This week’s technology news – 5th September 2014

No need to be a Hollywood A-lister before you get concerned about security 
The emergence of intimate images of Hollywood celebs published on a website last week following hacking of their iPhones, was not, Apple confirmed, through weaknesses in Apple’s security.  A group of hackers led a very targeted attack on a select group of celebs to ascertain user names, passwords and easily guessed security questions, in order to change passwords, or use phishing techniques to fool those involved into giving up their Apple IDs and passwords.

This has led Apple CEO Tim Cook to announce this week that they will commence using two-factor authentication as a security measure for accessing iCloud accounts from its mobile devices, coupled with email alerts and push notifications to the user, should someone try to change a password or log in from a new device.  The two factor authentication could involve the user having to type in a short code sent via text message to their phone number as an extra security step before they are given access to their uploads.

Where human weakness is often the way that gives hackers the simplest route to compromising accounts, organisations must ensure they do their utmost to protect data and privacy at all times in the Cloud. Good governance and security policies will create the controls to thwart attempts at penetration. Equally though, educating staff about security measures and increasing understanding about why they are so critical, will increase uptake, confidence and trust, as our reliance on, and expectations around technology, increase as it becomes our closest aide in life and at work.

Amicus ITS has been delivering safe and effective Cloud solutions and Security & Governance consultancy for many years to its customers.  Our latest offering for enterprise is Amicus CSF

Click here to see our security video on Amicus CSF

 

Move over fingerprints – finger vein sign-in is here
Biometric sign-in technology has been around for a while – in theory at least. Despite the technology being available, there has been a distinct lack of biometric sign-in options beyond certain laptops and smart phones. Barclays is taking the lead however in bringing finger vein scanners to business users, letting them verify accounts by a finger scanner, attached to a PC via a USB.

Finger vein technology differs from fingerprint technology in a few key areas: it requires a live finger and cannot be fooled by high quality 2D or 3D print. The device itself is about the size of a tennis ball so although it is fine for plugging in to a laptop, we will not see this incorporated into tablets without a major re-design.

With information and ID more valuable than ever, finding the best way to secure it is a must and making the authentication process user friendly vs current multiple code inputs in banking is likely to win friends.  Further adaptations of biometric sensors for two step authentication in future are anticipated as this rolls out.

As biometric logins become more adopted, universal standards for storing biometric data and sharing between authentication sources will need to be properly governed and utilised. Until then, expect a different device and application to sign in to different services.

 
High priority for cyber security in UK business survey
The latest Information Security Breaches Survey conducted by PwC for the Department for Business Innovation & Skills for 2014 has been published.  The survey spanned 1,125 respondents across all industry sectors in the UK, where one third were IT professionals and the balance being business managers and executives.

The results revealed that whilst cyber threats had affected 81% of businesses, this was a reduction from 2013. Interestingly, the number of individual breaches had risen and the ensuing cost to business had risen.  Indeed 10% of those who had suffered a breach in the last year were so badly damaged by the attack that they had had to change the nature of their business.

Financially, the average cost to a large organisation (250+ employees) from its worst security breach of the year was reported to be £600k -£1.15m and the average cost to a small business (less than 50+ employees) for the same such breach was £65k -£115k.

Malicious software is increasingly the means for such attacks and the focus has shifted back towards large organisations.  With 73% of large organisations having suffered from infection by viruses or malicious software in the past year (up from 59% in 2013), there is a need for intelligent investment in effective solutions and preventative measures.   With large organisations now spending around 11% of their IT budget on security and small businesses spending about 15% of their IT budget, IT Managers and CISO’s need to question what is the best use of spend to maximize protection and to receive guidance.  Only though fresh objective analysis of an organisation’s existing IT infrastructure and defences, can correct assessments, recommendations and the appropriate solutions be put forward for Board approval.

The top four drivers for security expenditure remain the same as in 2013:
•        Protecting customer information
•        Compliance with laws and regulations
•        Protecting reputation
•        Preventing downtime

It should be added that whilst not in the top four across the board, protecting intellectual property is especially important in the technology, consultancy and professional services sectors.

Companies in 2014 are increasingly using remotely hosted services (ie. Cloud computing) as an affordable and easily accessible alternative to internal IT services, with 83% now using Cloud computing services.  Externally hosted websites and email are the most popular services for small businesses at 82% and 70% respectively.  Whilst only 13% of large organisations were using an externally hosted email service, they are more likely to use externally hosted payment, payroll processing, and data storage solutions. The use of Cloud services for data storage has been the biggest growth area for large organisations with a 7% increase from 2013 and an adoption rate for Cloud of around 15%.  Of interest to Managed Service Providers, 52% of organisations with externally hosted services believe these are critical to their business.

As more companies start providing the funds needed for better protection, effective information security and risk management depends on the whole organization buying in to this at every level and through every department, with the support of the Board and/or Executive Team.  However, it is not just about chucking money at IT that will return dividends, for without guidance on where to spend new funds, organisations may find themselves overspending on ineffective solutions, or underspending and making themselves vulnerable for the next year.

 

Working with multiple devices
Having a PC, Tablet and smartphone for work is now the norm for many.  Each device has its strengths and weaknesses, but using the right device for the right time and place, can not only make you more efficient, but work smarter. With their different use-cases you may find you have an App or messaging service on one device but not across all. When you at your desk and you need to fire a message back from an alert on your Tablet, picking it up to tap away your message may seem counter-intuitive with a full-size PC keyboard on your desk.

However, a new device announced this week by Logitech could make the workload for those juggling devices that little bit easier.  Logitech’s new wireless keyboard can connect to all three types of device at the same time, with a simple turndial determining which device you’re typing appears on. Of course you could pick this up and take it into a meeting also.

If the juggling of devices is getting too much, maybe it is worth considering combining two of them. Microsoft’s Surface Pro range combine both PC and tablet into the one device means that not only do you have one less device to charge, but also it is easier in device setup and app maintenance.

How many devices you need and their sizes will vary greatly depending on the type of work you need to get done, when and where. Before your next purchase, businesses should consider how it will help the workforce get the job done and hopefully increase productivity.

Logitech_K480

This week’s technology news from Amicus ITS – Friday 23rd August 2013

Planning for a disaster
Disaster Recovery is blue language to many IT Directors, but prevention and preparation are necessary activities in this technological age. Checks include: could DR infrastructure and your primary datacentre be affected by the same event? Are Recovery Point Objectives and Recovery Time Objectives built into your DR solution? Do key staff have access to the DR documents and processes, should they need to be followed? Can users connect to applications post Event as the networks and primary datacentre are no longer there? So, no matter the size of organisation, companies ignore regular DR policy reviews at their peril.

The importance of software compliance
Software Asset Management (SAM) is an all-important but often forgotten factor in Enterprise. A recent report from Forrester shows that interest in SAM has increased, mainly driven by potential IT cost savings. Many organisations were found to be still paying for software or maintenance agreements for additional licences that were no longer needed. On the other side of the coin, failure to be software compliant can lead to hefty fines, damage to reputation and even imprisonment of Directors. BYOD also introduces new challenges, with employees using personal devices at work these must have corporate compliant software and not just software licenced for personal use. If they are on your network, the software will be picked up and you must be prepared to be audited.

Hacked off about risk? No, not really it would seem
Cyber attacks and mass outages are viewed as a bigger threat to the UK banking sector than the impact of the recession according to a global study by KPMG. 71% of companies may be using outdated versions of Microsoft and Adobe the study found. Hackers are now targeting cloud based servers with multi-faceted automation, and malware targeting the Google mobile Android OS is appearing to try and get around two factor authentication. With a 12% increase in online fraud and 6 of the major US banks suffering website outages in 2012 (plus the historic RBS/Natwest UK bank meltdown in Summer 2012), financial losses and interruption from computer bugs should make security a top priority for banks and all enterprise businesses.

Breaking the smart phone mould
We recently asked who will be next in shaking things up from the now standard smart phone design. Samsung is the first to answer our cry and is bringing something new to the table. The Samsung Galaxy Golden when closed, looks like the modern all-screen smart phone, however it can be flipped open to reveal a classic T9 numeric pad with another screen behind the first. It seems Samsung is trying to use the Galaxy Golden as a bridge device, attracting users who are still holding onto their flip phones, but could later be swayed into buying an all-touch device, after using the touchscreen on the Galaxy Golden in its closed position. Important or not in terms of market penetration, it does not drive forward design for the tech enthusiasts. It seems we still have some time to wait until we see the next step in smart phone evolution.

GalaxyGolden