Blog

December 3rd, 2014

iPad_Dec2_AAs we enter the holiday season, there is a good chance that many iPads will be given as gifts from loved ones and even from companies. While these devices do make great presents, if you receive one but already have your own device, then you will need to know how to authorize it on iTunes. So, if you receive a new iPad to replace an old one this festive season, here's what you need to do.

First, understand what authorizing your device is

When people and Apple experts talk about "authorizing your device", what they really mean is linking it with iTunes and the account you use for this on your computer. Once you do this, you can download already-purchased media and apps onto a new device without having to pay for the content again.

The way iTunes works is that there is usually a limit on how many devices you can download apps and media onto at the same time. Any purchases can be installed on 10 devices or five computers via iTunes at the same time. If, for example, you have an existing iPad for which you have already purchased apps via iTunes, and you receive a new device, you will need to authorize the existing iPad before you are able to download apps onto this new one.

If you have more than 10 devices or five computers authorized and want to add another, you will need to first deauthorize one device. Similarly, if you are giving an iPad away, it is a good idea to make sure it is deauthorized before you give it away or the new user may have access to your iTunes account.

Second, how do you deauthorize an existing device?

This process is actually fairly easy, but you will need to do it from the PC or Mac you use to sync your iPad with iTunes. To do this:
  1. Launch iTunes on a computer that it is installed on and log into the account you use to purchase apps for your devices.
  2. Click on your name. This is located at the top-right of the window. If you see Sign In, click that and log into the account you use on your iPad.
  3. Select Account info from the drop-down menu.
  4. Enter the password for your account.
  5. Scroll down and click on Manage Devices which is under iTunes in the Cloud.
  6. Click Remove beside the device you would like to deauthorize.
  7. Press Done.
When you do this, the apps you've paid for should either be deleted automatically from the device, or become inaccessible the next time the device syncs with iCloud (which is responsible for linking devices in iTunes).

How do you authorize your new device?

If you receive a new device this holiday season, authorizing it is as simple as logging into your Apple account using the username and password you have used in the past to purchase apps and media.

Once this is done, go into the App Store on your new device, log in, if you haven't already done so, and tap on Purchased. You should be taken to a list of all apps and media that you have purchased and which are still available on the App Store. Tapping on any of the apps and then hitting Download will install the selected app on your new device. If you are above the limit of devices on your account, you will see an error message telling you there are too many devices with the app installed. You will then need to deauthorize an older device before proceeding.

If you would like to learn more about your new iPad, or how Apple products can be used in your business, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic iPad
December 3rd, 2014

Security_Dec01_ASpend even a small amount of time looking at the various massive malware threats out there and you will find that security experts are usually able to figure out who developed it, the intended targets, and where it is most prevalent. In early November, news broke about a mystery security threat called Regin that has been around for years, but which experts seem to know comparatively little about. Many business owners are worried about Regin, but should they be?

What exactly is Regin?

What is most interesting about Regin is that a number of security experts seem to not really fully understand it. They know that it exists, they know it is complex, and they know it is one of the most advanced pieces of malware ever created. But, they don't know what exactly it does, or where it comes from.

What we do know is that Internet security firm Symantec is credited with first bringing Regin to public attention, and that it has been around since at least 2008. So far, the company has said it is similar to the Stuxnet virus that was supposedly developed in (or by) the US and used to attack and subvert the Iranian nuclear program.

Regin is known to infect Windows-based computers and at its core is a backdoor trojan style of infection. From detected infections it is looks like the purpose of the malware is not to steal information but to gather intelligence and facilitate other types of attacks.

What makes this malware so powerful and disturbing is that it is much more advanced than other infections. Using various encryption methods it can hide itself extremely well, making it difficult to detect. It can also communicate with the hacker who deployed it in a number of different ways, thus making it a challenge to block or stop. As a result, it is far from easy to actually figure out what exactly this malware is doing and why.

Who has been infected?

According to various security experts we have been able to compile a list of companies and organizations that have been targeted to date. These include:
  • Telecommunications companies
  • Government institutions
  • Financial companies
  • Research companies
  • Individuals and companies involved in crypto-graphical and mathematical research
At the time of this article, no known attacks have been carried out against companies in the US, Canada, or the UK. The main countries targeted so far have been Russia and Saudi Arabia, along with a smaller number of infections in Malaysia, Indonesia, Ireland, and Iran. A total of 10-15 countries have been targeted since the malware was first discovered in 2008.

Is this a big deal for my company?

Just because your company is operating in a country that hasn't been affected thus far, doesn't mean that you aren't at risk of being attacked by this malware in the future. If you operate in any of the industries or sectors listed above, you could still be at risk, especially if you do business with clients in infected regions.

For now, however, it appears that Regin is only infecting larger government bodies and large companies outside of North America and much of Europe, so the chances of you being infected are relatively low. Although as with any threat, this can change at any moment.

What we recommend is that you ensure your antivirus and antimalware solutions are kept up to date and always switched on. You can rest assured that eventually experts will learn more and block this malware from infecting systems. Beyond this, working with an IT partner, like us, who can ensure that your valuable data and systems are secure, is also be a good idea. The same goes with watching what you download and any emails you open. If you don't know or trust the source, don't download any program, open an attachment, or read an email connected to it.

Looking to learn more about the security of your systems? Contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 3rd, 2014

Security_Dec01_ASpend even a small amount of time looking at the various massive malware threats out there and you will find that security experts are usually able to figure out who developed it, the intended targets, and where it is most prevalent. In early November, news broke about a mystery security threat called Reign that has been around for years, but which experts seem to know comparatively little about. Many business owners are worried about Reign, but should they be?

What exactly is Reign?

What is most interesting about Reign is that a number of security experts seem to not really fully understand it. They know that it exists, they know it is complex, and they know it is one of the most advanced pieces of malware ever created. But, they don't know what exactly it does, or where it comes from.

What we do know is that Internet security firm Symantec is credited with first bringing Reign to public attention, and that it has been around since at least 2008. So far, the company has said it is similar to the Stuxnet virus that was supposedly developed in (or by) the US and used to attack and subvert the Iranian nuclear program.

Reign is known to infect Windows-based computers and at its core is a backdoor trojan style of infection. From detected infections it is looks like the purpose of the malware is not to steal information but to gather intelligence and facilitate other types of attacks.

What makes this malware so powerful and disturbing is that it is much more advanced than other infections. Using various encryption methods it can hide itself extremely well, making it difficult to detect. It can also communicate with the hacker who deployed it in a number of different ways, thus making it a challenge to block or stop. As a result, it is far from easy to actually figure out what exactly this malware is doing and why.

Who has been infected?

According to various security experts we have been able to compile a list of companies and organizations that have been targeted to date. These include:
  • Telecommunications companies
  • Government institutions
  • Financial companies
  • Research companies
  • Individuals and companies involved in crypto-graphical and mathematical research
At the time of this article, no known attacks have been carried out against companies in the US, Canada, or the UK. The main countries targeted so far have been Russia and Saudi Arabia, along with a smaller number of infections in Malaysia, Indonesia, Ireland, and Iran. A total of 10-15 countries have been targeted since the malware was first discovered in 2008.

Is this a big deal for my company?

Just because your company is operating in a country that hasn't been affected thus far, doesn't mean that you aren't at risk of being attacked by this malware in the future. If you operate in any of the industries or sectors listed above, you could still be at risk, especially if you do business with clients in infected regions.

For now, however, it appears that Reign is only infecting larger government bodies and large companies outside of North America and much of Europe, so the chances of you being infected are relatively low. Although as with any threat, this can change at any moment.

What we recommend is that you ensure your antivirus and antimalware solutions are kept up to date and always switched on. You can rest assured that eventually experts will learn more and block this malware from infecting systems. Beyond this, working with an IT partner, like us, who can ensure that your valuable data and systems are secure, is also be a good idea. The same goes with watching what you download and any emails you open. If you don't know or trust the source, don't download any program, open an attachment, or read an email connected to it.

Looking to learn more about the security of your systems? Contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
November 25th, 2014

BCP_Nov24_AAs a business owner you must be constantly aware of threats to your business. One of the best ways to mitigate many of these dangers is to develop and implement a Disaster Recovery Plan. In order to help ensure that your business is ready to recover from any disaster, here are five real-world tips that can help see you through.

1. Have a full copy of your data backed up outside of your operating region

Almost every company, regardless of size, has backup measures in place. These backups can be either physical or digital, and are supposed to be carried out on a regular basis. If a disaster strikes, having access to your data can help ensure that you can recover your systems and resume operations in the minimal amount of time.

While backups are great, if you keep your backups in the same area as your main systems, or even if your offsite backups are in the same region, there is a chance that a large disaster, like a flood, or power outage, could also affect these backups too. One of the best solutions is to keep a current backup offsite, and outside of your operating region, with most experts recommending at least 150 miles (250 km) away from your main business area.

How do you achieve this? The best option is to use cloud-backup. Many providers host their backup service at a number of different data centers in various locations, so that should a disaster strike both your business and a nearby data center, your data is still safe at other centers.

2. Realistically test your plan

It can be tempting to simply develop a plan and then test it in a closed environment once or twice a year, make some changes where necessary and then sit back and hope it works. In truth, for any plan to really be effective it needs to be tested in a realistic environment. If this is not carried out then there is a possibility that the plan could fail when activated.

Because disasters come in almost any form and size, you are going to want to first identify as many potential problems as possible. From here, test your recovery plans based on these scenarios and see how effective they are. Be sure to also involve your colleagues and employees, as they too will need to know what to do when disaster strikes and what their role in the recovery of data is.

A good way to look at these tests is to think of them more as practice runs. As with anything, the more your practice the easier and more effective it becomes. In this case, good practice could literally save your business.

3. Update your plan as you update your systems

When you develop a recovery plan, you need to base it on the systems and technology you currently have in your business. However, these systems and devices may not be in use six months, to a year from now, or you may introduce new systems and improvements.

As soon as you make any changes, your existing recovery plan could become obsolete. Therefore, you need to ensure that when you introduce new systems or technology you are also updating the recovery plan to cover and fit with these changes.

4. Create an accessible plan

Many experts agree that having a physical plan that employees can see and access during a disaster is one of the best ways of ensuring that it is actually implemented properly. Therefore, when you develop a Disaster Recovery Plan make sure that all of your employees can access it at any time. This includes during and immediately following a disaster.

Beyond this, you need to make sure that the plan is consistent. If you update the master plan, but fail to update the copies you store in say a public cloud, or at different worksites, this will lead to confusion and even an increased recovery time or complete recovery failure. When you do update your plan, let all parties involved know that it has been updated and remind them where they can find copies of the plan.

5. Don't be the only fully-trained disaster recovery expert in your company

As a business owner or manager it can be easy to try and run everything yourself. Afterall, it is your business and you know exactly how to look after everything, right?. The problem is that if you are the only fully-trained disaster recovery person you are making yourself the weakest link in the plan.
Published with permission from TechAdvisory.org. Source.

November 21st, 2014

Security_Nov17_AIn many western countries we are blessed with a free and open Internet, but in the US there is a battle currently raging over the idea of Net Neutrality. Chances are high that you will have heard this term thrown around by various experts and media outlets. In November, President Obama took a stance on this issue. Here is an overview of Net Neutrality, the stance from The White House, and what this could mean for your company.

What is Net Neutrality?

In order to define Net Neutrality, we should first look at the main idea behind what the Internet is: a free and open medium where individuals can express and house thoughts, ideas, and more. It was founded on one principal, and one principal alone: All information and Internet traffic MUST be treated equally.

This free, open, and fair principle is what we call Net Neutrality. In practice, this idea prevents Internet providers, and even governments, from blocking legal sites with messages they disagree with, and restricting access to services and sites that don't meet their business needs.

What exactly is the issue?

At this time, major telecommunications companies providing Internet access are trying to push legislation through the US court systems that will essentially make it legal for them to throttle Internet speeds; asking other providers to pay fees in order to speed up access to sites and to even block some sites.

There are laws currently in place, set by the FCC (Federal Communications Commission), that prohibit providers from collecting, analyzing, and manipulating user traffic. In other words, according to the FCC, the role of the Internet providers should be to simply ensure traffic and data gets from one end of the network to the other.

Last year, it was uncovered that US telecommunications giant, and Internet Service Provider, Comcast demanded that Netflix pay them millions of dollars or they would limit the Internet speed of Comcast users trying to access the streaming service. Netflix tried to negotiate but the result was that Comcast did indeed cut user speeds. Netflix paid to avoid this from happening again. This act is an obvious breach of the main tenet of Net Neutrality: Equal access for everyone.

Combine this with the January 2014 ruling that the FCC had overstepped its bounds in regards to this topic and the increased lobbying by telecommunications giants against Net Neutrality, and you can quickly come to realize that the Internet as we know it is under threat.

How will this affect my business?

If nothing is done, there is a very high chance that you will be paying higher rates for Internet-based services (because the providers will be asking other companies to pay to guarantee speedy access which will then be passed along to you via higher rates). You may even be forced to use services you don't want to use because they offer better access speeds on your network.

Beyond this, because so many businesses rely on websites and the hosting companies that enable us to access them, there is a very real risk that these hosts may have access speeds cut. This in turn could mean that it will take more time for some users to access your website and services. Think of how you react when you can't access a website, you probably just search for another similar site which loads easily - now imagine this happening to your site. In other words, you could see a decrease in overall traffic and therefore profits.

What can I do about this?

First off, we highly recommend you visit The White House's site on Net Neutrality, and read the message that President Obama has recently posted there. To sum it up, he believes that Net Neutrality should be protected and the Internet should remain open and free. He has even laid out a plan with four rules that the FCC should enact and enforce:
  • No blocking - Internet providers are not to block access to any legal content.
  • No throttling - Internet providers cannot slow or speed up access speeds based on their preferences.
  • Increased transparency - The FCC is to be more transparent and push providers to follow the Net Neutrality rules.
  • No paid prioritization - There is to be a ban on providers insisting other companies pay to have equal access speeds.
You can bet that this plan will be met by stiff resistance both in government and by the telecommunications companies themselves. The FCC is an independent organization and it is up to them to select whether or not they want to enact President Obama's plan. One thing you can do is to publicly submit your comments to the FCC via this website. Any comments made will be seen by the FCC and are are publicly viewable. In the past, enough public pressure has been able to sway FCC decisions, so share this article and the links in it with everyone you know, asking them to take action as well.

What about other countries?

For now, the Net Neutrality battle is largely US based. The vast majority of Internet traffic starts or at least passes through the US. This means that if the telecommunications providers (many of whom own international subsidiary providers) can limit access to sites in the US it could very quickly become a world issue. Beyond this, other countries often follow laws that the US enacts, so it could only be a matter of time before we see similar bills passed in other countries.

In short, this is a major issue that could see the end of the Internet as we know it. If you would like to learn more about Net Neutrality and how you can help ensure the Internet remains free and open, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
November 20th, 2014

Windows_Nov18_AOne of the biggest IT expenses for many small businesses is software. Some companies require thousands of dollars of software, which can quickly compound when you hire new employees. Businesses who have purchased Microsoft software may soon be receiving a letter from the tech giant asking for a systems audit. Here is a quick overview of this letter and what you should do if you receive one.

The Microsoft Software Asset Management Review

Earlier this year, Microsoft announced that they will be sending out tens of thousands of letters to small businesses who have purchased Microsoft software licenses. These letters or emails are focused on checking that you have the right number of licenses for your systems.

This program actually has three audit elements, or emails, that are being sent out to businesses.

  1. Internal self-audit email - This is the most common letter businesses have been receiving. It asks them to verify that they are compliant with Microsoft’s licenses, which is usually done by sending Microsoft the software keys for each license or product purchased. They then compare this to their records.
  2. Software Asset Management (SAM) Engagement - This is a voluntary process where Microsoft sends a Software Asset Management partner to your business to audit your systems and see if you are over or under licensed. For companies who do agree to this, the audit is paid for by Microsoft. The downside is, if you are found to be non-compliant, you will likely face a fairly large bill.
  3. Legal Contract Compliance (LCC) audit email - This audit can be enacted by Microsoft if you put off a SAM or self-audit for an extended period of time. Essentially, this is a legal audit that you must comply with. If you are found to be non-compliant under this audit, you could face stiff legal penalties.

What happens if I receive one of these emails?

Should you receive one of these emails, you will be asked to carry out the audit by a set date. Most of the emails contain a spreadsheet that you will need to put your license information into. This can take time because you will likely need to physically check every machine using Microsoft software for relevant information.

Auditors who come to your business will ask you for network and server access and any other form of information they think they can ask for.

Should you be found to be non-compliant or under-licensed, you will likely then be presented with a bill for the extra licenses. If you happen to be highly under-licensed, this bill could be quite large.

What should I do if I am worried about this audit?

An audit like this could be time consuming, costly, and above all is frustrating for any business owner or manager. What we recommend is working with us. We can help ensure that your business is using appropriate licenses and, should you face a request to do an audit, we can help you through the entire process.

So, contact us today to ensure that your business is compliant.

Published with permission from TechAdvisory.org. Source.
November 20th, 2014

AndroidPhone_Nov17_AFor many business owners with Android devices, Google's Calendar app is one of the most useful to have installed. With the update to Android 5.0, the company has also been updating their apps to make them not only look better, but more useful too. This has led to a new version of Calendar being launched with some great new features.

The idea behind the new Google Calendar

According to Google, the new Calendar app has been designed to truly help make lives easier. With the older version of Calendar, you have to take time to copy and paste information like location, phone numbers, and details into each event. This leads many users to simply skip adding important information when they create new events on their mobile devices.

With the latest version of Google Calendar, Google aims to make the creation of events and addition of information far easier. To do this, the new app has some useful features including:

Events pulled from Gmail

These days, when you book a flight or confirm a meeting, etc. you usually receive an email with a confirmation number and some contact information. In the new Calendar, events like this will be pulled automatically from Gmail emails and added to Calendar, along with relevant information.

For example, if you book a flight to attend a conference, you will see a new Calendar entry added with the flight information. Beyond this, events will be updated in real time, so if there is a delay with the event or you are sent an email update, Calendar will update this information on your calendar.

Assists

This new feature allows you to quickly and easily create group events. Now, when you create a new event and begin to type in information Calendar will make suggestions based on what you are typing.

For example, if you want to set a meeting with John at Starbucks around the corner you can start typing: 'Meet' and Google will come up with a list of suggested events. Tap Meeting from the drop-down menu and this will pop up in the text box. The drop-down menu changes to allow you to select more options, such as With. Tap this and enter the first letter of a name, and then select who to invite. The drop-down menu will change again and allow you to select a location by simply typing a few letters.

From the demo we have seen, this works quite well and definitely speeds up the creation of events.

Schedule View

This is a new view that has been designed to provide you with an in-depth view of the events you have scheduled. According to the Google blog, this view, "includes photos and maps of the places you’re going, cityscapes of travel destinations, and illustrations of everyday events like dinner, drinks, and yoga."

Essentially, this view makes it easier for you to see what is going on at a quick glance. Many mobile users find Schedule View particularly useful as they don't have to navigate their main calendar which can be tricky to read when you have a wealth of events planned.

How do I get the latest Google Calendar?

As of the writing of this article, the app is available on the Google Play store for all Android devices running Android 4.1. You should be able to get the app by updating the existing Google Calendar app. If you don't have the app, you can find it by searching for Google Calendar from the Google Play Store app.

If you are interested in learning more about Android, contact us today to see how our systems and experts can benefit your business too.

Published with permission from TechAdvisory.org. Source.

November 19th, 2014

Windows_Nov17_AEarlier this year, the SSL (Secure Sockets Layer) bug Heartbleed caused quite a stir when it was discovered. While the majority of systems affected by this bug have been patched, and are now secure from it, news has recently broke of a similar bug affecting Microsoft Windows Servers. If you use Microsoft Servers in your office, this is something you need to be aware of.

The new security problem

On November 11, 2014 Microsoft released a patch for nearly all versions of Microsoft Server, along with patch notes that included the reason why the patch was released. In short, it was released to plug a security gap that the company calls Schannel Remote Code Execution Vulnerability.

This cryptically-named vulnerability essentially allows hackers remote code access by sending specific packets of data to a server. Data packets are made up of basic units of data communication combined in order to send data over a network.

Hackers can structure certain data into packets then breach a bug in Microsoft Server software, potentially allowing a hacker full remote access to that server and the ability to execute whatever code they so choose, including giving themselves full access to the systems and data hosted on your server.

This bug is particularly destructive because it affects the Schannel library on servers, which is responsible for encryption and authentication in Windows.

What versions of Windows server are affected by this bug?

This bug can potentially be found on nearly every version of Windows and Windows Server currently in use by companies, including:
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows 8/8.1
  • Windows Server 2012/2012 R2
  • Windows RT/RT 8.1
In other words, pretty much any business using Windows and Windows Server is at risk.

What should we do?

While this appears to be a big issue, and in truth it is, Microsoft has noted that they are unaware of anyone actually exploiting this bug as of the writing of this article. The company has also released a patch - MS14-066 that is supposed to fix the problem.

Therefore, the best action you can take is to update all of your systems running Windows. While it primarily affects servers, this could become a widespread issue if systems are not updated. What we recommend is contacting us as soon as possible. We can help ensure that all of your systems are updated and protected from this bug.

If you would like to learn more about Windows and how you can keep your systems secure, please do call us today.

Published with permission from TechAdvisory.org. Source.

November 19th, 2014

SocialMedia_Nov17_AMany business owners looking to launch, or expand their social media presence, quickly find out that only interacting with one platform is not the best strategy. Instead, they branch out, join all the major platforms and quickly find that each is vastly different and can be a challenge to master. For those using Twitter, here are 10 best practices that can help you get the most out of it.

  1. Keep posts on the shorter side - This may seem ridiculous, after all there are only 140 characters allowed per tweet, but keeping tweets short allows users to add their own comments and ideas when they retweet. Try keeping your tweets below 100 characters.
  2. Twitter is not about promotion - Studies have proven that tweets that promote a company or product don't usually do as well as messages that are more conversational in nature. If you want to ensure maximum interaction, aim for a mixture of tweets that consists of about 80% conversational and 20% promotional.
  3. Know what time to tweet - Each market is different, so take the time to research tweeting habits. If you see that the majority of your target audience is active during after-work hours, then it would make sense to tweet when they are more likely to be online. Remember, many Twitter users are connecting via their mobile devices, so you are probably better off tweeting during lunch hours, as well as pre- and post-work.
  4. Know what days to tweet - Much like knowing what time to tweet, it is a good idea to also know which days are best to tweet in order to maximize engagement. For example, if you are trying to interact more with other businesses (B2B) then it is best to tweet on days when the companies are open and an owner or manager is more likely to be looking at business systems and social accounts. Customers, however, are usually more receptive to messages on days when they aren't working e.g., Saturday and Sunday.
  5. Use hashtags - Hashtags in Twitter allow for categorization and make tweets searchable. For example, if you use the hashtag #fresh in a tweet and then search for 'fresh' on Twitter, you should see similar posts using the same hashtag.
  6. Use hashtags sparingly - There is a common trend in social media to use hashtags for nearly every word. This makes posts difficult to read and usually leads to people not sharing or retweeting your content. Instead, try to work one to three hashtag, at most, into your tweets naturally.
  7. Realize Twitter moves fast - The average trend on Twitter lasts about one hour, to one day. So, if you see a trend developing or beginning, act quick to join the conversation. Posting after the trend has faded will usually lead to tweets being ignored.
  8. Don't act on every trend - Trends come and go so quickly on Twitter that it can be tempting to try to jump on each one, or as many as possible, in order to get your message out to as many people as possible. However, not every style and subject will be relevant to your business. By shoehorning content to fit trends you could come across as insincere and lose interest from followers.
  9. Watch who you follow - Following people is one of the quickest ways to grow your own follower base - usually because users will follow those who follow them. But, when it come to business, you want to be sure to follow users who are relevant. For example, follow your customers, strategic partners, and even competitors. Following Twitter users who aren't relevant to your business is not going to get your messages read by the right people.
  10. Keep an eye on Twitter - In order to effectively spot trends and see what your target market is saying, it is worthwhile to use a program like Tweetdeck, which allows you to see all tweets, track hashtags, topics, and more.
If you would like to learn more about using Twitter in your business, contact us today to see how our services and solutions can boost your social media presence.
Published with permission from TechAdvisory.org. Source.

Topic Social Media
November 18th, 2014

We live in a world where information equals power. With the influx of online file-sharing solutions, distributing information has become easier than ever. As a result, it is now easier for information to fall into the wrong hands, intentionally or unintentionally.

Bring-your-own-device (BYOD) policies and an increasingly mobile workforce are putting new pressures on IT and changing the requirements for how workers want (and need) to access corporate data. With over 200 million users, Dropbox has become the predominant leader for mobile file access. Unfortunately, what works for family pictures is not appropriate with corporate data files. In most cases, Dropbox quick to install, easy-to-use, consumer services present unacceptable security, legal and business risk in a business environment.

Here are 6 Risks of Dropbox to your corporate data:

  1. Data theft. Most of the problems with Dropbox emanate from a lack of oversight. Business owners are not privy to when an instance of Dropbox is installed, and are unable to control which employee devices can or cannot sync with a corporate PC. Use of Dropbox can open the door to confidential and/or proprietary company data being synced (without approval) across personal devices. These personal devices, which accompany employees on public transit, at coffee shops, and with friends, exponentially increase the chance of data being stolen or shared with the wrong parties.
  2. Data loss. Lacking visibility over the movement of corporate files or file versions across end-points, Dropbox can improperly backup (or not backup at all) files that were modified on an employee device. If an end-point is compromised or lost, this lack of visibility can result in the inability to restore the most current version of a file – or any version for that matter.
  3. Corrupted data. In a study by CERN (one of the world’s largest and most respected centers for scientific research), silent data corruption was observed in 1 out of every 1500 files. While many businesses trust their cloud solution providers to make sure that stored data maintains its integrity year after year, most consumer file sync services do not implement data integrity assurance systems to guarantee end-to-end data integrity of the data, guarding against silent data corruption that has been shown to be common in large-scale storage systems.
  4. Law suits. Dropbox gives carte blanche power to employees over the ability to permanently delete and share files. This can result in the permanent loss of critical business documents as well as the sharing of confidential information that can break privacy agreements in place with clients and third-parties.
  5. Compliance violations. Many compliance policies require that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict control over how long files are kept and who can access them. Since Dropbox has loose (or non-existent) file retention and file access controls, businesses that use Dropbox are risking a compliance violation.
  6. Loss of file access.Dropbox does not track which users and machines touched a file and at which times. This can be a big problems if you are trying to determine the events leading up to a file creation, modification, or deletion.

In conclusion, Dropbox poses many challenges to businesses that care about control and visibility over company data. Allowing employees to utilize Dropbox can lead to massive data leaks and security breaches.

The best way for businesses to handle this is to deploy a company-approved Cloud File Share and Sync application that will allow IT to control the data, yet grants employees the access and functionality they need to be productive. If you would like more information on Cloud File Share and Sync solutions which solve these problems, please contact us at 724-325-2900.