While the Bring Your Own Device (BYOD) is a growing phenomenon among business in various industries, it certainly comes with its own risks. Allowing employees to use their own devices to perform organisational functions results in substantial benefits as workers can access information from anywhere.

This makes up for increased productivity and smooth communication as employees can speak with individuals in entirely different time zones whenever it is convenient.

 If you are struggling to establish and implement a BYOD policy that contributes to your overall success, here are a few tips that can help:

Identify Permitted Devices

While it was quite easy back in the Blackberry days, things are complicated today. There are a number of device choices that range from iOS to Android based phones.

Therefore, it is imperative to specify what you imply with the integration of a BYOD policy. Do you think you should tell employees to bring Android tabs but not iPhone?

Make sure you let employees know which devices they can bring in addition to the organisation-issued devices you continue to use.

Establish Strict Security Policies

A prominent number of smartphone users avoid keeping their devices locked. They see locks as hurdles to easy access to their device. This can particularly be problematic when you have too much of sensitive information accessible through employees’ devices.

If your employees wish to make use of their own devices with the corporate systems, make sure they accept a complicated password. The password should be lengthy and alphanumeric in nature. You simply can’t settle with a four-digit pin code.

Specify Which Apps Are Allowed And Those That Are Prohibited

This rule should apply to all devices connected to your environment, personal or corporate. Some of the most significant considerations should include replacement email applications, social media browsing apps along with VPNs.

Address questions like:

·         Should you allow users to install and download apps that come with serious security risks?

·         Do the commonly used apps have security holes in their integration?

·         What if an app enables spammers to gain access to mail through your company?

Specify Your Employee Exit Approach

Having a BYOD policy is not all about personal device use within the organization.

What happens to those devices and data within when the employees leave? How would you ensure that removal of email, access tokens, and other sensitive information?

The trouble is, ensuring this is not as simple as having the employees return the corporate issued devices. Implement an ‘exit wipe’ to the devices and make sure your rights to enforce this wipe are clearly communicated to exiting employees.

Are you looking for mobile app security testing or a penetration testing provider who can help you implement the perfect BYOD policy in your organisation? Look no further.

At Lean Security, we can provide actionable insight to implement a successful BYOD policy that actually works for you. Give us a call at +61 (0) 2 8231 6635 to learn more.

Although mobile applications provide users with easier ways to gain access to critical information on the go, these apps can quickly turn into a nightmare, in cases of breaches.

In order to provide immediate access to financial data for users, apps need to be balanced perfectly between convenience and security. When considering financial mobile apps for your financial institution, make sure you follow these tips to remain safe:

#1-Protect Sensitive Data

Most financial applications either use a person’s bank account details or card numbers to establish identity.

This data is constantly transmitted over the internet to conduct transactions. There should absolutely be no reason to store this data on the device or send it over the wire. Applications should always make use of a different key for identifying a user account.

#2-Passcode Access

A prominent number of smartphone users will turn off the PIN access to the device if they have enabled security for the device itself. It is important to have the financial application check if the user ever turns of the password for their device. If they do so, the user should automatically be prompted to turn it back on.

It is also important to constantly re-evaluate users when they are conducting money transfers, paying bills, or making peer to peer payments. Doing this will not necessarily slow down the user experience, but will work as confirmation for the action to be implemented. If the applications notices any suspicious activity from the Web services side, it should push an additional question to the user before the action can be completed.

#3-Data Services Access

All data should be requested over a SSL to enhance encrypted communication. This SSL certificate should at least be of 256-bit encryption strength. Furthermore, the native application client should utilize OAuth, which allows applications to connect to data services without having to store username and password. This way the sending of credentials is kept to a minimum.

#4-Images Of Checks

Check images consist of all user data like account numbers, routing numbers and billing addresses. Encryption of large images on a device is slow compared to text data. It is highly recommended that images of checks that are stored for remote deposit capture should be forwarded to the server immediately after being taken. The check image should never be cached or stored in the device to be retrieved later.

These basic practices are the heart of what we do at Lean Security to make sure your mobile and web applications stay safe.

Get in touch with us at +61 (0) 2 8231 6635 or drop us an email at info@leansecurity.com.au to learn more about our security testing services.

Security experts at Lean Security categorize companies in Australia into two types: those that have been hacked and know about it and those who’ve been hacked but don’t know about it. So, how will you know if your company’s website has been hacked?

Following are the ways Lean Security, the number one WAF managed service shares;

Ø  Your website gets defaced

Ø  The website redirects to a site that’s ‘unsavoury’ such as a porn site

Ø  You get a notification that the site is compromised from either Bing or Google

Ø  Your web browser (Firefox or Chrome) will indicate the compromised state of your site

Ø  You notice unexplained big spikes in traffic (from other countries) and other signs of strange traffic in the web logs of your site

What Do You Do?

The first thing to do after finding out that your company’s website has been hacked is to remain calm. You won’t be able to do damage control in a frazzled and worried state. The next thing to do is: 

Call In Your Support Team

If you’re a small business, chances are that you won’t have the right technical expertise on board. The best option in this case is to hire the expertise of a support team, one that’s ideally an expert in the technical aspects of internet security, as well as familiar with the configuration of your site such as your managed security service provider.

Pull Together Important Information

You’ll have to gather the information that’s helpful to support team, so be prepared to provide the following:

Ø  Hosting Login Information

Ø  CMS Login Information

Ø  Your Site’s Web Logs

Ø  FTP/ SFTP Access Credentials

Ø  Backups

Take Your Website Offline

The site will have to be temporarily shut down while the support team is running a web application testing and assessment. This is normally done through the hosting control panel. You can also protect the main directory (where the website resides) with a password in order to block users from having access to the site while it’s being fixed.

Scan Local Computers for Viruses and Malware

This is a very important step which can also be carried out by your managed hosting provider. Have the support team scan all your local computers with the help of anti-virus software to make sure there isn’t any malware, spyware, or Trojans in the network. Also make sure the anti-virus software that you use is up to date before scanning the computers.

Just because there’re million others to prey on, doesn’t make your business website secure. It’s always a good idea to be prepared for the possibility of such an event.. After all, it’s better to be safe than sorry. Conduct a free assessment of your website’s security by Lean Security today.   

If you aren’t worried about the cyber security of your business, you should be. Cyber crime has increased exponentially this year, in Australia and neighbouring New Zealand. Security experts gathered round and came up with all the security risks that businesses in the country need to look out for, as these attacks aren’t only increasing in numbers, but in sophistication as well.

This is why businesses are forever on the lookout for ways of boosting their network infrastructure security that’ll help mitigate risks and prevent the exposure and/or theft of sensitive information. The security experts at Lean Security provide the following protective measures that businesses can take to secure their networks.   

Exploit the Latest Technological Innovations

Businesses need to stay informed regarding the latest internet technology related developments as well as invest in them. Such technological developments and software are quite capable of combating and preventing cybercrime, as well as protecting the privacy of users and helping secure their computers and mobile applications. The 6 D’s of Cyber Security should be used when planning defences that would fight against current and future threats.

Prepare, Implement and Communicate a Strict Security Policy

IT environments today aren’t just made of end user workstations connected to servers, as now mobile devices, BYOD, cloud storage and remote workstations are also a large part of these environments. Businesses can no longer protect their IT configurations by simple segregation of the network; hence, they should employ another way to protect it.

The same guideline should be followed as that for users working in the office environment and on the same software, devices, etc. There should be made rules for strong passwords, for e-mailing or file downloads, and for using connection methods (Bluetooth, hotspots, wireless) and peripherals so as to prevent the chaos that usually follows in managing an entire IT infrastructure.  

Employ Intelligence Tools and Engage In Proactive Cyber-Security

Businesses need to be more proactive when it comes to web application security and must be able to recognize the signs even with zero indication of malfeasance.

Businesses can become more proactive by:

v  Identifying the security control gaps found through self web and mobile security assessment.

v  Pinpointing the exact vulnerabilities that the IT environment is plagued by.

v  Examining how much prepared the company is against cyber- attacks.

v  Coming up with incident response and effective threat detection methods.

v  Thoroughly reviewing the cyber risk management practiced.

v  Highlighting the appropriate cyber security controls.

Of course, today small to mid ranged businesses and even enterprises don’t place their entire focus on the working IT department (and sometimes don’t even have one in place). For them, a much better and less costly option is to hire professional managed security services as they have the latest software and tools necessary to implement any security measure within web applications. Take a free assessment of your web applications by Lean Security today!