No More Passwords: Could Passwords Become Extinct?

Security,
23
Feb 2016

No more passwords

We’re all used to creating and remember passwords when working with sensitive data, but could Google make the password a thing of the past?

Passwords are essential when it comes to working with PCs due to the amount of confidential data that they may contain and process. When it comes to business usage, it’s likely that you’re going to need several different passwords to access all your software and hardware needs.

Google, keen as ever to re-invent the digital wheel, has decided that perhaps it’s time to approach data security in a different manner. That’s why they’re trying to implement smartphones as the key factor in accessing data.

Let’s take a look at why Google are doing this and how they plan to achieve it.

The Problems with Passwords

Facebook-Password-Sniper-v1.2-Hack

You’re probably well aware that passwords are inconvenient. After all, the number of passwords you need to use on your PC at work can become disorientating, so it’s no surprise when you forget them. As a result you’ll tap in a couple of guesses and find yourself locked out. It’s then down to your IT team to manually reset your password.

Aside from this inconvenience, though, there are a number of reasons why passwords are not the best way of securing data:

  • Many users use the same password for all their accounts to avoid having to remember numerous passwords. It’s a nice, quick solution but if their password is hijacked then it compromises all their accounts
  • Hackers are able to use spyware and keystroke loggers to easily steal users passwords without them knowing
  • Password reset questions are often very easy to guess, so this offers an easy route into your systems for hackers

There are obviously problems with relying on the humble password, so how are Google going to take security to a new level?

No More Passwords

gmail-password-forgot

Google plans to eliminate the need for passwords to access your Google account by tapping into the modern obsession with smartphones.

Here’s how it’s going to work:

  1. You’ll head over to the Google sign in page and enter your email address as per normal.
  2. At this point your smartphone will receive a notification message asking you to confirm your login.
  3. Once you authorize this – with one tap of the “YES” button – your device (be it PC, tablet or smartphone) will be given access to your Google account.

And don’t worry if your smartphone has run out of battery or you’ve lost it. You’ll still have the option to use your password to login to your Google account.

What Does This Mean for Your Business?

Google’s vision paints an interesting future for your business and the way in which you protect your computer systems. It also highlights the lack of security behind passwords and how you need to ensure that your business is well protected from the threat of hackers.

If Google’s trial is successful then it’s likely that we’ll see this new approach to security filtering into the business world fairly quickly. And not only will it protect your data’s security, it will also reduce the amount of man hours spent resetting passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Important is Cloud Security for Small Businesses?

Security,
09
Feb 2016

Cloud Computing

Cloud computing allows you to run programs and store data on the internet and is a world away from the traditional method of physical installs and servers.

It offers flexibility, enhances collaboration and reduces overheads, but many businesses are wary of cloud computing. Sure, it’s a new way of doing things, so this is always going to induce a little anxiety. However, there have also been numerous headlines about the cloud’s security which has raised concerns.

To try and sort the myths from the facts, We’re going to take you through the security aspects of cloud computing.

Cloud Security Breaches are Big News

We’ve all heard a scare story about the cloud becoming breached and the most famous of these is probably ‘The Fappening’ which saw Apple’s iCloud breached to obtain personal photos of celebrities.

The Fappening, naturally, was distressing for those celebrities involved, but also brought to the public’s attention that maybe data isn’t that secure up in the cloud. Matters haven’t been helped by similar concerns being raised such as the possibility that stealing millions of Apple iCloud passwords can be achieved with a simple phishing email.

However, there are always going to be hackers, so is it fair to label cloud computing as a proposition which is too risky? Or is it just a simple case of monitoring the cloud’s security as you would any other type of network?

A Secure Provider is Essential

cloud_swiss_army_knife_nobg

With cloud computing being a relatively new phenomenon it’s not a surprise that there’s a little ambiguity over whom exactly is responsible for what. Cloud vendors are more than happy to provide you with the infrastructure to start cloud computing, but the levels of security are going to vary between providers.

Many cloud vendors may expect your in-house IT team to take on at least some of the responsibility for your cloud network. The problem is, though, that cloud computing is such a new form of networking that most in house IT teams simply don’t have the necessary knowledge to secure their cloud effectively.

Therefore, with the threat landscape ever expanding, it’s important that you identify a cloud vendor who can provide a fully experienced team of personnel to monitor the cloud’s security. The costs, obviously, will increase, but for the peace of mind it brings, it’s relatively small change.

Increasing Your Cloud Security In-House

cloud_security

Now, I know that I just said it’s not a good idea to take on cloud security yourself, but there are certainly ways you can help maximize it at your end!

Remember that your whole network can become compromised by the smallest mistake. This is why it’s essential that you take the following steps:

  • Remind staff of the importance of choosing strong passwords. I always feel that it’s a good idea to insist on the need for a number, symbol and uppercase letter in a password. It may mean that they’re harder to remember, but it also means they’re harder to guess.
  • Increase the level of authentication required for even the most basic applications e.g. instead of just asking for a username or password, follow this up with the need to enter a code sent by SMS to approve access to certain network areas.

Should You Move to the Cloud?

The cloud is, undoubtedly, the future of computing and will prove to be a significant factor in businesses remaining competitive. It’s always difficult to break from the traditional methods of working, especially with security concerns ever present, but as long as you ensure security is tight then it’s the logical step forwards.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Old Server Brings Paris Airport to a Halt

Software,
02
Feb 2016

orly airport

Chaos reigned supreme at Orly airport, Paris recently thanks to a technical fault on an old server running the ancient operating system Windows 3.1.

Yes, you read that correctly, the server was running on Windows 3.1 which is an operating system (OS) launched in 1992 and, as far as we thought, made redundant 20 years ago by Windows 95! It was the ancient nature of this OS which caused so many problems.

Let’s take a look at exactly what happened and the lessons it can teach us on maintaining and upgrading your servers.

All Flights Cancelled

flight-canceled

Pilots and air traffic controllers at Orly airport rely on a computer system called DECOR which helps communicate information about poor weather conditions. As you can imagine, this is crucial for taking off and landing, so it’s a vital piece of software. However, the problem is that DECOR doesn’t run on the lovely new OS Windows 10. Neither does it run on Windows 7. Or even Windows XP.

Instead, it uses the antiquated OS Windows 3.1 which certainly seemed a marvel back in the early 90s, but these days it looks like a dusty relic from the past. And, due to a glitch in DECOR, air traffic controllers were suddenly unable to relay critical runway conditions to their pilots. As a result, all flights were grounded as technicians raced to find a solution.

Outdated Software on Old Server

or6p88

For an airport, having all your flights grounded is an absolute disaster, but Orly airport only has themselves to blame.

Upgrading your software intermittently is very important for the health and security of your servers. By ignoring this practice you run the risk of the following:

  • Loss of knowledge: Alexandre Fiacre – from France’s UNSA-IESSA air traffic controller union – has conceded that they only have three specialists who understand DECOR. One of these is retiring soon and they still haven’t found a replacement. Due to the obsolete nature of Windows 3.1 it’s unlikely any newcomers will have the required knowledge either.
  • Lack of Spares: Outdated servers, naturally, use outdated parts. And this becomes a huge issue when a spare part is required. Many manufacturers these days don’t like to give more than a 10 year lifespan for products, so parts are often made obsolete after this cut off point. And if the parts are no longer available for your server you’re going to face a big problem when they fail.
  • Risk of Hacking: The lack of interest in an old piece of software such as DECOR means that the creation of any security upgrades and patches would have ceased a long time ago. This opens up the software to potential hacking incidents where the client will be left defenseless.

How to Avoid An Orly Airport Incident At Your Business

The simplest way to ensure your servers can be maintained efficiently is to upgrade them every couple of years. Sure, this has financial ramifications, but is less disruptive and embarrassing than having to temporarily close your business.

France’s transport minister has promised to upgrade the Orly’s software by 2017, but in our opinion that’s too late. It should have been upgraded in 1997!

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More