stuck having to find a way to log in and you’ll need to contact the company’s support.
  • If a hacker gained access to your main email account, which is listed within your contact details in another important account, they can receive the account recovery email. They can then reset it causing them to bypass the 2FA of the account they’re targeting.
  • A good way to prevent this is by having a smarter recovery option, such as an SMS sent to a cell phone to request any account actions.

Final Verdict

All in all, it is better to have 2FA enabled on your accounts than no additional step at all, especially if it means dissuading unauthorized access to your accounts. As 2FA has become more commonplace, it is likely that new developments in security will pave the way for more practical two factor authentication methods. It is fast becoming a necessity for both personal and business use.

For more information on using two factor authentication to protect your business and personal accounts, contact your local IT professionals.

Read More
Virtualizing Desktops
Virtualizing Desktops

Benefits of Virtualizing Desktops and Workstations

Office IT
05
Dec 2014

Virtualizing Desktops

Virtualization is fast becoming the norm in many small to large sized businesses. Here are some benefits when you virtualize office desktops.

With so many benefits to virtualizing desktops and workstations, it’s no surprise as to why this has caught on so well.

How does virtualization fit within a Small Business?

First, a quick recap on the meaning of virtualization. Virtualization is imitating a physical machine set-up, which has an OS (operating system).  Imagine taking your laptop or desktop, and running it on top of another computer called a host.  This host can run many desktops or laptops, eliminating the need for expensive physical computers.

What is virtualization

  • In the context of virtualized desktops, a centralized server acts as the host to hold the virtual desktop sessions, which imitate real desktops just like your Windows 7 or 8 based computers, complete with a whole list of different applications.
  • Staff and users would then access their files and programs via their terminal machines, from which they log in from, to initiate their virtual sessions to work.
  • The “connection” here involves the user gaining access to their operating system and programs, which are virtual. These exist on the host server, which allocates such sessions to logged in terminals.
  • A terminal machine can be a computer, Smart-phone, or a Thin-client.
  • A Thin-client differs greatly from a physical desktop system, in that they are physically designed to be basic, with much smaller memory, hard-disk space and processor. This makes them more streamlined and much smaller than real desktops.
  • Since Thin-clients are much smaller, the processing power demanded from any given applications or programs wouldn’t overload it as all that is taken care of by the server that hosts the session.
  • Host servers are generally built to withstand higher demands on their resources, such as memory, processors and Hard-disk space, which are generally much more powerful than a standard computer.

The Benefits of Virtualizing Desktops

Now that we’ve covered the concept of how a virtual desktops are set up in a VDI, let’s now understand the benefits behind virtualization.

Cost

  • Lowers admin and operating costs by as much as 70%! Operating costs can include repairing faulty or broken desktops, and extra man-hours to handle such requests, which are all mitigated by virtualized machines.
  • Thin clients and other terminal machines are significantly cheaper to run, helping you save on energy bills by around 97%, compared to physical desktops.
  • Since they save on energy costs, it has a positive impact on a company’s carbon footprint, making it more environmentally friendly. These savings can be reinvested back into the business and reallocated towards much needed projects.
  • Save on having to purchase large office furniture as they’ll be more room on desks, which also looks aesthetically better than having a clunky desktop to look at!

Management and Administration

  • Simple to manage centrally from a server at a datacenter. For instance this involves policies, security updates, changes to applications and so forth.
  • Reduces the number of issues logged with IT staff, unlike physical desktops which may have isolated issues and can be difficult to track within a large company.
  • Keeps downtime to a minimum, as it’s all managed centrally and more efficiently, which in turn helps with productivity.
  • Backups of user’s laptops, devices and profiles are simple to manage, for instance backups are carried out centrally.
  • Easy to clone VMs ( virtual machines), for an entire department or company, as they’ll contain  all the settings including its operating systems, drivers, applications and files. This saves time and man-hours too!

Security

  • End terminals and Thin-clients are locked down, making them more secure from unauthorized virus threats and policy breaches.
  • Prevents data leaks by not allowing information to be copied to a disk. All copies are usually only available via the datacenter as backups.
  • Centralized management via a host server means simple processing and monitoring for both sessions and end terminals.

Productivity

  • As previously mentioned, increased productivity is a highly noted benefit. Gone are the days where you would have to wait for a Desktop to be repaired, which would interrupt workflow. Issues can be resolved very quickly, meaning business can continue as usual.
  • Easy to set up new virtual machines, which can be preconfigured and customized VMs for any department, and ready to use in a matter of minutes. Thus makes it incredibly easy to scale up system, when needed. This can allow new staff to be set up quickly and be productive too!
  • Users can access the same programs and applications from anywhere they can log in.

Final Thoughts

A virtualized desktop environment comes with so many benefits that it’s hard to ignore. The ease of implementing and managing all virtual machines securely and reliably through one host, lends itself mostly this new technology model.

Administrators will also benefit greatly, as there would be an orderly Virtual system which is straightforward to monitor and secure. Staff are able to have the flexibility to work from home. With a VDI being considerably economical, this makes it a highly viable solution for small to large businesses.  The leading virtualization vendors to consider include Citrix, VMware and Microsoft.

For more ways virtualization can help secure and streamline your technology, contact your local IT professionals.

Read More
1 2