How Important is Cloud Security for Small Businesses?

Security,
09
Feb 2016

Cloud Computing

Cloud computing allows you to run programs and store data on the internet and is a world away from the traditional method of physical installs and servers.

It offers flexibility, enhances collaboration and reduces overheads, but many businesses are wary of cloud computing. Sure, it’s a new way of doing things, so this is always going to induce a little anxiety. However, there have also been numerous headlines about the cloud’s security which has raised concerns.

To try and sort the myths from the facts, We’re going to take you through the security aspects of cloud computing.

Cloud Security Breaches are Big News

We’ve all heard a scare story about the cloud becoming breached and the most famous of these is probably ‘The Fappening’ which saw Apple’s iCloud breached to obtain personal photos of celebrities.

The Fappening, naturally, was distressing for those celebrities involved, but also brought to the public’s attention that maybe data isn’t that secure up in the cloud. Matters haven’t been helped by similar concerns being raised such as the possibility that stealing millions of Apple iCloud passwords can be achieved with a simple phishing email.

However, there are always going to be hackers, so is it fair to label cloud computing as a proposition which is too risky? Or is it just a simple case of monitoring the cloud’s security as you would any other type of network?

A Secure Provider is Essential

cloud_swiss_army_knife_nobg

With cloud computing being a relatively new phenomenon it’s not a surprise that there’s a little ambiguity over whom exactly is responsible for what. Cloud vendors are more than happy to provide you with the infrastructure to start cloud computing, but the levels of security are going to vary between providers.

Many cloud vendors may expect your in-house IT team to take on at least some of the responsibility for your cloud network. The problem is, though, that cloud computing is such a new form of networking that most in house IT teams simply don’t have the necessary knowledge to secure their cloud effectively.

Therefore, with the threat landscape ever expanding, it’s important that you identify a cloud vendor who can provide a fully experienced team of personnel to monitor the cloud’s security. The costs, obviously, will increase, but for the peace of mind it brings, it’s relatively small change.

Increasing Your Cloud Security In-House

cloud_security

Now, I know that I just said it’s not a good idea to take on cloud security yourself, but there are certainly ways you can help maximize it at your end!

Remember that your whole network can become compromised by the smallest mistake. This is why it’s essential that you take the following steps:

  • Remind staff of the importance of choosing strong passwords. I always feel that it’s a good idea to insist on the need for a number, symbol and uppercase letter in a password. It may mean that they’re harder to remember, but it also means they’re harder to guess.
  • Increase the level of authentication required for even the most basic applications e.g. instead of just asking for a username or password, follow this up with the need to enter a code sent by SMS to approve access to certain network areas.

Should You Move to the Cloud?

The cloud is, undoubtedly, the future of computing and will prove to be a significant factor in businesses remaining competitive. It’s always difficult to break from the traditional methods of working, especially with security concerns ever present, but as long as you ensure security is tight then it’s the logical step forwards.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Old Server Brings Paris Airport to a Halt

Software,
02
Feb 2016

orly airport

Chaos reigned supreme at Orly airport, Paris recently thanks to a technical fault on an old server running the ancient operating system Windows 3.1.

Yes, you read that correctly, the server was running on Windows 3.1 which is an operating system (OS) launched in 1992 and, as far as we thought, made redundant 20 years ago by Windows 95! It was the ancient nature of this OS which caused so many problems.

Let’s take a look at exactly what happened and the lessons it can teach us on maintaining and upgrading your servers.

All Flights Cancelled

flight-canceled

Pilots and air traffic controllers at Orly airport rely on a computer system called DECOR which helps communicate information about poor weather conditions. As you can imagine, this is crucial for taking off and landing, so it’s a vital piece of software. However, the problem is that DECOR doesn’t run on the lovely new OS Windows 10. Neither does it run on Windows 7. Or even Windows XP.

Instead, it uses the antiquated OS Windows 3.1 which certainly seemed a marvel back in the early 90s, but these days it looks like a dusty relic from the past. And, due to a glitch in DECOR, air traffic controllers were suddenly unable to relay critical runway conditions to their pilots. As a result, all flights were grounded as technicians raced to find a solution.

Outdated Software on Old Server

or6p88

For an airport, having all your flights grounded is an absolute disaster, but Orly airport only has themselves to blame.

Upgrading your software intermittently is very important for the health and security of your servers. By ignoring this practice you run the risk of the following:

  • Loss of knowledge: Alexandre Fiacre – from France’s UNSA-IESSA air traffic controller union – has conceded that they only have three specialists who understand DECOR. One of these is retiring soon and they still haven’t found a replacement. Due to the obsolete nature of Windows 3.1 it’s unlikely any newcomers will have the required knowledge either.
  • Lack of Spares: Outdated servers, naturally, use outdated parts. And this becomes a huge issue when a spare part is required. Many manufacturers these days don’t like to give more than a 10 year lifespan for products, so parts are often made obsolete after this cut off point. And if the parts are no longer available for your server you’re going to face a big problem when they fail.
  • Risk of Hacking: The lack of interest in an old piece of software such as DECOR means that the creation of any security upgrades and patches would have ceased a long time ago. This opens up the software to potential hacking incidents where the client will be left defenseless.

How to Avoid An Orly Airport Incident At Your Business

The simplest way to ensure your servers can be maintained efficiently is to upgrade them every couple of years. Sure, this has financial ramifications, but is less disruptive and embarrassing than having to temporarily close your business.

France’s transport minister has promised to upgrade the Orly’s software by 2017, but in our opinion that’s too late. It should have been upgraded in 1997!

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Email Security Tips for Small Businesses

Security,
25
Jan 2016

Email Security

Email security is a crucial focus for your business, but as it offers a gateway into your systems you need to understand how to keep it secure.

If your email security is below standard then you’re opening up your network and sensitive data to the mercy of malicious software e.g. trojan horses, malware and viruses which can really disrupt your business and compromise your data.

No business wants this type of risk bubbling away in the background, so we’re going to take you through 5 essential tips which will ensure your emails are secure.

1. Does It Have to Be Emailed?

There’s a tendency to assume that because email is available it has to be used. And many people feel that, seeing as email servers have plenty of storage, that all those attachments are just fine to be stored there.

However, both these methods ensure that data is readily available should your servers be hacked.

Therefore, if you’ve got a highly important report which contains sensitive data it may be best to seek an alternative delivery method e.g. via courier. And do attachments need to stay on the email server? No, they don’t. They can easily be archived to external hard drives which offer security and plenty of retrieval options.

2. Don’t Access Emails from Public Networks

6_secure_email_iStock

It seems as though everywhere you go these days there’s a public wifi network that you can hop onto in a couple of seconds. This accessibility means you can connect with your emails no matter where you are, so many people take advantage of it.

However, the security of these public networks can never be predicted. Due to their ubiquity they’re also the regular targets of hackers. This means that secure data such as your passwords are at risk and this can grant hackers a foothold in your system.

Sometimes, though, you’re going to need to access your emails on the move, so connecting via a public network will be your only option. To protect against any viable security threats, the best practice is to employ two factor authentication for your email servers to provide extra security.

3. Password Resets

padlock-security-protection-hacking

Employees love to keep their password the same for as long as possible because it means it’s easy to remember. And the easier to remember it is, the less chance there is that they’ll have to go through the hassle of ringing their IT department to reset it.

However, this type of complacency leads to your emails becoming vulnerable as it becomes easier to infiltrate your system over a long period of time.

That’s why we would recommend that your email software forces users to routinely change their password every 4 – 6 weeks. And if emails are entered incorrectly 3 times then make sure that email account is locked straightaway!

4. Filter All Attachments

Malicious content is most likely to enter your business’ network through email attachments, so it’s vital that you set up email filters to protect your business. These filters will help block any suspicious attachments and give you the time to review them before releasing them into your system.

Remember, hackers are becoming increasingly sophisticated and are able to package malicious software into seemingly innocent files e.g. a spreadsheet entitled “Monthly Sales Report” may appear genuine, but something nasty may be lurking in the background.

5. Train Your Staff on Email Security

email security training

Staff, of course, represent the final wall between emails and your servers, so it’s important they receive training on email security.

This should be carried out upon their induction into your company, but it’s also a good idea to regularly email updates around warning of any on-going threats. This knowledge allows them to understand what they should be looking out for and helps keep your email security sage.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
Intel's Knights Landing
Intel's Knights Landing

Intel’s 72 Core Processor: Knights Landing

hardware, , ,
18
Jan 2016

Intel's Knights Landing

Intel is constantly striving to push the capabilities of desktop computers and their 72 core processor promises to deliver amazing performance.

This chip – known as Knights Landing – is part of Intel’s Xeon Phi processor family and will start being shipped with select workstations in early 2016. It’s rumored to be Intel’s most powerful chip yet, so this could be the final step in bringing the power of supercomputers to businesses of all sizes.

As this could make a huge difference in how your business operates, I’m going to take a look at why the Knights Landing chip should be on your radar.

Working with Workstations

X495-8

Almost all businesses have desktop PCs and these are adequate for uses such as word processing, data entry and running general admin tasks. However, the power contained in this hardware is not sufficient for everyone. And that’s where workstations step in.

A workstation may look like a desktop PC, but it’s considerably larger. This increase in size is indicative of the processing power required for complex computing tasks e.g. video editing, engineering programs and state of the art graphics software.

But what exactly can Intel add to the current workstation landscape?

The Power of Knights Landing

Knights-Landing

Knights Landing will be able to take on huge workloads that a standard PC would barely struggle to get to grips with before grinding to a halt. It can achieve this because the Knights Landing processor is capable of producing over 3 teraflops of performance power.

Knights Landing – comprised of standard x86 processors and new, specially designed processors – will bring a huge 16GB of MCDRAM memory which will boost your applications’ performance in a way you didn’t know possible. In fact, this memory will deliver nearly five times more bandwidth than DDR4 memory which is currently considered state of the art.

These figures, of course, sound very impressive, but what will they bring to the market?

What Will Knights Landing Do?

Knights_Landing

Scientific researchers need to carry out fiendishly complex calculations to aid their research, but the computing power required to process these sums is exceptionally high. So that’s why the scientific community will be Knights Landing’s first port of call.

Currently, these scientists would need access to a Xeon Phi supercomputer to even write and test their calculations. However, the advent of Knights Landing presents an opportunity for scientists to tinker with their code on PCs before running it on a supercomputer. This will free up resource heavy supercomputers purely for the high-end number crunching.

But working out these calculations is only the tip of the iceberg. Knights Landing’s raw power will help bring high performance computing to the masses. Graphic designers and video editors will suddenly find that they have the power to deal with big data. This will transform small businesses and freelancers’ output and capabilities to a level previously considered unthinkable.

When Should You Purchase a Knights Landing Workstation?

Costs and availability of a Knights Landing workstation are going to seriously affect whether you can purchase one anytime soon. It’s currently seen more as a tentative step into this new frontier of computing rather than a product for the masses.

However, over time, it’s highly likely that this technology will become more available and affordable for consumers. It, therefore, remains a viable game changer to businesses who work with high-end data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Hidden Dangers of the GlassRAT Trojan

Security, Uncategorized, ,
13
Jan 2016

glassrat trojan

We all know that trojan viruses are the masters of stealth when infecting systems, but the GlassRAT Trojan may just be the stealthiest trojan yet.

We’re constantly advised to be on our guard against ‘zero day vulnerabilities’ which are brand new viruses that attack software before the vendor is aware of a breach. However, what many of us aren’t aware of is the threat of zero detection malware threats.

In the case of the GlassRAT Trojan, it’s been stealthily operating since 2012, so that’s over three years of security carnage it’s been able to quietly carry out. Obviously, this new form of security threat is something you need to be aware of, so let’s take a look at it.

What is GlassRAT?

The GlassRAT Trojan appears to be undetectable by most antivirus programs and this is due to it being signed with a seemingly legit digital certificate. However, the digital certificate is far from legit as it looks as though it’s been ‘borrowed’ from a separate Chinese software company.

The Trojan seems to have been targeting Chinese nationals working at multinational companies and infiltrates security systems with its digital certificate. The ‘dropper’, which delivers the Trojan via a fake Flash installation, erases itself from the system once it has installed its malware.

The malware is then clever enough to avoid detection by standard security scans and proceeds to carry out the following cybercrimes:

  • Transfer unauthorized files
  • Steal data
  • Transmit information about the victim’s system

Given that GlassRAT has been operating for three years without trace it represents a significant threat to data security.

Who’s Behind  the GlassRAT Trojan?

It’s suspected that GlassRAT originated in China due to its targeting of Chinese nationals and the stolen Chinese digital certificate, but this is purely speculation at present and, perhaps, seems a little too obvious.

From the limited information available, it may be possible to link the GlassRAT activities with previous malware attacks. Previous cyber-attacks on Mongolian and Philippine authorities used two domains which are also connected with GlassRAT, so investigations continue to look into this as a possibility.

However, at present, the creators of GlassRAT are still at large and it’s fair to say they have had plenty of time to cover their tracks.

How Do You Combat Threats Such as GlassRAT?

18312140_l

The enigmatic nature of the GlassRAT trojan certainly makes it a difficult beast to protect against. However, businesses can help their security efforts by ensuring they follow basic security procedures such as:

  • Monitoring all incoming files
  • Training staff on the dangers of unknown attachments.

Although GlassRAT is very difficult to detect, it’s not impossible. By arranging detailed network forensics to be carried out on your systems, zero detection malware threats can be uncovered. This approach will highlight any suspicious activity to identify any particularly deceptive malware.

The question, though, that remains is: just what else is stealthily lurking on our systems and putting vast quantities of data at risk?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 86 87 88 89 90 123