No need to be a Hollywood A-lister before you get concerned about security
The emergence of intimate images of Hollywood celebs published on a website last week following hacking of their iPhones, was not, Apple confirmed, through weaknesses in Apple’s security. A group of hackers led a very targeted attack on a select group of celebs to ascertain user names, passwords and easily guessed security questions, in order to change passwords, or use phishing techniques to fool those involved into giving up their Apple IDs and passwords.
This has led Apple CEO Tim Cook to announce this week that they will commence using two-factor authentication as a security measure for accessing iCloud accounts from its mobile devices, coupled with email alerts and push notifications to the user, should someone try to change a password or log in from a new device. The two factor authentication could involve the user having to type in a short code sent via text message to their phone number as an extra security step before they are given access to their uploads.
Where human weakness is often the way that gives hackers the simplest route to compromising accounts, organisations must ensure they do their utmost to protect data and privacy at all times in the Cloud. Good governance and security policies will create the controls to thwart attempts at penetration. Equally though, educating staff about security measures and increasing understanding about why they are so critical, will increase uptake, confidence and trust, as our reliance on, and expectations around technology, increase as it becomes our closest aide in life and at work.
Amicus ITS has been delivering safe and effective Cloud solutions and Security & Governance consultancy for many years to its customers. Our latest offering for enterprise is Amicus CSF
Move over fingerprints – finger vein sign-in is here
Biometric sign-in technology has been around for a while – in theory at least. Despite the technology being available, there has been a distinct lack of biometric sign-in options beyond certain laptops and smart phones. Barclays is taking the lead however in bringing finger vein scanners to business users, letting them verify accounts by a finger scanner, attached to a PC via a USB.
Finger vein technology differs from fingerprint technology in a few key areas: it requires a live finger and cannot be fooled by high quality 2D or 3D print. The device itself is about the size of a tennis ball so although it is fine for plugging in to a laptop, we will not see this incorporated into tablets without a major re-design.
With information and ID more valuable than ever, finding the best way to secure it is a must and making the authentication process user friendly vs current multiple code inputs in banking is likely to win friends. Further adaptations of biometric sensors for two step authentication in future are anticipated as this rolls out.
As biometric logins become more adopted, universal standards for storing biometric data and sharing between authentication sources will need to be properly governed and utilised. Until then, expect a different device and application to sign in to different services.
High priority for cyber security in UK business survey
The latest Information Security Breaches Survey conducted by PwC for the Department for Business Innovation & Skills for 2014 has been published. The survey spanned 1,125 respondents across all industry sectors in the UK, where one third were IT professionals and the balance being business managers and executives.
The results revealed that whilst cyber threats had affected 81% of businesses, this was a reduction from 2013. Interestingly, the number of individual breaches had risen and the ensuing cost to business had risen. Indeed 10% of those who had suffered a breach in the last year were so badly damaged by the attack that they had had to change the nature of their business.
Financially, the average cost to a large organisation (250+ employees) from its worst security breach of the year was reported to be £600k -£1.15m and the average cost to a small business (less than 50+ employees) for the same such breach was £65k -£115k.
Malicious software is increasingly the means for such attacks and the focus has shifted back towards large organisations. With 73% of large organisations having suffered from infection by viruses or malicious software in the past year (up from 59% in 2013), there is a need for intelligent investment in effective solutions and preventative measures. With large organisations now spending around 11% of their IT budget on security and small businesses spending about 15% of their IT budget, IT Managers and CISO’s need to question what is the best use of spend to maximize protection and to receive guidance. Only though fresh objective analysis of an organisation’s existing IT infrastructure and defences, can correct assessments, recommendations and the appropriate solutions be put forward for Board approval.
The top four drivers for security expenditure remain the same as in 2013:
• Protecting customer information
• Compliance with laws and regulations
• Protecting reputation
• Preventing downtime
It should be added that whilst not in the top four across the board, protecting intellectual property is especially important in the technology, consultancy and professional services sectors.
Companies in 2014 are increasingly using remotely hosted services (ie. Cloud computing) as an affordable and easily accessible alternative to internal IT services, with 83% now using Cloud computing services. Externally hosted websites and email are the most popular services for small businesses at 82% and 70% respectively. Whilst only 13% of large organisations were using an externally hosted email service, they are more likely to use externally hosted payment, payroll processing, and data storage solutions. The use of Cloud services for data storage has been the biggest growth area for large organisations with a 7% increase from 2013 and an adoption rate for Cloud of around 15%. Of interest to Managed Service Providers, 52% of organisations with externally hosted services believe these are critical to their business.
As more companies start providing the funds needed for better protection, effective information security and risk management depends on the whole organization buying in to this at every level and through every department, with the support of the Board and/or Executive Team. However, it is not just about chucking money at IT that will return dividends, for without guidance on where to spend new funds, organisations may find themselves overspending on ineffective solutions, or underspending and making themselves vulnerable for the next year.
Working with multiple devices
Having a PC, Tablet and smartphone for work is now the norm for many. Each device has its strengths and weaknesses, but using the right device for the right time and place, can not only make you more efficient, but work smarter. With their different use-cases you may find you have an App or messaging service on one device but not across all. When you at your desk and you need to fire a message back from an alert on your Tablet, picking it up to tap away your message may seem counter-intuitive with a full-size PC keyboard on your desk.
However, a new device announced this week by Logitech could make the workload for those juggling devices that little bit easier. Logitech’s new wireless keyboard can connect to all three types of device at the same time, with a simple turndial determining which device you’re typing appears on. Of course you could pick this up and take it into a meeting also.
If the juggling of devices is getting too much, maybe it is worth considering combining two of them. Microsoft’s Surface Pro range combine both PC and tablet into the one device means that not only do you have one less device to charge, but also it is easier in device setup and app maintenance.
How many devices you need and their sizes will vary greatly depending on the type of work you need to get done, when and where. Before your next purchase, businesses should consider how it will help the workforce get the job done and hopefully increase productivity.