Network Security in the Era of the Millennials

Wazzup Pilipinas!

One of the toughest gigs in IT is the job of keeping an organization’s network safe. It is also one that is getting tougher with the rise of the millennial generation.

Millennials - those in their 20s to mid-30s - are starting to dominate workplaces around the world. More than one-in-three workers in the US are millennials, a 2015 study by Pew Research Center found. And this demographic group will account for half of the global workforce by 2020, according to PwC.

The term “millennial” has many connotations. Among them: They like sharing on social media. They won’t put up with bad user experiences. They want a flexible approach to work. They move on quickly if their expectations are not being met. These characteristics will define the culture of the future workplace. They will also put the current network security regimes of many organizations to a stern test.

Here are three considerations.

1. Social media

To block or not to block? Many organizations have probably considered this question when it comes to their employees’ use of social media in the workplace.

A study by HR software provider CareerBuilder, which polled employers from North America, found that 37% of employers see social media as one of the major productivity killers at the workplace, behind mobile phone and texting (55%), using the Internet (41%), and gossiping (39%). Three in four employers say two or more hours are lost a day in terms of productivity because employees are distracted.

From a network security perspective, social media is a vector for malware and socially engineered attacks. How many links that are shared innocently enough end up bringing users to compromised websites? And even if employees use social channels in a professional way, their friends and contacts are under no such obligation.

It is easy to ban or restrict social media sites at the network level. Static URL filters in Web filtering software can block or monitor specific URLs. The category-filtering feature can block entire groups of websites.

But that doesn’t mean CIOs should start blocking social networks at the workplace.

A better approach is to relook at how network security is being enforced holistically. Having a clear social media policy and training for staff is a good start. For instance, sales staff should be reminded of the security and business risks that might result from checking in their locations at customer sites via social channels like Facebook.

The most important safeguard though, is to have a robust, layered security infrastructure. It is a surer bet than having to rely on employees never erring in their clicks, taps, and swipes with their social media accounts.

2. Know thy security layers

Layered security, whereby different layers of security controls combine to protect data, devices, and people, is widely adopted today. It ensures that when attacks occur at different sources, whether at the network, application, device, or user level, they can be detected and stopped before they spread. It also offers an effective safeguard against different types of threats.

With the changing workplace habits brought on by millennial workers, CIOs should relook at how they are setting up each layer of protection.

Consider, for instance, the use of personal devices in the workplace. According to a McKinsey & Company study, around 80% of enterprises now allow employees to use personal devices to connect to corporate networks. And increasingly, employees expect their IT departments to support their personal devices with access to corporate applications like email and calendar. This trend, termed BYOD (Bring Your Own Device), poses a number of new security threats.

In particular, CIOs should look at bolstering security at the device layer. The first step to take is to shore up the devices themselves through mandating some combination of firewalls, anti-malware software, MDM (mobile device management) solutions, and regular patching. A BYOD culture also puts organizations at risk from having their employees' smart devices hacked because of poor passwords. Having policies and education on strong passwords are musts.

Device types can also be identified so that less secure devices, such as mobile phones, can be restricted from some parts of the network. Sessions should also be secured, such as by preventing users from visiting unsafe websites.

Similarly, defenses of the user layer should also be shored up to mitigate the rising risks of internal threats. This layer is often the trickiest to manage due to the need to balance security and convenience. You can also use a variety of authentication methods to identify network users and allow varying levels of access. Instilling awareness and educating staff are important steps to take.

3. Tackle shadow IT

Shadow IT is a term used to describe the use of applications and services, often cloud based, not sanctioned by the organization. Its uncontrolled nature poses a security threat and governance challenge.

Consider the scenario of employees using their smartphone to open a file. It is likely the phone will make a copy of the file, which could then be sent to an unapproved online storage destination when the phone performs its routine automatic backup. Just like that, your secure corporate data has been moved to an insecure location.

In the same way, the many social collaboration apps favoured by millennials can shift sensitive company information to insecure locations.

Mandating that staff stop using non-sanctioned devices and applications is unlikely to stop their growth in the organization. Frankly, with the ubiquity of smartphones, employees are using social networks and their personal cloud apps whether your policies prevent it or not.

What could be more effective is to educate users, as well as implement technology - such as data encryption, access control, and traffic monitoring - to manage the issue.

From a larger perspective, shadow IT happens when your staff is not happy with the solutions provided by the organization. While CIOs may not be able to prevent staff from seeking out alternative apps for, say, collaboration, they can keep things in check by being attuned to their needs.

Wriiten by Jeff Castillo, Country Manager, Fortinet Philippines

DOH Thanks Everyone for Successful Anti-Firecracker Campaigns

Wazzup Pilipinas!

“We would like to extend our gratitude for the support of other national agencies, the local government, non-government organizations, and the media during the anti-firecracker campaigns. Every year, we see the things that we need to strengthen in order to achieve our goal, and eventually, we do hope that we will attain zero casualties from fireworks/firecrackers during the holidays. The cooperation of local government units to organize public firework displays contributed to success of this campaign” Health Secretary Paulyn Jean Rosell-Ubial expressed.

As of 6:00 AM, January 1, 2017, a total of 350 fireworks-related injuries were recorded by DOH sentinel sites. This is 520 cases (60 %) lower than the five-year (2011-2015) average and 524 (60%) lower compared to the same time period last year. Of the total 350 cases, 348 were from fireworks/firecrackers injuries, and 2 cases of fireworks/firecrackers ingestion.

132 (38%) out of 348 injuries were caused by Piccolo, a prohibited firecracker in the country. Other fireworks causing injuries were from kwitis (44 cases or 13%), luces (19 cases or 5%), and fountain (19 cases or 5%).

Most fireworks-related injuries came from the National Capital Region (NCR) with 211 cases (60%), followed by Western Visayas with 34 cases (10%), and Central Luzon with 29 cases (8%). In NCR, most cases were from Manila with 81 out of 211 cases (38%), 48 cases (23%) were from Quezon City and 23 cases (11%) from Marikina. Majority of cases, are children less than 15 years old (58%).

The Firework/Firecracker related Injuries Surveillance of DOH started last December 21, 2016 and will end in January 5, 2017. Consolidated report of 50 hospitals reporting to DOH nationwide will be disclosed on January 6, 2017.

“Nais naming pakiusapan lalo na ang mga bata na huwag mamulot ng paputok na nagkalat sa kalsada. Siguraduhin din na pumunta sa ospital kung ikaw ay nagkasugat ng dahil sa paputok, maliit man o malaki ang sugat na iyong nakuha, dapat pa rin itong lapatan ng tamang gamot, Ang tetano ay nakamamatay, at ito ay nakukuha sa sugat nananggagaling mula sa paputok” Secretary Ubial added.

The health chief added that it is the responsibility of adults, especially parents or guardians to make sure that after the festivities, their surroundings must be cleaned up immediately so that children will not be tempted to pick-up firecrackers on the streets.

DOH clarified that the Iwas Paputok Campaign will not end in January 2017. It will strengthen its campaign by pushing the approval of the Executive Order to ban individual firecracker use and foster community fireworks instead in local government units, in order to achieve its goal of zero casualties due to firework/firecracker related injuries.

“Ngayong 2017, bigyan natin ng magandang simula ang ating pamilya. Hangad ng DOH na magkaroon tayo ng isang malusog, ligtas at manigong BagongTaon,” Secretary Ubial concluded.

FDA Issues Cease and Desist Order vs Sanofi

Wazzup Pilipinas!

The Philippine Food and Drug Administration (FDA) has issued a Summons with Cease and Desist Order against pharmaceutical giant Sanofi Pasteur Inc. for airing television and radio advertisements of its dengue vaccine, Dengvaxia. The airing of the advertisement is in violation of Administrative Order No. 65 s. 1989, prohibiting advertisement in any form of prescription or ethical drug.

The FDA's Center for Drug Regulation and Research (CDRR) has monitored the airing of the advertising materials on dengue vaccination. It has also reported the unauthorized promotion of dengue vaccine in the malls.

In the Summons issued by FDA last December 13, 2016, Sanofi was directed to cease and desist from disseminating advertisements for Dengvaxia in any form of mass or social media. Sanofi was also directed to stop activities promoting and marketing the vaccine. However, as of December 15, 2016, the company has failed to comply with FDA’s directive to take down the said advertisements.

"Since Sanofi has not complied, we have issued summons directing them to cease and desist from airing the advertisements and Show Cause why they should not be penalized for violating the law." FDA Director General Nela Charade G. Puno said.

Puno added that to ensure immediate compliance, "the FDA already sent letters to TV and Radio Stations directing them not to air the said unauthorized ads."

Puno also said the FDA will monitor compliance by Sanofi and the stations.

"We are looking forward to their cooperation in our mandate to ensure that the public is provided only with the correct information on the food, drugs, cosmetics, and health devices that they use,” Puno pointed out.